CareFirst Careers

Compliance & Control Analyst

Resp & Qualifications

The CSA will be accountable for assisting with privacy and security compliance and breach reduction initiatives; helping to influence the direction and outcomes of FEPOC privacy and security audits; coordinating corporate governance activities; and leading analysis and process improvement initiatives to support the formation of efficiencies throughout the department and organization.

PRINCIPAL ACCOUNTABILITIES:  Under the direction of the Manager, Compliance the principle duties and responsibilities include, but are not limited to, the following:

  • Assist and evolve privacy and security control practices at the FEPOC. Participate in the formation of breach mitigation activities and process development to ensure compliance with all regulatory and contractual requirements. Administer the disclosure notification process and conduct related analysis as necessary. Develop and lead education initiatives. Evaluate draft regulations to determine impact on FEPOC--recommending implementation approach or proposing comments to amend the regulations.
  • Coordinate and assist with external and internal audits, serving as liaison between external auditors, internal audit department and FEPOC management to ensure that all audit documentation requests are submitted accurately and within negotiated deadlines. Assist management ensure that audit conclusions, findings and recommendations for improvement or corrective actions are appropriate and completed within established deadlines. Influence functional area activities to help mitigate future audit findings, while also supporting overall process improvement. Conduct quarterly system access and proactive internal process reviews.
  • Assess departmental and organizational processes, procedures, measurements and workflows, recommending quality improvements that lead to efficiencies, process streamlining, risk mitigation or operational enhancements. Establish metrics and performance measurements to support management reporting, project justifications, or performance indicator management.
  • Recommend and draft procedures that align the organization with evolving regulations, risk assessment outcomes and security control implementations.  Maintain subsidiary procedure repository and change control infrastructure. Coordinate departmental procedure maintenance and enhancements based on operational changes. Assist with the formation and management of organizational benchmarks, governance structure and associated communications and training materials.

Minimum Qualifications:
Required:  This position requires a Bachelors degree in Business Administration, Compliance, Process Improvement, or other relevant area of study, and between 1-3 years of privacy, non-financial audit management, security and process management experience, OR total related work experience.  Individual should have working knowledge of the healthcare environment and either HIPAA, HITECH or general privacy and security regulations.  

Abilities/Skills:  Incumbent must have excellent interpersonal skills and be capable of building relationships that helps to ensure acceptance of change needs. Must have the ability to communicate throughout all levels of the company and be process-oriented.  Individual must demonstrate ability to focus on details, creative problem solving, and juggling multiple priorities. Should possess strong analytical and technical writing skills, but be able to communicate and educate using diverse creative outlets.




Equal Employment Opportunity

CareFirst BlueCross BlueShield is an Equal Opportunity (EEO) employer.  It is the policy of the Company to provide equal employment opportunities to all qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veteran or disabled status, or genetic information.

Hire Range Disclaimer

Actual salary will be based on relevant job experience and work history.

Where To Apply

Please visit our website to apply:

Closing Date

Please apply before: 12/23/2019

Federal Disc/Physical Demand

Note:  The incumbent is required to immediately disclose any debarment, exclusion, or other event that makes him/her ineligible to perform work directly or indirectly on Federal health care programs.

The physical demands described here are representative of those that must be met by an employee to perform the essential duties and responsibilities of the position successfully.  Requirements may be modified to accommodate individuals with disabilities.

The employee is primarily seated while performing the duties of the position.  Occasional walking or standing is required.  The hands are regularly used to write, type, key and handle or feel small controls and objects.  The employee must frequently talk and hear.  Weights of up to 25 pounds are occasionally lifted.

Sponsorship in US

Must be eligible to work in the U.S. without Sponsorship

Learn more about Information Technology