Manager of IT Risk and Compliance

PharMerica Corporation is a premier institutional pharmacy services provider, dedicated to providing quality patient care and innovative pharmacy solutions to institutional customers and patients in long-term care settings. With nearly $2 billion in annual revenues, PharMerica is one of the nation's largest institutional pharmacy companies. PharMerica operates more than 100 institutional pharmacies in 45 states and serves nursing facilities that care for approximately 350,000 patients.




Senior level management in risk and compliance management. Has overall responsibility for department decisions and management. Provides strategic direction, coaches and mentors more junior management staff and/or senior level professionals. Has accountability for IT functional/departmental results related to policy implementation, compliance and audits. Actively participates on the Corporate Compliance Committee.


Essential Functions:

•             Leads, develops and maintains the IT risk and compliance management strategy.

•             Develops and maintains policy, standards, processes and procedures to assess, monitor, report, escalate and remediate IT risk and compliance related issues.

•             Works collaboratively with corporate compliance, internal auditing and corporate risk management and various technical teams in the design and implementation of audit, risk assessment and regulatory compliance practices for IT.

•             Leads cross-functional teams in performing reviews and tests of IT internal controls to ensure that existing IT systems are operating as designed and that they contain adequate controls.

•             Facilitates risk assessments and identifies risk themes. Proactively promotes enhancement of technology-related internal controls awareness and training across IT and business units.

•             Monitors and analyzes technology risk trends, recommends appropriate IT policies, procedures and practices to strengthen internal operations. Directs IT functional teams in the development, implementation, monitoring and reporting of control processes, documentation and compliance routines.

•             Advises IT and business executives on the status of technology risk and compliance issues based on assessment results and information from various monitoring and control systems. Educates IT and business executives on appropriate mitigation strategies and approaches.

•             Provides oversight regarding audit, regulatory and risk management activities across IT functional areas, such as the development and maintenance of regulatory documentation (e.g., Sarbanes-Oxley Act compliance). Coordinates the IT component of both internal and external audits, federal and state examinations. Possesses detailed knowledge of industry regulatory environment and risk management practices, and thorough understanding of local and federal regulations such as Sarbanes-Oxley, Basel II, and HIPAA.

•             Performs other tasks as assigned.

•             Conducts job responsibilities in accordance with the standards set out in the Company’s Code of Business Conduct and Ethics, its policies and procedures, the Corporate Compliance Agreement, applicable federal and state laws, and applicable professional standards.

•             To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed above are representative of the knowledge, skill, and/or ability required.  Each essential function is required, although reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.


Position Qualifications

•             Education/Learning Experience

             Required:  Bachelor's Degree.

             Desired: Bachelor's Degree in Computer Scienc, Information Systems, Security, or IT Risk Management.


•             Work Experience

             Required:  Minimum of 2 years of experience in Audit, IT Audit, Security, IT Risk Management or IT Compliance.

             Desired:  Prior exposure to, and experience with, SOX IT Audit, PCI, NIST CSF, HIPAA Security and Privacy regulations.


•             Skills/Knowledge

             Required: Strong technical, analytical and problem-solving skills.

             Desired:   Experience with GRC tools and policy / procedure development.

•             Licenses/Certifications 

             Desired:   Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), GIAC Critical Controls Certification (GCCC), or GIAC Security Essentials (GSEC).

•             Behavior Competencies

             Required:   Strong communication skills to effectively interact with internal and external partners on all levels to resolve issues and provide solutions in a timely manner.




Accelerate Your Career with PharMerica!

Full time
Tampa, FL 33601, US