Live chat
Express Scripts Holding Company

Director, Controls Surveillance - IRM

Express Scripts Holding Company - Saint Louis, MO

Director, Controls Surveillance - IRM

Show me jobs like this one

Job Ref:



Express Scripts


St. Louis


Missouri (MO)

Position type:



Advance your career with the company that makes it easier for people to choose better health. Express Scripts is a leading healthcare company serving tens of millions of consumers. We are looking for individuals who are passionate, creative and committed to creating systems and service solutions that promote better health outcomes. Join the company that Fortune magazine ranked as one of the Most Admired Companies in the pharmacy category. Then, use your intelligence, creativity, integrity and hard work to help us enhance our products and services. We offer a highly competitive base salary and a comprehensive benefits program, including medical, prescription drug, dental, vision, 401(k) with company match, life insurance, paid time off, tuition assistance and an employee stock purchase plan. Express Scripts is committed to hiring and retaining a diverse workforce. We are an Equal Opportunity Employer, making decisions without regard to race, color, religion, sex, national origin, age, veteran status, disability, or any other protected class. Applicants must be able to pass a drug test and background investigation. Express Scripts is a VEVRAA Federal Contractor.


Information Security prioritizes the protection and security of all client, patient and company information and data. They do this by proactively identifying the sophisticated landscape of threat actors and environmental risks associated with unauthorized access and service disruptions. This vital group focuses on preserving system reliability and business continuity, protecting the strong brand Express Scripts has in the marketplace, and maximizing the company's defenses against external and internal threats.


The Controls Surveillance Director leads a team committed to validating the effectiveness of the various IT Control frameworks within ESI and its subsidiaries. These frameworks include; Sarbanes-Oxley (SOX), Statement on Standards for Attestation Engagements 16 (SSAE 16), Payment Card Industry Data Security Standards (PCI), Health Information Portability and Accountability Act (HIPAA), Health Information Trust Alliance (HITRUST) CSF, and various other voluntary and mandatory requirements. This position will lead the team responsible for the planning, execution and communication related to the identification and remediation of various IT Control deficiencies. The Controls Surveillance team partners with other ESI compliance teams, the Information Risk Officers, IT, internal audit, business teams and external auditors to deliver solutions that manage risk for the entire enterprise. The Controls Surveillance Director, partnering closely with the Information Risk Officers, must also develop a compliance strategy so accountable control stakeholders are identified, educated, and prepared for their compliance obligations. ESSENTIAL FUNCTIONS

Accountable for the successful and timely completion of all Control Surveillance team activities

Responsible for the coordination, communication, scoping, execution and reporting of all pre-audit testing of ITGC's

Developing concise and meaningful weekly / monthly risk scorecards and project summaries for management and operations teams

Frequent management briefings across IT and business

Mentors and manages the other members in the Controls Surveillance team to develop their security, audit, and technical skills

Establishment of IT Controls baseline and reporting standards

Drive the scoping activities for each Control Surveillance audit

Collaborate with partners in security, IT, compliance, the business, internal audit and external auditors to determine audit scope and identify key controls that best balance the concerns of compliance and costs

Perform control reviews, conduct risk based analysis of gaps and oversee remediation activities

Performs risk assessments and security assessments of internal control processes against established standards and best practices.

Perform compliance assessments for internal business and IT projects to ensure compliance requirements are met.

Contribute in establishing policies and procedures necessary to ensure we meet our compliance requirements

Assists project teams in the implementation of security measures to meet corporate security policies, manage risk, and external regulations, e.g., Sarbanes Oxley, HIPAA.

Weigh business needs against compliance concerns and articulate issues and options to management

Active participation in strategic initiatives in accordance to the Information Risk Management group roadmaps


10 years of compliance or audit experience, including experience in audit or compliance for IT in at least three of the areas below Sarbanes-Oxley Act (SOX)

Health Insurance Portability and Accountability Act (HIPAA)

Statement of Standards for Attestation Engagements 16 (SSAE 16)

Payment Card Industry Data Security Standards (PCI)

Electronic Prescriptions for Controlled Substances (EPCS)


Audit program management experience

Experience as the lead for compliance and audit activities including direct management of the relationship with the external auditor

Knowledge of generally accepted Information Security controls (e.g. NIST 800-53, ISO 27001/27002)

Bachelor's degree in accounting, computer science, MIS, or equivalent work experience

Excellent organizational skills and ability to communicate with internal/external entities and executives

Effective leadership skills, demonstrated ability to coordinate people and teams to project/activity completion and the ability to work in a team environment, sharing workloads and responsibilities Bachelor's degree in Information Systems or related field

Big 4 experience preferred.

5 years experience as an IT or security practitioner in any of the following domains: General IT Security

Network Security

Application Security

6 days 11 hours ago

Express Scripts Holding Company


Director, Controls Surveillance - IRM Express Scripts Holding Company - Saint Louis, MO, United States


Location: Saint Louis, MO

Company Profile:
Abbott Diabetes Care communicated a recall of certain FreeStyle® strips used in the FreeStyle® Blood Glucose Meter built into the OmniPod Personal Diabetes Manager (PDM). They have also recalled the FreeStyle Flash® Meter and FreeStyle® Classic meters. Both recalls are being issued because glucose level readings using these products may provide erroneously low results which if not recognized may pose significant risks to your health.