We use cookies. Find out more about it here. By continuing to browse this site you are agreeing to our use of cookies.

Senior Risk Management Analyst (Hybrid)



Employer:  CareFirst BlueCross BlueShield
Category:  Legal
Job Type:  Full Time


Resp & Qualifications

The Senior Risk Management Analyst is responsible for supporting, facilitating, and training associates on operational risk programs designed to ensure the identification and mitigation of risks; management of controls and safeguards to minimize the impact of potential and existing risks affecting the organization; compliance with laws, regulations, standards, policies/procedures, and organization frameworks; and monitoring and effectuation of remediation of issues identified.

  • Provide advisory support in the completion of divisional risk assessments. Govern and support associates in the completion of third party risk assessments and control self-assessments to ensure the adequacy of controls in place to safeguard the organization, including tracking, monitoring, and managing issues identified. Maintain documentation for re-performance ability, including leveraging the Governance Risk and Compliance (GRC) tool and repository (e.g., Compliance 360). Contribute to the repository of best practices and tools/accelerators related to third party risk assessments, operational risk assessments, and control self-assessments.
  • Partner with business owners across the enterprise to serve as the subject matter expert in the identification of issues and concerns, provide the appropriate level of support, and proactively identify risk management, control efficiency and effectiveness, and process improvement opportunities to improve the enterprise risk culture. Track and monitor evolving risks and threats maintained within the centralized risk register, including third party risks, and collaborate with business owners to track risk and threat mitigation strategies. Collaborate with business owners to identify and contribute to a centralized inventory of processes, controls, process-level risks, and areas for improvement to ensure efficiency in the control and process environment across the enterprise.
  • Support maintenance of the centralized repository for third party relationships including accountable business owners, inherent risk, and tier for each respective third party relationship. Provide support to ensure compliance with the Third Party Risk Management (TPRM) framework and standards to ensure that controls in place surrounding data protection, privacy, and access (among other areas) are compliant with corporate standards and risk appetite. Support completion of due diligence on third party controls in place both corporately and with the third party, in collaboration with subject matter resources across all relevant risk domains to determine residual risk of third party relationships.
  • Collaborate with internal teams and key subject matter resources across all relevant risk domains to define and establish frameworks (e.g., Compliance, Risk Assessment, Risk Governance) and definitions for key data elements. Maintain frameworks to meet industry standards (e.g., NIST, HITRUST). Contribute to the development of enterprise-wide training and awareness materials that educate associates and leadership on best practices, pervasive operational risk management issues, risk management tools and processes, and lessons learned.
  • Provide support to ensure compliance with the established Common Compliance Framework (CCF). Contribute to the development of enterprise reporting and dashboards for monitoring and analysis of process-level risks, controls, issues, risk management, and compliance activities.
  • Position will be hybrid (partially remote) in Washington, D.C. Must live in or willing to relocate to the CareFirst Region (DC, Maryland, Virginia and West Virginia).
Position does not have direct reports but is expected to assist in guiding and mentoring less experienced staff. May lead a team of matrixed resources.

Education Level: Bachelor's Degree OR in lieu of a Bachelor's degree, an additional 4 years of relevant work experience is required in addition to the required work experience.
Experience: 5 years experience in a risk management, third party risk management, audit, compliance, security governance or legal services role.

Preferred Qualifications:
Possess or in the process of obtaining a relevant risk or business certification (e.g., CPA, CIA, CISA, CISM).

Knowledge, Skills and Abilities (KSAs)
  • Capabilities and experience in performing independent assessments, including compliance & legal reviews, contract reviews, testing controls, and developing & reviewing assessment reports.
  • Problem solver who works independently and within a team using interpersonal skills, including excellent oral and written communication skills.
  • Understands and possesses general project management skills relevant to performing assessment functions and responsibilities.
  • Considerable judgment, tact, initiative, accuracy, trustworthiness and integrity.
  • Must be able to meet established deadlines and handle multiple customer service demands from internal and external customers, within set expectations for service excellence. Must be able to effectively communicate and provide positive customer service to every internal and external customer, including customers who may be demanding or otherwise challenging.


Department: Integrated Risk Management

Equal Employment Opportunity

CareFirst BlueCross BlueShield is an Equal Opportunity (EEO) employer. It is the policy of the Company to provide equal employment opportunities to all qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veteran or disabled status, or genetic information.

Hire Range Disclaimer

Actual salary will be based on relevant job experience and work history.

Where To Apply

Please visit our website to apply: www.carefirst.com/careers

Federal Disc/Physical Demand

Note: The incumbent is required to immediately disclose any debarment, exclusion, or other event that makes him/her ineligible to perform work directly or indirectly on Federal health care programs.


The associate is primarily seated while performing the duties of the position. Occasional walking or standing is required. The hands are regularly used to write, type, key and handle or feel small controls and objects. The associate must frequently talk and hear. Weights up to 25 pounds are occasionally lifted.

Sponsorship in US

Must be eligible to work in the U.S. without Sponsorship.

Applied = 0