CareFirst Careers

Senior Medicare Integrated Risk Management Analyst - will consider REMOTE applicants

Resp & Qualifications

The Integrated Risk Management (IRM) department is responsible for the education, empowerment, and governance of business owners in identifying and managing operational risks in a consistent and integrated manner.  IRM, facilitated by the Integrated Compliance teams and business owners across the enterprise, establishes frameworks for effectuating consistency within operational risk management.  The IRM team is a catalyst for change, providing leadership and subject matter expertise for establishing and maturing risk mitigation and controls critical to the success of the overall organization.  Specifically, the IRM team is responsible for identifying and mitigating risks; managing controls and safeguards to minimize the impact of potential and existing risks affecting the organization; ensuring compliance with laws, regulations, and organization frameworks; and monitoring and effectuating remediation of issues identified.  This requires strong collaboration and partnership with business owners and stakeholders across the enterprise. 


Under the direction of the Integrated Risk Management Program Director responsibilities include, but are not limited to:

Establish Standards and Frameworks for Standardization and Consistent Understanding

  • Collaborate with Integrated Compliance teams and key subject matter resources across all relevant risk domains to define and establish frameworks (e.g., Compliance, Risk Assessment, Risk Governance) and definitions for key data elements.  Maintain frameworks to meet industry standards (e.g., NIST, HITRUST).
  • Contribute to the development of enterprise-wide training and awareness materials that educate associates and leadership on best practices, pervasive operational risk management issues, risk management tools and processes, and lessons learned.

Oversight, Monitoring, and Execution of Assessments

  • Conducting audits and risk assessments in accrodance with Centers for Medicare and Medicaid Services (CMS) requirements for a Medicare Advantage (MA) plan
  • Provide advisory support in the completion of divisional risk assessments.  Govern and support associates in the completion of third party risk assessments and control self-assessments to ensure the adequacy of controls in place to safeguard the organization, including tracking, monitoring, and managing issues identified. 
  • Maintain documentation for re-performance ability, including leveraging the Governance Risk and Compliance (GRC) tool and repository (e.g., Compliance 360). 
  • Contribute to the repository of best practices and tools/accelerators related to third party risk assessments, operational risk assessments, and control self-assessments. 

 Operational Risk Management and Advisory Support

  • Partner with business owners across the enterprise to serve as the subject matter expert in the identification of issues and concerns, provide the appropriate level of support, and proactively identify risk management, control efficiency and effectiveness, and process improvement opportunities to improve the enterprise risk culture. 
  • Serve as a Subject Matter Expert (SME) for the technical execution of MA compliance activites and requirements
  • Track and monitor evolving risks and threats maintained within the centralized risk register, including third party risks, and collaborate with business owners to track risk and threat mitigation strategies. 
  • Collaborate with business owners to identify and contribute to a centralized inventory of processes, controls, process-level risks, and areas for improvement to ensure efficiency in the control and process environment across the enterprise. 

Governance, Risk & Compliance (GRC) Program

  • Providing support to the Medicare Compliance Officer and the Government Programs division in completion of CMS Readiness Checklist for MA
  • Providing support to the Provide support to Integrated Compliance teams to ensure compliance with the established Common Compliance Framework (CCF).  Contribute to the development of enterprise reporting and dashboards for monitoring and analysis of process-level risks, controls, issues, risk management, and compliance activities. 

Provide Oversight and Governance of Third Party Risks

  • Support maintenance of the centralized repository for third party relationships including accountable business owners, inherent risk, and tier for each respective third party relationship. 
  • Provide support to Integrated Compliance teams to ensure compliance with the Third Party Risk Management (TPRM) framework and standards to ensure that controls in place surrounding data protection, privacy, and access (among other areas) are compliant with CareFirst standards and risk appetite. 
  • Support completion of due diligence on third party controls in place both at CareFirst and at the third party, in collaboration with subject matter resources across all relevant risk domains to determine residual risk of third party relationships.

Leadership and Development

  • Responsible for mentoring more junior associates. 
  • Maintains accountability for the accuracy of information maintained within the centralized repository. 
  • Maintains responsibility for timely escalation of concerns identified during risk and control assessments to the IRM Director.

SCOPE DATA: This position will interact extensively with all levels of CareFirst leadership, external audit firms, regulatory agencies and vendors.  This position is responsible for point-to-point communication and consistency throughout many assessments, analysis, reporting, problem solving and performance review – and highly visible to management.  It is expected this role will participate in establishing and maintaining continuously evolving assessment and compliance standards delivering mission critical services for CareFirst. 

• BA/BS degree or equivalent, in lieu of a BA/BS degree, an additional 4 years of relevant experience is required and 5+ years of work experience in a risk management, third party risk management, audit, compliance, security governance or legal services role.
• Technical knowledge of and experience executing CMS compliance and audit requirements.  CMS audit protocols, CMS monitoring projects, and/or CMS risk assessments.

• Capabilities and experience in performing independent assessments, including compliance & legal reviews, contract reviews, testing controls, and developing & reviewing assessment reports.
• Problem solver who works independently and within a team using interpersonal skills, including excellent oral and written communication skills.
• Understands and possesses general project management skills relevant to performing assessment functions and responsibilities. 
• Ability to work effectively in a fast-paced environment with frequently changing priorities, deadlines and workloads that can be varied for extended periods of time.  Must be able to meet established deadlines and handle multiple customer service demands from internal and external customers, within set expectations for service excellence.
• Considerable judgment, tact, initiative, accuracy, trustworthiness and integrity.

• Understanding of legal requirements and health insurance operations
• Possess or in the process of obtaining a relevant risk or business certification (e.g., CPA, CIA, CISA, CISM)
• Hands on with the implementation, support, or assessment of operational risks and/or third party risks


#nowhiring #medicareadvantage #medicaid


Department: Legal 

Equal Employment Opportunity

CareFirst BlueCross BlueShield is an Equal Opportunity (EEO) employer.  It is the policy of the Company to provide equal employment opportunities to all qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veteran or disabled status, or genetic information.

Hire Range Disclaimer

Actual salary will be based on relevant job experience and work history.

Where To Apply

PeopleSoft/Self Service/Recruiting

Closing Date

Please apply before: 6/13/2020

Federal Disc/Physical Demand

Sponsorship in US

Must be eligible to work in the U.S. without Sponsorship

Learn more about Audit & Legal