CareFirst Careers

Senior Medicare Integrated Risk Management Analyst (Third Party Risk) - will consider REMOTE Applicants

Resp & Qualifications

The Integrated Risk Management (IRM) department is responsible for the education, empowerment, and governance of business owners in identifying and managing operational risks in a consistent and integrated manner.  IRM, facilitated by the Integrated Compliance teams and business owners across the enterprise, establishes frameworks for effectuating consistency within operational risk management.  The IRM team is a catalyst for change, providing leadership and subject matter expertise for establishing and maturing risk mitigation and controls critical to the success of the overall organization.  Specifically, the IRM team is responsible for identifying and mitigating risks; managing controls and safeguards to minimize the impact of potential and existing risks affecting the organization; ensuring compliance with laws, regulations, and organization frameworks; and monitoring and effectuating remediation of issues identified.  This requires strong collaboration and partnership with business owners and stakeholders across the enterprise. 

PRINCIPAL ACCOUNTABILITIES: Under the direction of the Integrated Risk Management Program Director with dotted line reporting to the Medicare and Medicaid Compliance Officer, responsibilities include, but are not limited to:

Provide Oversight and Governance of Third Parties

  • Support maintenance of the centralized repository for third parties including accountable business owners, inherent risk, and tier for each respective First Tier, Downstream, or Related Entity (FDR) relationship. 
  • Provide support to the Medicare Integrated Compliance team to ensure compliance with the Third Party Risk Management (TPRM) framework and standards to ensure that controls in place surrounding data protection, privacy, and access (among other areas) are compliant with CareFirst standards and risk appetite.
  • Support completion of Pre-Delegation Audits per CMS requirements on third party FDRs to assess controls in place both at CareFirst and at the third party, in collaboration with subject matter resources across all relevant risk domains to determine residual risk of third party relationships.

Establish Standards and Frameworks for Standardization and Consistent Understanding

  • Establish and implement policies and procedures that address: formal baseline risk assessments, ongoing risk assessments, and re-evaluation of baseline risk assessments; the performance of assessments for operational areas specific to Medicare Advantage sponsors.
  • Collaborate with the Medicare Integrated Compliance team and key subject matter resources across all relevant risk domains to define and establish frameworks (e.g., Compliance, Risk Assessment, Risk Governance) and definitions for key data elements.  Maintain frameworks to meet industry standards (e.g., NIST, HITRUST).
  • Contribute to the development of enterprise-wide training and awareness materials that educate associates and leadership on Medicare best practices, pervasive Medicare risk management issues, Medicare risk management tools and processes, and lessons learned.

Oversight, Monitoring, and Execution of Assessments

  • Conducting audits and risk assessments in accordance with Centers for Medicare and Medicaid Services (CMS) requirements for a Medicare Advantage (MA) health plan
  • Conduct formal baseline risk assessments and ongoing risk assessments for operational areas specific to Medicare Advantage activities to include periodic re-evaluations of the accuracy of the baseline Medicare risk assessments (minimum annually) in alignment with 42 C.F.R. §§ 422.503(b)(4)(vi)(F), 423.504(b)(4)(vi)(F)).
  • Collaborate with the Medicare and Medicaid Compliance Officer in determining the designation of a vendor as a First Tier, Downstream and Related Entity (FDR) and establish and ensure monitoring of FDRs for continuous monitoring purposes for complying with all applicate Medicare regulations, as well as internal policies. 
  • Govern and support associates in the completion of FDR, third party, and control assessments, including self-assessments, to ensure the adequacy of controls in place to safeguard the organization, including tracking, monitoring, and managing issues identified. 
  • Maintain documentation for re-performance ability, including leveraging the Governance Risk and Compliance (GRC) tool and repository (e.g., Compliance 360).
  • Contribute to the repository of best practices and tools/accelerators related to FDR/third party assessments, operational risk assessments, and control self-assessments. 

Governance, Risk & Compliance (GRC) Program

  • Provide support to the Medicare Integrated Compliance team and the Medicare and Medicaid Compliance Officer to ensure compliance with the established Common Compliance Framework (CCF).
  • Providing support to the Medicare Compliance Officer and the Government Programs division in completion of CMS Readiness Checklist for MA

Leadership and Development

  • Responsible for mentoring more junior associates
  • Maintains accountability for the accuracy of information maintained within the centralized repository.
  • Maintains responsibility for timely escalation of concerns identified during risk and control assessments to the IRM Director and the Medicare and Medicaid Compliance Officer.
  • The intent of this list of primary duties is to provide a representative summary of the major duties and responsibilities of this job. Incumbents perform other related duties assigned. Specific duties and responsibilities may vary based upon departmental needs




  • BA/BS degree or equivalent, in lieu of a BA/BS degree, an additional 4 years of relevant experience is required and 5+ years of work experience in a Medicare risk management, Medicare third party risk management, Medicare audit, Medicare compliance, Medicare security governance or Medicare legal services role.
  • Technical knowledge of and experience executing CMS compliance and audit requirements, CMS audit protocols, CMS monitoring projects, and/or CMS risk assessments.


  • Capabilities and experience in performing independent assessments, including compliance & legal reviews, contract reviews, testing controls, and developing & reviewing assessment reports.
  • Problem solver who works independently and within a team using interpersonal skills, including excellent oral and written communication skills.
  • Understands and possesses general project management skills relevant to performing assessment functions and responsibilities. 
  • Ability to work effectively in a fast-paced environment with frequently changing priorities, deadlines and workloads that can be varied for extended periods of time.  Must be able to meet established deadlines and handle multiple customer service demands from internal and external customers, within set expectations for service excellence.
  • Considerable judgment, tact, initiative, accuracy, trustworthiness and integrity.


  • Understanding of legal requirements and health insurance operations
  • Possess or in the process of obtaining a relevant risk or business certification (e.g., CPA, CIA, CISA, CISM)
  • Hands on with the implementation, support, or assessment of third party risks, operational risks,  and/or FDR risks


#nowhiring #medicareadvantage #medicaid

Equal Employment Opportunity

CareFirst BlueCross BlueShield is an Equal Opportunity (EEO) employer.  It is the policy of the Company to provide equal employment opportunities to all qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veteran or disabled status, or genetic information.

Hire Range Disclaimer

Actual salary will be based on relevant job experience and work history.

Where To Apply

Please visit our website to apply:

Closing Date

Federal Disc/Physical Demand

Note:  The incumbent is required to immediately disclose any debarment, exclusion, or other event that makes him/her ineligible to perform work directly or indirectly on Federal health care programs.


The associate is primarily seated while performing the duties of the position.  Occasional walking or standing is required.  The hands are regularly used to write, type, key and handle or feel small controls and objects.  The associate must frequently talk and hear.  Weights up to 25 pounds are occasionally lifted.

Sponsorship in US

Must be eligible to work in the U.S. without Sponsorship

Learn more about Audit & Legal