Integrated Risk Management
Equal Employment Opportunity
CareFirst BlueCross BlueShield is an Equal Opportunity (EEO) employer. It is the policy of the Company to provide equal employment opportunities to all qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veteran or disabled status, or genetic information.
Hire Range Disclaimer
Actual salary will be based on relevant job experience and work history.
Where To Apply
Please visit our website to apply: www.carefirst.com/careers
Please apply before: 12/06/2019
Federal Disc/Physical Demand
Note: The incumbent is required to immediately disclose any debarment, exclusion, or other event that makes him/her ineligible to perform work directly or indirectly on Federal health care programs.
The employee is primarily seated while performing the duties of the position. Occasional walking or standing is required. The hands are regularly used to write, type, key and handle or feel small controls and objects. The employee must frequently talk and hear. Weights of up to 25 pounds are occasionally lifted.
The physical demands described here are representative of those that must be met by an employee to perform the essential duties and responsibilities of the position successfully. Requirements may be modified to accommodate individuals with disabilities. Travel among CareFirst sites is required.
Sponsorship in US
Must be eligible to work in the U.S. without Sponsorship
The Integrated Risk Management (IRM) department is responsible for the education, empowerment, and governance of business owners in identifying and managing operational risks in a consistent and integrated manner. IRM, facilitated by the Integrated Compliance teams and business owners across the enterprise, establishes frameworks for effectuating consistency within operational risk management. The IRM team is a catalyst for change, providing leadership and subject matter expertise for establishing and maturing risk mitigation and controls critical to the success of the overall organization. Specifically, the IRM team is responsible for identifying and mitigating risks; managing controls and safeguards to minimize the impact of potential and existing risks affecting the organization; ensuring compliance with laws, regulations, and organization frameworks; and monitoring and effectuating remediation of issues identified. This requires strong collaboration and partnership with business owners and stakeholders across the enterprise.
PRINCIPAL ACCOUNTABILITIES: Under the direction of the Integrated Risk Management Program Director responsibilities include, but are not limited to:
Establish Standards and Frameworks for Standardization and Consistent Understanding
- Collaborate with Integrated Compliance teams and key subject matter resources across all relevant risk domains to define and establish frameworks (e.g., Compliance, Risk Assessment, Risk Governance) and definitions for key data elements. Maintain frameworks to meet industry standards (e.g., NIST, HITRUST).
- Contribute to the development of enterprise-wide training and awareness materials that educate associates and leadership on best practices, pervasive operational risk management issues, risk management tools and processes, and lessons learned.
Oversight, Monitoring, and Execution of Assessments
- Provide advisory support in the completion of divisional risk assessments.
- Govern and support associates in the completion of third party risk assessments and control self-assessments to ensure the adequacy of controls in place to safeguard the organization, including tracking, monitoring, and managing issues identified.
- Maintain documentation for re-performance ability, including leveraging the Governance Risk and Compliance (GRC) tool and repository (e.g., Compliance 360).
- Contribute to the repository of best practices and tools/accelerators related to third party risk assessments, operational risk assessments, and control self-assessments.
Operational Risk Management and Advisory Support
- Partner with business owners across the enterprise to serve as the subject matter expert in the identification of issues and concerns, provide the appropriate level of support, and proactively identify risk management, control efficiency and effectiveness, and process improvement opportunities to improve the enterprise risk culture.
- Track and monitor evolving risks and threats maintained within the centralized risk register, including third party risks, and collaborate with business owners to track risk and threat mitigation strategies.
- Collaborate with business owners to identify and contribute to a centralized inventory of processes, controls, process-level risks, and areas for improvement to ensure efficiency in the control and process environment across the enterprise.
Governance, Risk & Compliance (GRC) Program
- Provide support to Integrated Compliance teams to ensure compliance with the established Common Compliance Framework (CCF).
- Contribute to the development of enterprise reporting and dashboards for monitoring and analysis of process-level risks, controls, issues, risk management, and compliance activities.
Provide Oversight and Governance of Third Party Risks
- Support maintenance of the centralized repository for third party relationships including accountable business owners, inherent risk, and tier for each respective third party relationship.
- Provide support to Integrated Compliance teams to ensure compliance with the Third Party Risk Management (TPRM) framework and standards to ensure that controls in place surrounding data protection, privacy, and access (among other areas) are compliant with CareFirst standards and risk appetite.
- Support completion of due diligence on third party controls in place both at CareFirst and at the third party, in collaboration with subject matter resources across all relevant risk domains to determine residual risk of third party relationships.
Leadership and Development
- Responsible for mentoring more junior associates
- Maintains accountability for the accuracy of information maintained within the centralized repository.
- Maintains responsibility for timely escalation of concerns identified during risk and control assessments to the IRM Director.
BA/BS degree or equivalent, in lieu of a BA/BS degree, an additional 4 years of relevant experience is required and 5+ years of work experience in a risk management, third party risk management, audit, compliance, security governance or legal services role.
- Capabilities and experience in performing independent assessments, including compliance & legal reviews, contract reviews, testing controls, and developing & reviewing assessment reports.
- Problem solver who works independently and within a team using interpersonal skills, including excellent oral and written communication skills.
- Understands and possesses general project management skills relevant to performing assessment functions and responsibilities.
- Ability to work effectively in a fast-paced environment with frequently changing priorities, deadlines and workloads that can be varied for extended periods of time. Must be able to meet established deadlines and handle multiple customer service demands from internal and external customers, within set expectations for service excellence.
- Considerable judgment, tact, initiative, accuracy, trustworthiness and integrity.
- Understanding of legal requirements and health insurance operations
- Possess or in the process of obtaining a relevant risk or business certification (e.g., CPA, CIA, CISA, CISM)
- Hands on with the implementation, support, or assessment of operational risks and/or third party risks