CareFirst Careers

Compliance and Risk Program Director

Resp & Qualifications

The Director, Integrated Compliance and Risk Management is responsible for overall leadership of the Federal Employee Program Operations Center (FEPOC) Integrated Compliance and Risk Management program, including Risk Management, Compliance and Controls Management.  As a senior member of the FEPOC leadership team, incumbent will provide strategic direction and leadership for establishing and maturing key functions critical to the success of the overall FEPOC organization.  FEPOC is comprised of highly complex, large scale, corporate programs comprised of multiple IT strategic and infrastructure projects, all of which have a significant regulatory, legal and/or compliance impact to the Federal Employee Program; the Director is accountable to identify and mitigate risks, manage data safeguards to ensure they meet privacy and security regulations, ensure compliance with laws, regulatory and audit frameworks, and ensure remediation of issues. This requires strong collaboration with Leadership as well as Legal, Audit, BCBSA Directors Office, CareFirst Corporate, and other enterprise partners to ensure well-managed operations.

Compliance and Controls Management
• Improve Compliance and Controls disciplines, awareness and practices throughout the organization
• Privacy and Security regulatory compliance
• Compliance and fraud/conflict investigations
• Vendor Compliance
• Internal and external audit oversight
• Improved audit evidence repository and processes
• Maintain industry current knowledge of relevant compliance frameworks (e.g. HIPAA/HITECH, SOC 1, SOC 2, HITRUST, NIST)

Risk Management
• Third party risk management
• Establish an organizational integrated risk framework
• Risk assessment framework
• Establishment of a risk mitigation knowledge repository
• Establish risk governance framework
• Ensure business decisions and activities fall within the risk appetite of the FEPOC, and that internal controls are in place and functioning effectively to support management decision-making that protects our assets and adheres to applicable corporate policies, operating directives, laws and regulations (including risk and  compliance)
• Promote and support the FEPOC’s risk culture including ensuring Associates understand their accountabilities for risk-taking activities, promoting an environment of open communication and effective challenge, and leading by example
• Proactively identify risks and opportunities of both business and technical plans; identify Risk Mitigation Strategies and Contingency Plans for all identified Risks
• Coordinate the Risk Management Plan and Risk Mitigation Strategy
• Establish reporting capabilities to support strategy and business operations decision-making
• Creating and documenting enterprise wide risk prioritization and/or quantification methodologies to include but not limited to framework, SOPs, checklists and flow diagrams
• Identify, document and track resolution of risk events / issues impacting customers stemming from process breakdowns or other problems, and help develop permanent corrective actions

• Provide leadership to reports in the form of helping to drive and execute on strategic initiatives, career development, coaching and management direction
• Prioritize work in alignment with compliance and risk management practices, business goals, organizational strategies and objectives
• Provide goals, mid-year evaluations, year-end evaluations and development plans
• Provide effective coaching to maximize performance, promote accountability, and maintain a team environment
Make decisions that affect cost, quality and timeliness of activities and deliverable

Supervises and leads teams of direct and indirect reports


  • BA/BS with 10+ years of relevant work experience
  • Advanced knowledge and 10+ years of experience in compliance, privacy, security, and risk management, including establishing a risk management framework
  • Industry specific knowledge and experience
  • Demonstrated experience in building compliance and risk management structures and operations


  • Master’s degree in Business or Risk related field.  Prior health insurance industry exposure; specific experience with successful organizational risk management and compliance management environments


  • Excellent relationship management and consulting skills which results in proven ability to quickly earn the trust of key stakeholders, motivate teams; set direction and approach, resolve conflict, deliver tough messages with grace, execute with limited information and ambiguity
  • Expert change leadership and change management skills
  • Expert risk management skills
  • Ability to apply an appropriate depth of perception, discernment and judgment to effectively direct a program in a changing and evolving environment
  • Excellent stakeholder management and influencing skills, capable of balancing multiple perspectives, effective at all levels up to senior executive
  • Sound business and technical acumen, with demonstrated agility in learning and ability becoming comfortable with unfamiliar businesses areas or of technologies
  • Expert presentation, written and verbal communication skills which bring clarity and precision at senior executive levels
  • Excellent problem-solving and critical-thinking skills to recognize and comprehend complex issues, policies, and industry information affecting the business environment
  • Ability to lead dynamic, energized, and highly creative multidiscipline high-performance work teams in learning and applying new skills/techniques to respond to business needs
  • Strong analytical, problem-solving, and conceptual skills
  • Experience with SharePoint, Clarity, MS Project, MS Project Server, MS Office

Preferred Certifications:

  • Certified Risk Management Professional (CRMP), Certified Compliance & Ethics Professional (CCEP), Professional Risk Manager (PRM), Certified Internal Auditor (CIA), Certified Professional in Healthcare Risk Management (CPHRM), Certified Regulatory and Compliance Processional (CRCP), Enterprise Risk Management Certified Professional (ERMCP), PMI Risk Management Professional (PMI-RMP), GRC Professional (GRCP), Certified Information Privacy Professional/Government (CIPP/G), Certified in Risk and Information Systems Control (CRISC), Certified in Healthcare Compliance (CHC), Certified Compliance Professional (CCP)

Additional Relevant Certifications:

  • Certified in Risk Management Assurance (CRMA), Operational Risk Manager (ORM), Certified Health Care Professional (CHP), Associated Risk Management Professional (ARMP), Certified Business Continuity Professional (CBCP), Certified in the Governance of Enterprise IT (CGEIT), Certified Information Systems Auditor (CISA)


Department: Customer Strategy & Solutions

Equal Employment Opportunity

CareFirst BlueCross BlueShield is an Equal Opportunity (EEO) employer.  It is the policy of the Company to provide equal employment opportunities to all qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veteran or disabled status, or genetic information.

Hire Range Disclaimer

Actual salary will be based on relevant job experience and work history.

Where To Apply

Please visit our website to apply:

Closing Date

Please apply before:  2/21/2019

Federal Disc/Physical Demand

Note:  The incumbent is required to immediately disclose any debarment, exclusion, or other event that makes him/her ineligible to perform work directly or indirectly on Federal health care programs.

The physical demands described here are representative of those that must be met by an employee to perform the essential duties and responsibilities of the position successfully.  Requirements may be modified to accommodate individuals with disabilities.

The employee is primarily seated while performing the duties of the position.  Occasional walking or standing is required.  The hands are regularly used to write, type, key and handle or feel small controls and objects.  The employee must frequently talk and hear.  Weights of up to 25 pounds are occasionally lifted.

Sponsorship in US

Must be eligible to work in the U.S. without Sponsorship

Learn more about Business Operations