Manager, Risk (IT)

Posting Date

Manager, Risk (IT)

At DaVita, we find that our best leaders are those who create an inspiring vision for the future and empowers their team to achieve success. They have always enjoyed tackling difficult problems and believe that the best way to solve them is through collaborative, team efforts. They take ownership of results and instill accountability in those they lead. They are driven, strong communicators, relationship builders, and find real fulfillment in challenging work.
Here's what you can expect as a IT Risk Manager at DaVita:

Role Overview
The Manager, IT Risk reports to the Director of IT Risk & Audit and helps protect DaVita’s patients, teammates, and the Village by identifying, managing, and driving remediation of technology risk. This role leads a team of analysts responsible for third‑party/vendor risk assessments, formal exception management, HIPAA‑focused enterprise risk assessments, and continuous monitoring of vendor partners.

This role balances strong risk governance with practical business enablement, ensuring risks are clearly understood, ownership is defined, and remediation is achievable and timely.

Key Responsibilities

Team Leadership & Development

• Lead, coach, and develop a team of IT Risk Analysts; set clear expectations and manage workload, prioritization, and quality.

• Foster a collaborative, accountable team culture focused on outcomes and continuous improvement.

• Establish and maintain standard playbooks, templates, and quality practices.

Third‑Party Risk Management

• Oversee the end‑to‑end third‑party risk assessment lifecycle for technology vendors.

• Ensure assessments appropriately address cloud services, AI‑enabled solutions, and emerging technology risks.

• Partner with Procurement, Legal, Privacy, and Information Security to align risk expectations with onboarding, renewals, and contracting.

• Communicate risk findings clearly to support informed business decisions.

Exception Management

• Own the formal exception process for security policy and standards violations.

• Evaluate risk, document compensating controls, manage approvals, track expirations, and drive remediation.

• Maintain transparency and escalation for aged or high‑risk exceptions.

Enterprise Risk Assessments (HIPAA)

• Conduct and oversee enterprise risk assessments related to HIPAA control gaps or failures.

• Document clear risk statements, assess likelihood and impact, and map findings to appropriate frameworks

• Partner with Privacy, Compliance, and IT Audit teams to ensure patient data protection remains central to risk decisions.

Continuous Monitoring

• Run a continuous monitoring program to identify changes in vendor risk posture, including incidents and control changes.

• Define monitoring tiers and response triggers aligned to vendor criticality.

• Translate monitoring signals into actionable risk decisions and follow‑up.

Risk Tracking, Reporting & Governance

• Maintain risk registers, remediation trackers, and exception metrics.

• Drive clear ownership and accountability for remediation across IT and business partners.

• Prepare concise, executive‑ready reporting on key risks, trends, and decisions.

• Apply HIPAA, ISO, and NIST principles in practical, business‑aligned ways.

• Support internal and external audits and help reduce repeat findings.

Process Improvement & Tooling

• Continuously improve intake, assessment, exception, and monitoring processes.

• Leverage cloud and AI tools thoughtfully to improve efficiency and insight.

• Identify opportunities to simplify, automate, and scale risk processes.

Required Qualifications

• 5+ years of experience in IT security, IT risk management, compliance, audit, or a related field.

• Experience leading people or complex risk workstreams.

• Hands‑on experience with third‑party/vendor risk assessments and exception management.

• Working knowledge of HIPAA, ISO, and NIST frameworks.

• Strong ability to translate technical risk into clear, business‑relevant recommendations.

• Demonstrated ability to drive risk remediation through partnership and accountability.

Preferred Qualifications

• Healthcare industry experience (preferred, not required).

• Experience assessing cloud environments and cloud service providers.

• Familiarity with AI‑related risks and third‑party AI services.

• Experience with GRC or vendor risk management tooling.

What Success Looks Like at DaVita

• Risks are identified early and addressed with practical solutions.

• Vendors understand DaVita’s expectations and partner effectively on remediation.

• Exceptions are intentional, time‑bound, and actively managed.

• Teammates feel supported, engaged, and connected to DaVita’s mission.

• Leadership receives clear, decision‑ready risk insights.

Reporting Relationship

• Reports to: Director, IT Risk & Audit

• Partners with: Information Security, Privacy, Compliance, Internal Audit, Procurement, Legal, IT, and business leaders across the Village

Here is what you can expect when you join our Village:

• A "community first, company second" culture based on Core Values that really matter.

• Clinical outcomes consistently ranked above the national average.

• Award-winning education and training across multiple career paths to help you reach your potential.

• Performance-based rewards based on stellar individual and team contributions.

• A comprehensive benefits package designed to enhance your health, your financial well-being and your future.

• Dedication, above all, to caring for patients suffering from chronic kidney failure across the nation.

Join us as we pursue our vision "To Build the Greatest Healthcare Community the World has Ever Seen."
Why wait? Explore a career with DaVita today.
Go to http://careers.davita.com to learn more or apply.

What We’ll Provide:

More than just pay, our DaVita Rewards package connects teammates to what matters most. Teammates are eligible to begin receiving benefits on the first day of the month following or coinciding with one month of continuous employment. Below are some of our benefit offerings.

• Comprehensive benefits: Medical, dental, vision, 401(k) match, paid time off, PTO cash out

• Support for you and your family: Family resources, EAP counseling sessions, access Headspace®, backup child and elder care, maternity/paternity leave and more

• Professional development programs: DaVita offers a variety of programs to help strong performers grow within their career and also offers on-demand virtual leadership and development courses through DaVita’s online training platform StarLearning.

#LI-SM5

At DaVita, we strive to be a community first and a company second.  We want all teammates to experience DaVita as "a place where I belong."  Our goal is to embed belonging into everything we do in our Village, so that it becomes part of who we are. We are proud to be an equal opportunity workplace and comply with state and federal affirmative action requirements. Individuals are recruited, hired, assigned and promoted without regard to race, national origin, religion, age, color, sex, sexual orientation, gender identity, disability, protected veteran status, or any other protected characteristic.

This position will be open for a minimum of three days.

Compensation for the role will depend on a number of factors, including a candidate’s qualifications, skills, competencies and experience. DaVita offers a competitive total rewards package, which includes a 401k match, healthcare coverage and a broad range of other benefits. Learn more at https://careers.davita.com/benefits  

Colorado Residents: Please do not respond to any questions in this initial application that may seek age-identifying information such as age, date of birth, or dates of school attendance or graduation. You may also redact this information from any materials you submit during the application process.  You will not be penalized for redacting or removing this information.