CareFirst Careers

Third Party Risk Management Program Manager

This job posting is no longer active

Resp & Qualifications

PRINCIPAL ACCOUNTABILITIES include, but are not limited to, the following:

Under the direction of the Integrated Risk, Controls, and Audit Assurance Program Director, responsibilities include, but are not limited to:

Oversight, Planning and Execution of Third Party Assessments

  • Oversee, guide and mentor Third Party Risk staff in the completion of third party assessments.
  • Lead oversight of activities for planning and executing end-to-end third party assessments to ensure the adequacy of controls in place to safeguard the organization, including: identifying third party services and business owners; mapping services to business process taxonomy and systems inventory; documenting process flows and reconciling services performed to the contract; defining assessment scope and establishing a test plan; executing test plan and issuing an assessment report including remediation plans for issues identified; and driving remediation of issues identified, gathering evidence to support remediation, and reporting on progress of remediation through to completion. 
  • Manage use of co-source partner to facilitate third party assessments, including review of deliverables and ensuring consistency is maintained with established CareFirst methodology and requirements.
  • Facilitate self-directed assessments with third party accountable executives, including: identifying third party key stakeholders, services provided and related third party metadata (e.g., Areas of Risk, Partner Segment, Business Associate Agreement, Data Use Agreement); deliver awareness and training materials to management; facilitate assessment to identify awareness opportunities and risks for further review/assessment.
  • Maintain documentation in an organized and re-performable fashion, including leveraging the Governance Risk and Compliance (GRC) tool and repository (e.g. MetricStream and SharePoint).
  • Develop teamwork and synergies among staff personnel throughout the organization working closely with subject matter resources (SMRs), embedded compliance functions, and third party managers across the enterprise.

TPRM GRC Tool Maintenance

  • Throughout assessments, identify and maintain a repository of best practices and tools/accelerators related to Third Party Risk Management. 
  • Utilize expertise to identify evolving risks and threats pertaining to third parties and provide in-depth understanding of “if, how, and when” the risks/threats should be addressed.
  • Develop training and awareness materials to deliver to third party managers across the enterprise.
  • Lead training and awareness sessions to convey best practices, lessons learned, and pervasive issues identified as it pertains to third party risk management.

Support the Maturity of the Third Party Risk Management Program

  • Establish and maintain close working relationships with third party accountable executives and managers.
  • Identify third parties with access to sensitive customer data.
  • Map the relationships between third parties and internal business owners to identify internal stakeholders.
  • Refine internal framework for assessment including standardized measures which ensure internal standards for data protection, privacy, and access control are acceptable by internal requirements.
  • Evaluate and assess third party criticality and review changes in scale and scope of services contracted with third party for impact.
  • Confirm ongoing roles, responsibilities and persons involved with the third party.
  • Provide periodic reports to management and stakeholders.
  • Manage, monitor, and track third party compliance to the Third Party Risk Management Program; evaluate to execute recommendations for improvement where appropriate.
  • Lead continuous monitoring and improvement activities to assure continued refinement and compliance of third party risk management assessments and practices across the enterprise.
  • Be a catalyst for change, leading staff across the enterprise to welcome/accept change with minimum anxiety.
  • Maintain a high level of knowledge of technological changes, new technology, assessment issues, risk management best practices, third party modifications, and incorporate them into TPRM.
  • Provide consulting and advisory services, best practices and change leadership to drive continuous improvement to internal processes and controls.

Program Management, Leadership and Development

  • Manages the full project management life cycle and software development life cycle for the implementation of highly complex, large scale, strategic IT and Business initiatives.
  • Implements established policies, system monitors and controls to ensure the successful management and reporting of all initiatives in the Program.
  • Supervises and leads the program and project staff to oversee the impacts and interdependencies between programs and works to ensure initiatives meet the CareFirst goals and objectives of the executive leadership team.  Perceived by peers and staff as a leader.
  • Serves as subject matter resource, providing technical, business and analytical guidance to the program and project teams. 
  • Works with Technical and Business areas to provide support and coordination to ensure adoption of new systems and business processes in the CareFirst environment.
  • Manages contracts and vendors assigned to projects included in the assigned program(s).
  • Manages and directs multiple medium to large-scale projects that may not fit into a defined program.
  • Works on complex problems where analysis of situation or data requires an in-depth evaluation of various factors to achieve best results.
  • Exercises judgment within broadly defined policies and practices to develop corporate-wide methods and techniques.
  • Works effectively with internal and external clients, third party vendors, and Senior Management in accomplishing project objectives.
  • Evaluates complex situations accurately and identifies viable solutions that create successful outcomes for the customer.
  • Develops and maintains “lessons-learned” inputs in the project repository for utilization on future projects.
  • Collaborates with the finance department and various functional managers to ensure project budgets are properly estimated and controlled; provide overall financial recommendations, and develop controls and measurements to monitor progress.
  • Provides Finance with monthly accrual and forecasts by the due date established by Finance using the tools developed by Finance/PMO.
  • Maintains currents statements of work for all contractors; tracks and approves contractor invoices in a timely manner.
  • Provides regular updates to project sponsor and stakeholders on the status of the budget.  Documents reasons for budget excess or shortfall.
  • Resolves political, resource, budgeting, change, and legal issues affecting the program.
  • Acts as administrator to the GRC tool/repository maintained for assessment reports, findings, recommendations, evidence, tools, and accelerators.
  • Develops and trains staff for purposes of performing assessments, learning CareFirst processes and controls.
  • Responsible for leading staff in adequately performing assessments in accordance with TPRM methodology.
  • Maintains accountability for the accuracy of information maintained within the GRC tool/repository.
  • Maintains responsibility for timely escalation of concerns identified to the Third Party Risk Program Manager.

Staff Management

  • Supervises and leads a team of direct and indirect reports (associates; contractors; vendor staff) consisting of: Auditors, Project Management Staff (Sr. Project Managers, Project Managers, Project Controller/Coordinators), Budget Analysts, Contractor Staff and Vendor Staff. (Team size will vary by approved initiatives); IT and Business Directors, Managers, other program staff in a matrix model.
  • Supervises Vendors/Contractors based on project needs against a Contract and Statement of Work, against a set of deliverables and defined payment milestones.
  • Review staffing goals and expectations to ensure that each is consistent and adequate to meet departmental/divisional goals in support of overall company goals.
  • Sets high expectations of significant influence on other departments/divisions for all audit activities, risk assessments and process improvements to support control objectives with cross-functional impacts. 
  • Delegate responsibility and authority to appropriate staff within the team, regularly monitoring progress to ensure goals are met. 
  • Evaluate performance of each team member, generates development plans and sets goals within the context of the corporate policy.
  • Provided coaching, counseling and motivation to team members ensuring staff has the appropriate tools and training (establishes Performance Development Plans for staff).
  • Drive commitment and continuous personal improvement, self-confidence, insight, judgment, integrity, ethics, and responsiveness, timeliness, flexibility and adaptability.


Supervises and leads a team of direct and indirect reports consisting of (Team size will vary by approved initiatives):

Direct Reports: 3-5; comprised of CareFirst Associates (Audit Staff, Program/Project Managers, Technical delivery managers, Business Analysts, and other program staff), Interns and Contractors/Consultants.

Indirect reports: 10-15; Audit Staff, Program/Project Managers, Technical delivery managers, Business Analysts, and other program staff in a matrix model; External Audit firm teams, Contractors and Vendor Consultants based on project needs against a Contract and Statement of Work, against a set of deliverables and defined payment milestones.


Required: This position requires a BS/BA degree and a minimum of 8-10 years of experience, in a Third Party Management, Risk Management, Audit, or Legal services role.  Demonstrated ability to develop and manage multiple medium and large scale projects and priorities within acceptable timeline and budget constraints.   

Abilities/Skills: Candidate must be able to show ability to lead teams.  Candidate must possess expertise in vendor management, including knowledge of contractual language, service licensing agreements (SLAs), and statements of work (SOWs).  Candidate must have strong capabilities and experience in performing independent assessments, including compliance & legal reviews, contract reviews, testing controls, and developing & reviewing assessment reports.  Candidate must also have knowledge of third party management and assessment best practices and an ability to evaluate programs from a holistic point of view.  Candidate must possess considerable judgment, tact, initiative, accuracy and trustworthiness, as well as excellent interpersonal skills with ability to build consensus and agreement and bring resolution to contentious issues and entrenched interests.  Must be highly motivated, organized, and committed to professional development, with demonstrated progression and achievement.  Ability to work independently with minimal supervision is required, as well as ability to work effectively in a team-oriented atmosphere.  Candidate must have highly developed oral and written communication skills to effectively communicate risk management, vendor management, and business risks to a non-technical audience, as well as senior executives.  Candidate must adequately understand general project management skills relevant to performing assessment functions and responsibilities. 

Candidate must be able to effectively work in a fast paced environment with frequently changing priorities, deadlines and workloads that can be variable for extended periods of time.  Must be able to meet established deadlines and handle multiple customer service demands from internal and external customers, within set expectations for service excellence.  Must be able to effectively communicate and provide positive customer service to every internal and external customer, including customers who may be demanding or otherwise challenging.

Must be experienced and proficient with Word, advanced Excel and database management and related software applications; possess excellent oral and written communications; able to communicate and make presentation to all levels of management and associates at all levels throughout the Company.  Additional qualities are good analytical skills, time management skills, judgment and strong decision-making abilities.

Preferred: Experience with performing third party risk assessments.  Possess certification as a CPA, CIA, CISA, CISM or comparable certification; advanced degree (e.g., MBA, ML, LLM or JD); healthcare insurance industry experience.


Department: Budget, Sourcing & Assurance

Equal Employment Opportunity

CareFirst BlueCross BlueShield is an Equal Opportunity (EEO) employer.  It is the policy of the Company to provide equal employment opportunities to all qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veteran or disabled status, or genetic information.

Hire Range Disclaimer

Actual salary will be based on relevant job experience and work history.

Where To Apply

Please visit our website to apply:

Closing Date

Please apply before: 7/14/2018

Federal Disc/Physical Demand

Note:  The incumbent is required to immediately disclose any debarment, exclusion, or other event that makes him/her ineligible to perform work directly or indirectly on Federal health care programs.

The physical demands described here are representative of those that must be met by an employee to perform the essential duties and responsibilities of the position successfully.  Requirements may be modified to accommodate individuals with disabilities.

The employee is primarily seated while performing the duties of the position.  Occasional walking or standing is required.  The hands are regularly used to write, type, key and handle or feel small controls and objects.  The employee must frequently talk and hear.  Weights of up to 25 pounds are occasionally lifted.

Sponsorship in US

Must be eligible to work in the U.S. without Sponsorship

Learn more about Business Operations