CareFirst Careers

Compliance and Control Manager (Federal Employee Program)

This job posting is no longer active

Resp & Qualifications

PRINCIPAL ACCOUNTABILITIES: Under the direction of the Director, Quality Management and Standards the principle duties and responsibilities include, but are not limited to, the following:
Evolve, maintain, monitor and report on progress towards a comprehensive road map with goals and objectives, which outlines the compliance activities for the next three to five years. Sponsor and champion compliance projects required by the roadmap, providing direction; defining scope; approving plans, schedule and budget expenditures within the context of what was approved by executive leadership and BCBSA; and working to eliminate organizational barriers. Ensure that all FEPOC resources are effectively utilized and involved in all aspects of the internal effort. Lead all day-to-day privacy regulatory compliance accountabilities, including development and implementation of all administrative, technical and physical processes and controls. Monitor HIPAA, HITECH and related regulations within the law and its impact on the Federal Employee Program and as it interfaces with the FEP Director's Office, OPM, BCBSA, and CareFirst. Recommend and draft policy and organizational SOPs, for executive approval, to align the control environment of the organization with changing regulations. Oversee the notification, analysis, risk assessment and coordination with external parties for member notification of breaches. Respond to internal and external inquiries pertaining to transaction issues, privacy data requests, and other regulatory questions. Oversee direct and matrixed staff for the change control activities resulting from each of the gap analysis exercises, from translation to privacy. Maintain a database of regulatory requirements and status of compliance that is auditable and traceable. Develop and Participate in training and education regarding HIPAA throughout FEPOC and as it interfaces with the Federal Employee Program, the Director's Office, OPM, BCBSA, and CareFirst. Serve as the compliance and privacy representative on the corporate committees as necessary
Evolve, manage and oversee an internal control risk management framework and assessment process that results in "no surprises" in independent audits and enhances operational efficiency and production quality throughout the functional areas or organization. Work with department manager to craft action plans to close gaps. Monitor and report at an organizational level on enterprise-related risks, an internal control scorecard, significant audit finding outcomes, and summary action plan milestones. Manage and oversee external and internal audits, range from 15 - 20annually to ensure that appropriate staff are fully aware of objectives and that they can produce and maintain suitable records, reports, and files which adequately document planning, execution, and reporting for all relevant activities pertaining to the focus of the audits and regulations, including documentation and storage of policies and procedures. This will include the selection, development and maintenance of an internal audit tool, risk assessment, master audit plan (schedules, financial, resource hours and costs). Prepare status reports and communicate to management and executive committees as requested. Prepare audit work papers, reports, and presentations as requested. Ensure audit conclusions, findings and recommendations for improvement or corrective action are appropriately presented to management staff for review, and verify that all findings are accurate, complete and objective. Create, implement and serve as a change agent at the appropriate organizational levels to identify, quantify, assess and mitigate organizational risk using standard frameworks. Create and deliver an education agenda, using various methods and tools to actively track and manage organizational risk in a structured overt manner.
Evolve, manage and oversee corporate governance framework, instituting and executing on an appropriate roadmap. Establish and maintain a subsidiary-level governance process that enable appropriate decision-making authority and minimizes operational and corporate risks. Institute and monitor delegations of authority, segregation of duties and process management programs to ensure governance control effectiveness. Lead ad-hoc and formal advisory groups to ensure appropriate multi-disciplinary support on governance practices. Develop education, metrics and dashboards that support governance evolution and decision-making authorities.
Evaluates performance of each team member, generates development plans and sets goals within the context of the corporate policy. Must also motivate, coach, counsel and develop team members within the context of the corporate policies and manages the team's budget. Ensures that staff has appropriate tools and training.
SUPERVISORY RESPONSIBILITY: Responsible for the direct supervision of staff
Minimum Qualifications:
Required: This position requires a Bachelor’s degree in Law, Business Administration, Management Sciences, Information Systems, Compliance, Risk Management or other relevant area of study, and/or 10+ years of progressively responsible corporate and management experience audit coordination, privacy and/or security control, risk management and governance experience.
The candidate should possess relevant certifications that support this role, specifically privacy, security, governance, and/or risk. Must be able to synthesize complex systems and audit information into a format easily and completely understood by a diverse audience. Individual must have expertise knowledge of federal healthcare privacy and security (e.g. HIPAA, HITECH) regulations, the federal privacy and security regulatory process and business operations and system controls. Should possess SOC-1, SOC-2, NIST and/or HITRUST experience.
Abilities/Skills: Incumbent must have excellent interpersonal skills, and an ability to communicate at all levels of the company. Individual must demonstrate ability to focus on details, creative problem solving, and juggling multiple priorities. Must demonstrate leadership skills, business perspective; excellent oral and written communication and presentation skills, facilitation skills and business process assessment techniques. Must have the ability to identify and assess process controls and risks and influence outcomes and decision-making. Must be able to teach, develop, and motivate associates.At least 5 years of management experience, including proven expertise in scope management and multi-team leadership.

Preferred: Master's degree in related field, prior project management experience. Certifications in one or more of the following or comparable CISM, CHP, CISSP, CRISC, GRCP, or CIPP.



Department: Compliance

Equal Employment Opportunity

CareFirst BlueCross BlueShield is an Equal Opportunity (EEO) employer.  It is the policy of the Company to provide equal employment opportunities to all qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veteran or disabled status, or genetic information.

Hire Range Disclaimer

Actual salary will be based on relevant job experience and work history.

Where To Apply

Please visit our website to apply:

Closing Date

Please apply before: 7/7/2018

Federal Disc/Physical Demand

Note: The incumbent is required to immediately disclose any debarment, exclusion, or other event that makes him/her ineligible to perform work directly or indirectly on Federal health care programs.


The associate is primarily seated while performing the duties of the position.  Occasional walking or standing is required.  The hands are regularly used to write, type, key and handle or feel small controls and objects.  The associate must frequently talk and hear.  Weights up to 25 pounds are occasionally lifted.

Sponsorship in US

Must be eligible to work in the U.S. without Sponsorship

Learn more about Business Operations