Resp & Qualifications
PURPOSE:
The Senior Risk Management Analyst is responsible for supporting, facilitating, and training associates on third-party risk programs designed to ensure the identification and mitigation of risks; management of controls and safeguards to minimize the impact of potential and existing third-party risks affecting the organization; compliance with laws, regulations, standards, policies/procedures, and organization frameworks; and monitoring and effectuation of remediation of issues identified.
ESSENTIAL FUNCTIONS:- Provide Oversight and Governance of Third Parties
- Support maintenance of the centralized repository for third parties including accountable business owners, inherent risk, and tier for each respective third party relationship inclusive of delegated vendors for Medicare and Medicaid plans.
- Provide support to the Medicaid Integrated Compliance team to ensure compliance with the Third Party Risk Management (TPRM) framework and standards to ensure that controls in place surrounding data protection, privacy, and access (among other areas) are compliant with CareFirst standards and risk appetite.
- Support completion of third party risk assessments on third party Delegated and FDR vendors to assess controls in place both at CareFirst and at the third party to determine residual risk of third party relationships.
- Establish Standards and Frameworks for Standardization and Consistent Understanding
- Establish and implement policies and procedures that address: formal baseline risk assessments, ongoing risk assessments, and re-evaluation of baseline risk assessments; the performance of assessments for operational areas specific to Medicare and Medicaid plans.
- Collaborate with the Integrated Compliance team and key subject matter resources across all relevant risk domains to define and establish frameworks (e.g., Compliance, Risk Assessment, Risk Governance) and definitions for key data elements. Maintain frameworks to meet industry standards (e.g., NIST, HITRUST).
- Contribute to the development of enterprise-wide training and awareness materials that educate associates and leadership on Medicaid best practices, pervasive Medicaid risk management issues, Medicaid risk management tools and processes, and lessons learned.
- Oversight, Monitoring, and Execution of Assessments
- Conducting risk assessments in accordance with Centers for Medicare and Medicaid Services (CMS) requirements for Medicare and Medicaid health plans
- Conduct formal baseline risk assessments and ongoing risk assessments for operational areas specific to Medicaid activities to include periodic re-evaluations of the accuracy of the baseline Medicare risk assessments (minimum annually) in alignment with 42 C.F.R. 422.503(b)(4)(vi)(F), 423.504(b)(4)(vi)(F)).
- Establish and ensure monitoring of Delegated vendors for continuous monitoring purposes for complying with all applicate Medicaid regulations, as well as internal policies.
- Govern and support associates in the completion of third party and control assessments, including self-assessments, to ensure the adequacy of controls in place to safeguard the organization, including tracking, monitoring, and managing issues identified.
- Maintain documentation for re-performance ability, including leveraging the TPRM tool and repository (e.g., Whistic).
- Contribute to the repository of best practices and tools/accelerators related to third party assessments, operational risk assessments, and control self-assessments.
- Governance, Risk & Compliance (GRC) Program
- Provide support to the Medicaid Integrated Compliance team and the Medicare and Medicaid Compliance Officer to ensure compliance with the established Common Compliance Framework (CCF).
- Leadership and Development
- Responsible for mentoring more junior associates.
- Maintains accountability for the accuracy of information maintained within the centralized repository.
- Maintains responsibility for timely escalation of concerns identified during risk and control assessments to the IRM Director and the Medicare and Medicaid Compliance Officer.
- The intent of this list of primary duties is to provide a representative summary of the major duties and responsibilities of this job. Incumbents perform other related duties assigned. Specific duties and responsibilities may vary based upon departmental needs.
QUALIFICATIONS:
Education Level: Bachelor's Degree OR in lieu of a Bachelor's degree, an additional 4 years of relevant work experience is required in addition to the required work experience.
Experience: 5 years experience in a risk management, third party risk management, audit, compliance, security governance or legal services role.
Preferred Qualifications: Possess or in the process of obtaining a relevant risk or business certification (e.g., CPA, CIA, CISA, CISM).
Knowledge, Skills and Abilities (KSAs)- Capabilities and experience in performing independent assessments, including compliance & legal reviews, contract reviews, testing controls, and developing & reviewing assessment reports.
- Problem solver who works independently and within a team using interpersonal skills, including excellent oral and written communication skills.
- Understands and possesses general project management skills relevant to performing assessment functions and responsibilities.
- Considerable judgment, tact, initiative, accuracy, trustworthiness and integrity.
- Must be able to effectively work in a fast-paced environment with frequently changing priorities, deadlines, and workloads that can be variable for long periods of time. Must be able to meet established deadlines and handle multiple customer service demands from internal and external customers, within set expectations for service excellence. Must be able to effectively communicate and provide positive customer service to every internal and external customer, including customers who may be demanding or otherwise challenging.
Salary Range: $70,848 - $140,712
Salary Range Disclaimer
The disclosed range estimate has not been adjusted for the applicable geographic differential associated with the location at which the work is being performed. This compensation range is specific and considers factors such as (but not limited to) the scope and responsibilites of the position, the candidate's work experience, education/training, internal peer equity, and market and business consideration. It is not typical for an individual to be hired at the top of the range, as compensation decisions depend on each case's facts and circumstances, including but not limited to experience, internal equity, and location. In addition to your compensation, CareFirst offers a comprehensive benefits package, various incentive programs/plans, and 401k contribution programs/plans (all benefits/incentives are subject to eligibility requirements).
Department
Enterprise Risk Management
Equal Employment Opportunity
CareFirst BlueCross BlueShield is an Equal Opportunity (EEO) employer. It is the policy of the Company to provide equal employment opportunities to all qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veteran or disabled status, or genetic information.
Where To Apply
Please visit our website to apply: www.carefirst.com/careers
Federal Disc/Physical Demand
Note: The incumbent is required to immediately disclose any debarment, exclusion, or other event that makes him/her ineligible to perform work directly or indirectly on Federal health care programs.
PHYSICAL DEMANDS:
The associate is primarily seated while performing the duties of the position. Occasional walking or standing is required. The hands are regularly used to write, type, key and handle or feel small controls and objects. The associate must frequently talk and hear. Weights up to 25 pounds are occasionally lifted.
Sponsorship in US
Must be eligible to work in the U.S. without Sponsorship.
#LI-LJ1
|
