Share Job
Suggest Revision
CareFirst BlueCross BlueShieldOwings Mills, MD Full-time
- PURPOSE:The Integrated Risk Management (IRM) department is responsible for the education, empowerment, and governance of business owners in identifying and managing operational risks in a consistent and integrated manner.
- IRM, facilitated by the Integrated Compliance teams and business owners across the enterprise, establishes frameworks for effectuating consistency within operational risk management.
- The IRM team is a catalyst for change, providing leadership and subject matter expertise for establishing and maturing risk mitigation and controls critical to the success of the overall organization.
- Specifically, the IRM team is responsible for identifying and mitigating risks; managing controls and safeguards to minimize the impact of potential and existing risks affecting the organization; ensuring compliance with laws, regulations, and organization frameworks; and monitoring and effectuating remediation of issues identified.
- This requires strong collaboration and partnership with business owners and stakeholders across the enterprise.
- Provide Oversight and Governance of Third PartiesSupport maintenance of the centralized repository for third parties including accountable business owners, inherent risk, and tier for each respective third party relationship inclusive of delegated vendors for Medicaid plans.
- Provide support to the Medicaid Integrated Compliance team to ensure compliance with the Third Party Risk Management (TPRM) framework and standards to ensure that controls in place surrounding data protection, privacy, and access (among other areas) are compliant with CareFirst standards and risk appetite.
- Support completion of Pre-Delegation Audits per CMS requirements on third party Delegated vendors to assess controls in place both at CareFirst and at the third party, in collaboration with subject matter resources across all relevant risk domains to determine residual risk of third party relationships.
- Establish Standards and Frameworks for Standardization and Consistent UnderstandingEstablish and implement policies and procedures that address: formal baseline risk assessments, ongoing risk assessments, and re-evaluation of baseline risk assessments; the performance of assessments for operational areas specific to DC and Maryland Medicaid plans.
- Collaborate with the Integrated Compliance team and key subject matter resources across all relevant risk domains to define and establish frameworks (e.g., Compliance, Risk Assessment, Risk Governance) and definitions for key data elements.
- Maintain frameworks to meet industry standards (e.g., NIST, HITRUST).
- Contribute to the development of enterprise-wide training and awareness materials that educate associates and leadership on Medicaid best practices, pervasive Medicaid risk management issues, Medicaid risk management tools and processes, and lessons learned.
- Oversight, Monitoring, and Execution of AssessmentsConducting audits and risk assessments in accordance with Centers for Medicare and Medicaid Services (CMS) requirements for a DC and Maryland Medicaid health plansConduct formal baseline risk assessments and ongoing risk assessments for operational areas specific to Medicaid activities to include periodic re-evaluations of the accuracy of the baseline Medicare risk assessments (minimum annually) in alignment with 42 C.F.R.
- Establish and ensure monitoring of Delegated vendors for continuous monitoring purposes for complying with all applicate Medicaid regulations, as well as internal policies.
- Govern and support associates in the completion of third party and control assessments, including self-assessments, to ensure the adequacy of controls in place to safeguard the organization, including tracking, monitoring, and managing issues identified.
- Maintain documentation for re-performance ability, including leveraging the Governance Risk and Compliance (GRC) tool and repository (e.g., Compliance 360).
- Contribute to the repository of best practices and tools/accelerators related to third party assessments, operational risk assessments, and control self-assessments.
- Governance, Risk & Compliance (GRC) ProgramProvide support to the Medicaid Integrated Compliance team and the Medicare and Medicaid Compliance Officer to ensure compliance with the established Common Compliance Framework (CCF).
- Leadership and DevelopmentResponsible for mentoring more junior associatesMaintains accountability for the accuracy of information maintained within the centralized repository.
- Maintains responsibility for timely escalation of concerns identified during risk and control assessments to the IRM Director and the Medicare and Medicaid Compliance Officer.
- The intent of this list of primary duties is to provide a representative summary of the major duties and responsibilities of this job.
- Incumbents perform other related duties assigned.
- Specific duties and responsibilities may vary based upon departmental needs QUALIFICATION
- Education Level: Bachelor’s Degree In lieu of a Bachelor’s degree, an additional 4 years of relevant work experience is required in addition to the required work experience.
- Experience: 5+ years of work experience in risk management, third party risk management, Medicare/Medicaid audit, Medicare/Medicaid compliance, Medicare/Medicaid security governance or Medicare/Medicaid legal services role.
- Technical knowledge of and experience executing CMS compliance and audit requirements, CMS audit protocols, CMS monitoring projects, and/or CMS risk assessments.
- Understanding of legal requirements and health insurance operationsPossess or in the process of obtaining a relevant risk or business certification (e.g., CPA, CIA, CISA, CISM)Hands on with the implementation, support, or assessment of third party risks or operational risks.
- Knowledge, Skills and Abilities (KSAs):Capabilities and experience in performing independent assessments, including compliance & legal reviews, contract reviews, testing controls, and developing & reviewing assessment reports.
- Problem solver who works independently and within a team using interpersonal skills, including excellent oral and written communication skills.
- Understands and possesses general project management skills relevant to performing assessment functions and responsibilities.
- Ability to work effectively in a fast-paced environment with frequently changing priorities, deadlines and workloads that can be varied for extended periods of time.
- Must be able to meet established deadlines and handle multiple customer service demands from internal and external customers, within set expectations for service excellence.
- Considerable judgment, tact, initiative, accuracy, trustworthiness and integrity.
- MD Medicaid- Program ManagementEqual Employment Opportunity CareFirst BlueCross BlueShield is an Equal Opportunity (EEO) employer.
- It is the policy of the Company to provide equal employment opportunities to all qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veteran or disabled status, or genetic information.
- Hire Range Disclaimer Actual salary will be based on relevant job experience and work history.
- Where To Apply Please visit our website to apply: www.
- carefirst.com/careersFederal Disc/Physical Demand Note: The incumbent is required to immediately disclose any debarment, exclusion, or other event that makes him/her ineligible to perform work directly or indirectly on Federal health care programs.
- The associate is primarily seated while performing the duties of the position.
- Occasional walking or standing is required.
- The hands are regularly used to write, type, key and handle or feel small controls and objects.
- The associate must frequently talk and hear.
- Weights up to 25 pounds are occasionally lifted.