Job Information
UPMC Program Director, Enterprise Risk Management in Pittsburgh, Pennsylvania
UPMC is hiring a
a {
text-decoration: none;
color: #464feb;
}
tr th, tr td {
border: 1px solid #e6e6e6;
}
tr th {
background-color: #f5f5f5;
}
strategic and collaborative Program Director, Enterprise Risk Management. Apply today!
This position will be based out of Pittsburgh, PA and will have the potential to work from home on a hybrid schedule which includes some days at home and some days in office per week.
Responsibilities:
Enterprise Risk Framework & Governance
Manage and continuously enhance the organization's ERM framework aligned with leading practices (e.g., COSO ERM, ISO 31000, ASHRM), tailored to healthcare, insurance, clinical, and commercial business models.
Support ERM governance structures, including executive risk committees and leadership-level reporting processes.
Coordinate alignment with other risk structures and functions across the organization.
Facilitate periodic review of risk appetite, risk tolerance, and key risk indicators in collaboration with executive leadership.
Risk Identification & Assessment
Lead and facilitate enterprise-level and targeted risk assessments across clinical, operational, financial, regulatory, technology, cybersecurity, third-party, international, and emerging business areas.
Partner with leaders of international and startup commercial entities to identify growth, regulatory, market entry, and execution risks.
Identify interdependencies, concentrations, and enterprise-wide risk themes and escalate emerging risks as appropriate.
Risk Response & Monitoring
Collaborate with risk owners to develop practical, well-defined risk response plans (mitigation, transfer, acceptance, or avoidance) with clear ownership and milestones.
Monitor progress against risk response plans and escalate overdue, ineffective, or misaligned actions.
Support scenario analysis and stress testing for high-impact strategic and emerging risks.
Reporting & Executive Communication
Prepare concise, insightful ERM reporting for executive leadership, including dashboards, heat maps, trend analysis, and deep-dive risk profiles.
Translate complex risk information into clear, decision-oriented messaging tailored to senior leadership audiences.
Support regulatory, accreditation, and external stakeholder inquiries related to enterprise risk practices.
Integration & Advisory Support
Integrate ERM into strategic planning, capital allocation, new initiatives, mergers and acquisitions, and international expansion activities.
Partner with Internal Audit to align ERM insights with audit planning and coverage, while preserving independence.
Serve as a trusted advisor to leadership on emerging risks, risk tradeoffs, and risk-informed decision-making.
Culture & Capability Building
Promote a strong risk culture by reinforcing risk ownership, accountability, and shared responsibility across the organization.
Develop ERM tools, templates, training materials, and guidance to support consistent practices across diverse business units.
Mentor analysts, staff, or senior staff supporting ERM activities, as applicable.
Performs in accordance with system-wide competencies/behaviors.
Performs other duties as assigned.
Bachelor's degree in Healthcare Administration, Business, Finance, Accounting, Risk Management, Public Health, or a related field.
Eight years of progressive experience in ERM, Internal Audit, Compliance, Risk Management, Strategy, or a related discipline within healthcare, insurance, life sciences, or similarly regulated industries.
Demonstrated experience facilitating risk or strategic assessments and engaging senior leaders and cross-functional teams.
Strong understanding of healthcare regulatory environments, payer-provider models, data privacy, and third-party risk.
Professional certifications such as CRMA, CERM, PMP, PMO-CP, MPM, or equivalent.
Experience supporting clinical operations, health insurance programs, international operations, and/or early-stage or startup businesses.
Familiarity with technology, cybersecurity, and data governance risk concepts.
Strategic Thinking; Executive Presence; Analytical Rigor; Communication Excellence; Collaboration & Influence; Adaptability.
Quality, clarity, and usefulness of ERM reporting to executive leadership.
Timely identification and escalation of emerging and enterprise risks.
Effective execution and follow-through of risk response plans.
Increased integration of risk considerations into strategic and operational decisions.
Continued maturation of the ERM program and risk culture.