Life in Pittsburgh
RemoteFull-Time

Program Director, Enterprise Risk Management

UPMC

Pittsburgh, PAPosted April 21, 2026via UPMC Careers

UPMC is hiring a strategic and collaborative Program Director, Enterprise Risk Management. Apply today! 

This position will be based out of Pittsburgh, PA and will have the potential to work from home on a hybrid schedule which includes some days at home and some days in office per week. 

Responsibilities: 

Enterprise Risk Framework & Governance

  • Manage and continuously enhance the organization's ERM framework aligned with leading practices (e.g., COSO ERM, ISO 31000, ASHRM), tailored to healthcare, insurance, clinical, and commercial business models.

  • Support ERM governance structures, including executive risk committees and leadership-level reporting processes.

  • Coordinate alignment with other risk structures and functions across the organization.

  • Facilitate periodic review of risk appetite, risk tolerance, and key risk indicators in collaboration with executive leadership.

Risk Identification & Assessment

  • Lead and facilitate enterprise-level and targeted risk assessments across clinical, operational, financial, regulatory, technology, cybersecurity, third-party, international, and emerging business areas.

  • Partner with leaders of international and startup commercial entities to identify growth, regulatory, market entry, and execution risks.

  • Identify interdependencies, concentrations, and enterprise-wide risk themes and escalate emerging risks as appropriate.

Risk Response & Monitoring

  • Collaborate with risk owners to develop practical, well-defined risk response plans (mitigation, transfer, acceptance, or avoidance) with clear ownership and milestones.

  • Monitor progress against risk response plans and escalate overdue, ineffective, or misaligned actions.

  • Support scenario analysis and stress testing for high-impact strategic and emerging risks.

Reporting & Executive Communication

  • Prepare concise, insightful ERM reporting for executive leadership, including dashboards, heat maps, trend analysis, and deep-dive risk profiles.

  • Translate complex risk information into clear, decision-oriented messaging tailored to senior leadership audiences.

  • Support regulatory, accreditation, and external stakeholder inquiries related to enterprise risk practices.


Integration & Advisory Support

  • Integrate ERM into strategic planning, capital allocation, new initiatives, mergers and acquisitions, and international expansion activities.

  • Partner with Internal Audit to align ERM insights with audit planning and coverage, while preserving independence.

  • Serve as a trusted advisor to leadership on emerging risks, risk tradeoffs, and risk-informed decision-making.

Culture & Capability Building

  • Promote a strong risk culture by reinforcing risk ownership, accountability, and shared responsibility across the organization.

  • Develop ERM tools, templates, training materials, and guidance to support consistent practices across diverse business units.

  • Mentor analysts, staff, or senior staff supporting ERM activities, as applicable.

  • Performs in accordance with system-wide competencies/behaviors.

  • Performs other duties as assigned.

  • Bachelor's degree in Healthcare Administration, Business, Finance, Accounting, Risk Management, Public Health, or a related field.
  • Eight years of progressive experience in ERM, Internal Audit, Compliance, Risk Management, Strategy, or a related discipline within healthcare, insurance, life sciences, or similarly regulated industries.
  • Demonstrated experience facilitating risk or strategic assessments and engaging senior leaders and cross-functional teams.
  • Strong understanding of healthcare regulatory environments, payer-provider models, data privacy, and third-party risk.
  • Professional certifications such as CRMA, CERM, PMP, PMO-CP, MPM, or equivalent.
  • Experience supporting clinical operations, health insurance programs, international operations, and/or early-stage or startup businesses.
  • Familiarity with technology, cybersecurity, and data governance risk concepts.
  • Strategic Thinking; Executive Presence; Analytical Rigor; Communication Excellence; Collaboration & Influence; Adaptability.
  • Quality, clarity, and usefulness of ERM reporting to executive leadership.
  • Timely identification and escalation of emerging and enterprise risks.
  • Effective execution and follow-through of risk response plans.
  • Increased integration of risk considerations into strategic and operational decisions.
  • Continued maturation of the ERM program and risk culture.
Apply on UPMC Careers