CareFirst Careers

Lead Risk Management Analyst

Resp & Qualifications

The Integrated Risk Management (IRM) department is responsible for the education, empowerment, and governance of business owners in identifying and managing operational risks in a consistent and integrated manner.  IRM, facilitated by the Integrated Compliance teams and business owners across the enterprise, establishes frameworks for effectuating consistency within operational risk management.  The IRM Program Manager is a catalyst for change, providing leadership and subject matter expertise for establishing and maturing risk mitigation and controls critical to the success of the overall organization.  Specifically, the IRM Program Manager is responsible for identifying and mitigating risks; managing controls and safeguards to minimize the impact of potential and existing risks affecting the organization; ensuring compliance with laws, regulations, and organization frameworks; and monitoring and effectuating remediation of issues identified.  This requires strong collaboration and partnership with business owners and stakeholders across the enterprise. 

PRINCIPAL ACCOUNTABILITIES: Under the direction of the Integrated Risk Management Program Director, responsibilities include, but are not limited to:

Establish Standards and Frameworks for Standardization and Consistent Understanding
Collaborate with Integrated Compliance teams and key subject matter resources across all relevant risk domains to define and establish frameworks (e.g., Compliance, Risk Assessment, Risk Governance) and definitions for key data elements.  Maintain frameworks to meet industry standards (e.g., NIST, HITRUST).
Support the development and delivery of enterprise-wide training and awareness materials that educate associates and leadership on best practices, pervasive operational risk management issues, risk management tools and processes, and lessons learned.

Oversight, Monitoring, and Execution of Assessments
Provide advisory support in the completion of divisional risk assessments.  Govern, support, and mentor associates in the completion of third party risk assessments and control self-assessments to ensure the adequacy of controls in place to safeguard the organization, including tracking, monitoring, and managing issues identified.  Maintain documentation for re-performance ability, including leveraging the Governance Risk and Compliance (GRC) tool and repository (e.g., Compliance 360).  Identify and maintain a repository of best practices and tools/accelerators related to third party risk assessments, operational risk assessments, and control self-assessments. 

Operational Risk Management and Advisory Support
Partner with business owners across the enterprise to serve as the subject matter expert in the identification of issues and concerns, provide the appropriate level of support, and proactively identify risk management, control efficiency and effectiveness, and process improvement opportunities to improve the enterprise risk culture.  Utilize expertise to identify and document, in a centralized risk register, evolving risks and threats pertaining to operational risks, including third party risks, and provide in-depth understanding of “if, how, and when” the risks/threats should be addressed.  Collaborate with business owners to establish and maintain an inventory of processes, controls, process-level risks, and areas for improvement to ensure efficiency in the control and process environment across the enterprise.

Governance, Risk & Compliance (GRC) Program
Provide support, oversight, and governance to Integrated Compliance teams to ensure compliance with the established Common Compliance Framework (CCF).  Support the development of enterprise reporting and dashboards for monitoring and analysis of process-level risks, controls, issues, risk management, and compliance activities. 

Provide Oversight and Governance of Third Party Risks
Support maintenance of the centralized repository for third party relationships including accountable business owners, inherent risk, and tier for each respective third party relationship.  Provide support, oversight, and governance to Integrated Compliance teams to ensure compliance with the Third Party Risk Management (TPRM) framework and standards to ensure that controls in place surrounding data protection, privacy, and access (among other areas) are compliant with CareFirst standards and risk appetite.  Inventory and evaluate the inherent risk score and operational criticality for all third party relationships.  Facilitate due diligence on third party controls in place both at CareFirst and at the third party, in collaboration with subject matter resources across all relevant risk domains to determine residual risk of third party relationships.

Forge relationships with business owners across the enterprise to understand issues and concerns, provide the correct level of support, and proactively identify risk management, control efficiency and effectiveness, and process improvement opportunities.  Set high expectations for interacting with and providing significant influence of others, within the IRM team, as well as business owners and stakeholders across the enterprise for all audit activities, risk assessments and process improvements to support control objectives with cross-functional impacts.  Drive commitment and exercise autonomy by being an independent thinker with consideration of the values of ethics and integrity, while being flexible an adaptable to business needs. 
Support, guide, and mentor IRM staff in the completion of activities and goals for the IRM department.


• BA/BS degree or equivalent, in lieu of a bachelor’s degree, an additional 4 years of relevant experience is required,  and7+ years of work experience in a risk management, third party risk management, audit, compliance, security governance or legal services role

• Strong capabilities and experience in performing independent assessments, including compliance & legal reviews, contract reviews, testing controls, and developing & reviewing assessment reports.
• Experienced problem solver who works independently and within a team using interpersonal skills, including excellent oral and written communication skills.
• Proficient in MS Office, Project Management tools, financial/budget management systems (e.g., Oracle). 
• Understands and possesses general project management skills relevant to performing assessment functions and responsibilities. 
• Ability to work effectively in a fast-paced environment with frequently changing priorities, deadlines and workloads that can be varied for extended periods of time.  Must be able to meet established deadlines and handle multiple customer service demands from internal and external customers, within set expectations for service excellence.
• Ability to exercise sound judgment.
• Ability to communicate with tact to all levels of staff.
• Demonstrated initiative, trustworthiness and integrity.

• Understanding of legal requirements and health insurance operations
• Relevant risk or business certification (e.g., CPA, CIA, CISA, CISM)
• Knowledge of organization and operations of the business areas being supported


Equal Employment Opportunity

CareFirst BlueCross BlueShield is an Equal Opportunity (EEO) employer.  It is the policy of the Company to provide equal employment opportunities to all qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veteran or disabled status, or genetic information.

Hire Range Disclaimer

Actual salary will be based on relevant job experience and work history.

Where To Apply

Please visit our website to apply:

Closing Date

Please apply before: 6.25.21

Federal Disc/Physical Demand

Note:  The incumbent is required to immediately disclose any debarment, exclusion, or other event that makes him/her ineligible to perform work directly or indirectly on Federal health care programs.


The associate is primarily seated while performing the duties of the position.  Occasional walking or standing is required.  The hands are regularly used to write, type, key and handle or feel small controls and objects.  The associate must frequently talk and hear.  Weights up to 25 pounds are occasionally lifted.

Sponsorship in US

Must be eligible to work in the U.S. without Sponsorship

Not finding the right job?
Stay informed about future openings by joining one of our Talent Networks!

Learn more about Audit & Legal