Dir ERM & IT Int Audit

Medica is a nonprofit health plan with more than a million members that serves communities in Minnesota, Nebraska, Wisconsin, Missouri, and beyond. We deliver personalized health care experiences and partner closely with providers to ensure members are genuinely cared for.

Were a team that owns our work with accountability, makes data-driven decisions, embraces continuous learning, and celebrates collaboration - because success is a team sport. Its our mission to be there in the moments that matter most for our members and employees. Join us in creating a community of connected care, where coordinated, quality service is the norm and every member feels valued.

The Director, Enterprise Risk Management & IT Internal Audit is responsible for the leadership, innovation, and strategic development of the organization's ERM and IT Internal Audit programs. Leads a coordinated, enterprise‑wide risk management function that identifies, assesses, mitigates, and monitors strategic, operational, financial, regulatory, and reputational risks to ensure compliance, protect members and assets, and support informed decision‑making aligned with organizational objectives.

Provides independent assurance over technology risk, cybersecurity, and IT controls. This dual‑accountability role strengthens alignment between enterprise risks, technology risks, and governance

The Director serves as a key advisor to executive leadership and the Audit Committee of the Board of Directors, providing clear, actionable insight into enterprise, operational, financial, regulatory, and technology risks. This role also supports the organization's Own Risk and Solvency Assessment (ORSA) and broader risk governance framework. Performs other duties as assigned.

Key Accountabilities

• IT Audit Strategy

• Provide leadership and oversight for IT Internal Audit activities, ensuring independent assurance over technology risks and IT control environments

• Assessment and Planning

• Leads development and execution of risk-based IT audits that align with enterprise risk assessment and overall Internal Audit plan

• ERM Strategy

• Design, implement, and coordinate the enterprise-wide risk management framework and processes for the organization

• This includes assisting with the ongoing development and implementation of the enterprise risk universe, the enterprise risk profile, and the organization's risk appetite statement

• Regulatory Reporting

• Lead and coordinate the annual processes to support the organizations Own Risk and Solvency Assessment (ORSA)

• This primarily includes responsibility for completing and collaborating with various business areas to complete the report

• ERM Program Maturity

• Collaborate with management in developing mitigation plans to manage high priority risks as well as to establish, communicate, and enforce the organization's risk appetite statements, thereby creating accountability for risks within the business

• Work with management to integrate risk management techniques into the organization's strategic and operational processes and monitor and report on risk response plan actions put in place by management to mitigate identified risk

• Guide and assist executive leadership in the identification, evaluation, understanding, management, and communication of significant business risks

• Provide clarity and focus through cross-functional collaboration in a matrixed organization to risk identification and risk response expectation

• Organizational Communication & Alignment

• Clearly present and explain complex information in both verbal and written form to diverse audiences, including executive-level leadership and the Audit Committee

• These responsibilities include the preparation and presentation of ERM or IT Audit updates to executive leadership, the Audit Committee, and the Board of Trustees

• Establish and maintain key relationships throughout the organization as a means of obtaining information needed to perform duties and provide audit and risk and related recommendations and corrective action plans as requested by senior leadership, the Audit Committee of the Board, or the internal audit government

• Leadership

• Leads, mentors, and develops ERM and IT audit staff and/or co-sourced audit partners ensuring high quality audit execution

Required Qualifications

• Bachelors degree or equivalent work experience in a related field (Masters degree preferred)
• 10+ years of related professional experience, with 3+ years of management experience, project lead, or team lead experience.

Required Certifications/Licensures

• Certified Public Accountant (CPA), CISA (Certified Information Systems Auditor), Certified Internal Auditor (CIA), Certification in Risk Management Assurance (CRMA), or related designation

Preferred Qualifications

• 5 years of experience in Health Care
• Experience in enterprise risk management and internal audit, with an emphasis on performing IT audits, fraud risk projects, management- or related experience, preferably with a health plan
• Ability to influence leadership through clear presentation and communication of complex information
• Possesses proficient knowledge of ERM principles and methodologies
• Working knowledge of recognized frameworks (e.g., NIST, COBIT, ISO) and applicable regulatory requirements
• Strong organizational skills, problem-solving skills, project management skills, and the ability to adapt to a changing environment and work independently
• Excellent interpersonal and leadership qualities
• Ability to collaborate effectively using a broad range of influence styles to drive desired results
• Business expertise and interpersonal leadership skills to effectively work through sensitive and/or complex situations throughout the organization to influence change
• Ability to organize, lead, and motivate ad-hoc teams to drive toward completion of high-quality deliverables

This position is an Office role, which requires an employee to work onsite at our Minnetonka, MN office, on average, 3 days per week.

The full salary grade for this position is $130,300 - $223,400. While the full salary grade is provided, the typical hiring salary range for this role is expected to be between $130,300 - $195,510. Annual salary range placement will depend on a variety of factors including, but not limited to, education, work experience, applicable certifications and/or licensure, the positions scope and responsibility, internal pay equity and external market salary data.  In addition to base compensation, this position may be eligible for incentive plan compensation in addition to base salary. Medica offers a generous total rewards package that includes competitive medical, dental, vision, PTO, Holidays, paid volunteer time off, 401K contributions, caregiver services and many other benefits to support our employees.

The compensation and benefits information is provided as of the date of this posting. Medica's compensation and benefits are subject to change at any time, with or without notice, subject to applicable law.

Eligibility to work in the US: Medica does not offer work visa sponsorship for this role. All candidates must be legally authorized to work in the United States at the time of application. Employment is contingent on verification of identity and eligibility to work in the United States.

We are an Equal Opportunity employer, where all qualified candidates receive consideration for employment indiscriminate of race, religion, ethnicity, national origin, citizenship, gender, gender identity, sexual orientation, age, veteran status, disability, genetic information, or any other protected characteristic.