Enterprise Risk Manager (Full-time Hybrid, Morrisville, NC)

The Risk Manager is responsible for leading and continuously maturing the organization’s Enterprise Risk Management (ERM) program for a Medicaid managed care organization. Reporting to the Chief Risk and Compliance Officer, this role provides second line oversight and enterprise wide coordination to ensure that material risks—strategic, operational, regulatory, financial, reputational, and third party—are identified, assessed, communicated, and managed in alignment with organizational objectives and risk appetite.

The Risk Manager serves as the enterprise steward of the ERM framework, risk register, and risk reporting, partnering closely with business leaders, Compliance, Internal Audit, Program Integrity, and Privacy and Health Information Governance. The role also provides governance and oversight for organizational insurance and risk financing activities, incident and event trending, business continuity and preparedness, and selected operational risk domains (e.g., employee safety), while leveraging external partners and first line management for execution.

Enterprise Risk Management

• →Lead and maintain the organization’s Enterprise Risk Management framework, ensuring alignment with strategic goals, regulatory expectations, and board oversight
• →Facilitate the enterprise wide annual risk assessment and periodic updates, identifying and prioritizing key strategic, operational, regulatory, financial, clinical oversight, third party, and reputational risks
• →Serve as the steward of the enterprise risk register, ensuring clarity of risk statements, consistent scoring, defined ownership, and tracking of mitigation plans
• →Develop, monitor, and refine key risk indicators (KRIs) and risk dashboards to support timely management decision making
• →Prepare clear, actionable ERM reporting for Executive Leadership and the Board of Directors’ Audit and Compliance Committee
• →Promote a consistent enterprise understanding of risk concepts, roles, and accountability through training, facilitation, and communication

Insurance and Risk Financing Oversight

• →Provide governance and oversight of the organization’s insurance and risk financing program, including professional liability, general liability, D&O, workers’ compensation, employment practices, cyber, property, automobile liability, and bonds
• →Serve as the primary internal point of accountability for insurance matters, while leveraging the organization’s broker and carriers for day to day administration, renewals, and technical analysis
• →Partner with the broker and Legal to review coverage adequacy, exclusions, limits, and emerging exposure trends
• →Oversee high level claims activity and loss trends for risk insight and reporting; escalate material issues to executive leadership as appropriate
• →Ensure appropriate processes are in place for certificates of insurance and contractual insurance compliance, delegating operational tasks as needed

Risk Events, Incidents, and Issues Oversight

• →Chair or facilitate enterprise risk related committees (e.g., Provider Significant Event Committee, Critical Incident Review Team), ensuring timely review, escalation, and tracking of significant events and systemic risk themes
• →Provide oversight and coordination for the review of critical incidents and potential regulatory reportable events, in partnership with clinical, operational, and compliance leaders
• →Analyze incident and event data to identify trends, root cause themes, and opportunities for risk mitigation and control enhancement
• →Monitor corrective action plans associated with significant risks or events and report status to appropriate governance forums

Third-Party, Vendor, and Delegated Entity Risk

• →Support enterprise oversight of vendor and delegated entity risk by assessing risk management practices, insurance coverage, and contractual risk transfer provisions
• →Maintain centralized visibility into material vendor incidents, insurance documentation, and indemnification requirements, coordinating with Compliance, Legal, and Program Integrity as appropriate
• →Incorporate third party and delegated entity risk into the broader ERM framework and reporting

Business Continuity and Operational Resilience

• →Provide ERM aligned oversight of the organization’s Business Continuity Plan (BCP) and Emergency Response Plan (ERP), in collaboration with executive leadership and designated coordinators
• →Facilitate periodic testing, tabletop exercises, and scenario based reviews to assess preparedness and operational resilience
• →Capture lessons learned from disruptions, near misses, or exercises and integrate them into risk assessments and preparedness planning

Regulatory, Compliance, and Audit Collaboration

• →Partner with the Chief Risk and Compliance Officer, Corporate Compliance, and Legal to support regulatory expectations related to risk governance, monitoring, and reporting
• →Coordinate with Internal Audit to inform risk based audit planning and respond to audit findings, issues, and corrective action plans
• →Contribute to the organization’s annual compliance risk assessment and work plan from an enterprise risk perspective
• →Participate in accreditation and external reviews (e.g., NCQA) as a subject matter expert for ERM, risk governance, and safety oversight

Data, Reporting, and Risk Intelligence

• →Analyze qualitative and quantitative risk data (e.g., incidents, claims trends, KRIs) to identify emerging risks and systemic issues
• →Prepare concise, executive level risk reports, dashboards, and presentations for leadership, committees, and the Board
• →Provide data informed recommendations to strengthen controls, reduce exposure, and improve operational effectiveness

Training and Risk Culture

• →Develop and deliver risk management training related to ERM, incident reporting, and risk awareness
• →Collaborate with Organizational Development Leadership and the Keys to Safety and Respect Project Team to adjust safety procedures and ensure inclusion of changes in training materials, review and approve changes to training materials before implementation
• →Promote a culture of transparency, accountability, and learning across the organization
• →Partner with leadership to integrate risk awareness into onboarding and ongoing professional development

Education & Experience

Required:

Bachelor’s degree in Risk Management, Healthcare Administration, Business, or related field and five (5) years of progressively responsible experience in risk management, enterprise risk, operational risk, compliance, audit, or a related second-line function, preferably within healthcare, managed care, Medicaid, or another highly regulated environment. Demonstrated experience supporting or leading an ERM program and facilitating cross-functional risk assessments is required.

Preferred:

• Master’s degree preferred.
• Associate in Risk Management (ARM), RIMS Certified Risk Management Professional (RIMS-CRMP), or other relevant risk, compliance, or governance certification preferred.

• Strong understanding of enterprise and operational risk concepts and governance models (including lines of defense)
• Working knowledge of healthcare managed care operations, regulatory environments, and risk oversight expectations
• Excellent analytical, organizational, and facilitation skills
• Ability to communicate complex risk information clearly to executives, boards, providers, and staff
• Demonstrated ability to influence without authority and build effective cross-functional partnerships
• Proficiency with Microsoft Office and experience with risk management systems, dashboards, or data visualization tools

$89,404- $113,990/Annually 

Exact compensation will be determined based on the candidate's education, experience, external market data and consideration of internal equity.  

 An excellent fringe benefit package accompanies the salary, which includes:  

• Medical, Dental, Vision, Life, Long and Short Term Disability
• Generous retirement savings plan
• Flexible work schedules including hybrid/remote options
• Paid time off including vacation, sick leave, holiday, management leave
• Dress flexibility