RemoteFull-Time

Manager, Enterprise Risk Management

UPMC

Pittsburgh, PA$98.3k – $169.8k/yrPosted July 6, 2026via UPMC Careers

UPMC is hiring a strategic and collaborative Manager, Enterprise Risk Management. Apply today! 

This position will be based out of Pittsburgh, PA and will have the potential to work from home on a hybrid schedule which includes some days at home and some days in office per week. 

Responsibilities: 

Enterprise Risk Framework & Governance
• Support execution of UPMC's ERM framework aligned with leading practices, such as COSO ERM, and tailored to a complex, integrated payer-provider health system.
• Support ERM governance processes, including executive risk workgroups, leadership-level reporting, and preparation of materials for senior leadership forums.
• Coordinate alignment with risk owners and other risk-related functions across the organization to promote consistent risk communication and follow-up.
• Contribute to the development and use of enterprise risk indicators, risk themes, and related monitoring approaches in collaboration with executive leadership and risk owners.
Risk Identification & Assessment
• Facilitate enterprise-level risk assessment activities with executive leadership and cross-functional risk owners.
• Identify cross-functional risks, interdependencies, concentrations, and emerging enterprise-wide themes.
• Translate risk assessment inputs into a clear and actionable enterprise risk profile that supports executive-level prioritization and decision-making.
Risk Response & Monitoring
• Partner with risk owners to monitor risk response strategies, track progress, and synthesize updates across business areas.
• Maintain a clear distinction between ERM coordination and operational ownership of risk response activities.
• Support forward-looking discussion of emerging risks, trends, and potential enterprise implications.

Reporting & Executive Communication
• Prepare concise, insightful ERM reporting for executive leadership, including quarterly updates that support Audit & Compliance Committee reporting.
• Translate complex risk information into clear, decision-oriented messaging tailored to senior leadership audiences.
• Support preparation for Executive ERM Steering Committee sessions, including meeting materials, discussion summaries, and follow-up items.
Integration & Advisory Support
• Serve as a connector across clinical, operational, financial, strategic, and corporate domains to support enterprise-level risk insight.
• Partner with Internal Audit to support alignment between ERM insights and audit planning, while preserving Internal Audit independence.
• Support risk-informed discussion and decision-making by helping leadership understand emerging risks, risk tradeoffs, and enterprise implications.
Culture & Capability Building
• Promote consistent ERM practices by reinforcing risk ownership, accountability, and shared responsibility across the organization.
• Contribute to ERM tools, templates, guidance, and communication materials that support consistent practices across diverse business areas.
• Provide guidance to analysts, staff, or other colleagues supporting ERM activities, as applicable.

*Performs in accordance with system-wide competencies/behaviors.

*Performs other duties as assigned.

• Bachelor's degree in Healthcare Administration, Business, Finance, Accounting, Risk Management, Public Health, or a related field; or equivalent experience.
• Minimum of five years of progressive experience, including experience in Enterprise Risk Management. Additional experience may include Risk Advisory / Consulting, Internal Audit, Compliance, Risk Management, Strategy, or a related discipline within complex organizations.
• Demonstrated experience supporting or facilitating enterprise risk management processes, including enterprise risk assessments, risk prioritization, risk reporting, risk governance activities, executive risk workshops, development of enterprise risk profiles, coordination with risk owners, preparation of risk dashboards, or tracking of risk response themes and updates.
• Candidates should have hands-on ERM experience beyond audit planning, compliance tracking, or control testing.
• Experience working within an enterprise risk management framework, such as COSO ERM.
• Strong ability to communicate risk insights to executive audiences with clarity, judgment, and discretion.
• Experience in healthcare, insurance, life sciences, or another highly regulated industry preferred.
• Experience in a consulting or professional services environment, related to ERM projects/engagements, strongly valued.
• Experience developing enterprise-level KRIs, risk metrics, dashboards, or executive-level reporting materials strongly valued.
• Familiarity with healthcare regulatory environments, payer-provider models, data privacy, technology, cybersecurity, third-party risk, and emerging risk concepts preferred.
• Professional certifications such as CRMA, CERM, PMP, or equivalent preferred

Feedback