Resp & Qualifications
The Integrated Risk Management (IRM) department is responsible for the education, empowerment, and governance of business owners in identifying and managing operational risks in a consistent and integrated manner. IRM, facilitated by the Integrated Compliance teams and business owners across the enterprise, establishes frameworks for effectuating consistency within operational risk management. The IRM team is a catalyst for change, providing leadership and subject matter expertise for establishing and maturing risk mitigation and controls critical to the success of the overall organization. Specifically, the IRM team is responsible for identifying and mitigating risks; managing controls and safeguards to minimize the impact of potential and existing risks affecting the organization; ensuring compliance with laws, regulations, and organization frameworks; and monitoring and effectuating remediation of issues identified. This requires strong collaboration and partnership with business owners and stakeholders across the enterprise.
PRINCIPAL ACCOUNTABILITIES: Under the direction of the Risk & Regulatory Compliance Manager responsibilities include, but are not limited to:
Establish Standards and Frameworks for Standardization and Consistent Understanding
Collaborate with Integrated Compliance teams and key subject matter resources across all relevant risk domains to define and establish frameworks (e.g., Compliance, Risk Assessment, Risk Governance) and definitions for key data elements. Maintain frameworks to meet industry standards (e.g., NIST, HITRUST).
Contribute to the development of enterprise-wide training and awareness materials that educate associates and leadership on best practices, pervasive operational risk management issues, risk management tools and processes, and lessons learned.
Oversight, Monitoring, and Execution of Assessments
Provide advisory support in the completion of divisional risk assessments. Govern and support associates in the completion of third party risk assessments and control self-assessments to ensure the adequacy of controls in place to safeguard the organization, including tracking, monitoring, and managing issues identified. Maintain documentation for re-performance ability, including leveraging the Governance Risk and Compliance (GRC) tool and repository (e.g., Compliance 360). Contribute to the repository of best practices and tools/accelerators related to third party risk assessments, operational risk assessments, and control self-assessments.
Operational Risk Management and Advisory Support
Partner with business owners across the enterprise to serve as the subject matter expert in the identification of issues and concerns, provide the appropriate level of support, and proactively identify risk management, control efficiency and effectiveness, and process improvement opportunities to improve the enterprise risk culture. Track and monitor evolving risks and threats maintained within the centralized risk register, including third party risks, and collaborate with business owners to track risk and threat mitigation strategies.
Collaborate with business owners to identify and contribute to a centralized inventory of processes, controls, process-level risks, and areas for improvement to ensure efficiency in the control and process environment across the enterprise.
Governance, Risk & Compliance (GRC) Program
Provide support to Integrated Compliance teams to ensure compliance with the established Common Compliance Framework (CCF). Contribute to the development of enterprise reporting and dashboards for monitoring and analysis of process-level risks, controls, issues, risk management, and compliance activities.
Provide Oversight and Governance of Third Party Risks
Support maintenance of the centralized repository for third party relationships including accountable business owners, inherent risk, and tier for each respective third party relationship. Provide support to Integrated Compliance teams to ensure compliance with the Third Party Risk Management (TPRM) framework and standards to ensure that controls in place surrounding data protection, privacy, and access (among other areas) are compliant with CareFirst standards and risk appetite. Support completion of due diligence on third party controls in place both at CareFirst and at the third party, in collaboration with subject matter resources across all relevant risk domains to determine residual risk of third party relationships. Serve as primary reviewer of third party attestation reports, including but not limited to SOC 2/HITRUST, and other independent audit reports.
Leadership and Development
Responsible for mentoring more junior associates. Maintains accountability for the accuracy of information maintained within the centralized repository. Maintains responsibility for timely escalation of concerns identified during risk and control assessments to the IRM Director.
Equal Employment Opportunity
CareFirst BlueCross BlueShield is an Equal Opportunity (EEO) employer. It is the policy of the Company to provide equal employment opportunities to all qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veteran or disabled status, or genetic information.
Hire Range Disclaimer
Actual salary will be based on relevant job experience and work history.
Where To Apply
Please visit our website to apply: www.carefirst.com/careers
Please apply before: 4.7.21
Federal Disc/Physical Demand
Note: The incumbent is required to immediately disclose any debarment, exclusion, or other event that makes him/her ineligible to perform work directly or indirectly on Federal health care programs.
The associate is primarily seated while performing the duties of the position. Occasional walking or standing is required. The hands are regularly used to write, type, key and handle or feel small controls and objects. The associate must frequently talk and hear. Weights up to 25 pounds are occasionally lifted.
Sponsorship in US
Must be eligible to work in the U.S. without Sponsorship