Job Description – Vendor Risk Manager
Job Title:
Reports To:
Direct Reports:
Division
Accreditation/Approval:
Vendor Risk Manager
Director, Vendor Risk and Oversight
None
Corporate
 URAC
 NCQA
 Regulatory
Role and Responsibility:
 Establish a baseline of vendor risk, identify areas of potential exposure,
develop and align vendor risk management strategies with CareSource
goals and objectives, and execute program ensuring consistency
 Support the design and implementation of a common and consistent
vendor risk management (VRM) program to effectively manage vendor
risk in accordance with internal policy and Federal/ State Regulatory
requirements
 Provide guidance to the business, Strategic Sourcing and other
stakeholders to ensure requirements of VRM are fully understood
 Support development and execution of a robust communication and
training plan to facilitate the effective application and awareness of VRM
 Maintain a structured internal governance framework, to ensure
effective oversight of vendor risk and procurement compliance
 Help ensure strong oversight of all vendors’ risks and provide business
partners visibility of existing and emerging risks
 Continually reassess the operational risks associated with the function
and inherent in the business
 Present reporting of high risk vendor contracts and procurement high
risks / ineffective controls and highlight vendor risks and the action
planned to address inadequate controls to executive management
 Lead assessment of vendor risk, develop mitigation plan and partner with
internal stakeholders to assign monitoring responsibility
 Prepare and complete annual risk assessments and assist with regulatory
and accreditation audit preparation as needed
 Partner with Business Units & internal support functions to help ensure
that all risk assessment and mitigation requirements have been met; risk
is monitored & mitigated throughout testing/ development/
implementation and use
 Develop & maintain workflow processes to ensure data & system
controls are adequate, meet internal baselines and optimize current
processes to meet emerging risks
 Support Vendor selection and contracting on major sourcing efforts and
reassess the risks associated with a vendor relationship prior to the
renewal of contract agreements
 Serve as lead for monitoring risk incidents, remediation resolution
including development and execution of corrective action plans, and
ensure follow-on reporting and monitoring. Evaluate and process
complaints, appeals and grievances
 Collaborate with the business to develop disaster recovery and business
continuity plans for high risk high exposure vendor relationships
 Identify and communicate departmental vendor risk issues and
 Other
FLSA Status:
Job Grade / ID / Date:
Layer Number/Level:
Location:
Status:
Exempt
S18 / FN-0691/ April 2014
N/A / Individual Contributor
Corporate Office – Dayton
Full-time
Education / Experience:






Required Competencies /
Knowledge / Skills:









Licensure / Certification:
Bachelor degree in business or related field or equivalent
years of experience is required
Minimum of 5+ years related work experience in vendor
management or vendor risk management is required
Comprehensive knowledge of applicable concepts and
methodologies such as continuous quality improvement and
auditing experience
Extensive working experience in Business Risk Management,
Operational Risk, Internal Audit, and/or Controls related
function within the health care industry preferred
Familiar with industry compliance standards as they relate to
Software as a Service, such as ISO27001, SOC1 (SSAE16) and
SOC2
Understanding of governance structures used to manage
vendor risk programs and vendor mitigation and oversight
Advanced computer skills including Microsoft Office suite
and other business related software systems
Knowledge of the healthcare industry
Skills in influencing others to assess and monitor vendor risk
and follow vendor risk management policy
Ability to manage various complex projects and processes to
completion
Excellent writing and communication skills; able to translate
technical concepts into layperson’s terms and interface with
upper-level management including Legal Counsel and
Corporate Compliance
Ability to influence change in corporate understanding and
adoption of vendor management concepts
Proven solid analytical and problem solving skills.
Excellent ability to work effectively with peers, IT
management and staff, and internal/external business
partners/clients
Able to deal with ambiguity - integrate, prioritize and rollout
programs without clearly defined guideline
 CRMA and/or CISA preferred






Key Decision Rights:
Cross Functional
Interactions:




compliance problems that have not been adequately addressed; offer
reasonable solutions, and assist them with efforts to come into
compliance
Work with Strategic Sourcing, Business Owners, SME to monitor and
close all action items from internal/ external EVM audit (IA, CMS, ODM,
KDMS, NCQA, URAC) findings
Perform data analytics & reporting activities. Provide & maintain vendor
risk reporting mechanisms, and track and report outcomes from vendor
management activities. Collect, organize, and distribute reports &
documents & recommend enhancements to reporting & audit tools
Analyze, update, and modify procedures and processes to identify and
continuously implement vendor risk management process improvements
Stay informed about the latest developments in the vendor risk
management field
Serve as the subject matter expert in interpreting requirements and
improve awareness of Operational Risks faced by Business from vendor
failure/poor performance and work with Strategic
Sourcing/Legal/Business to mitigate any losses through vendor
compensation achieved through establishment of robust contracts
Perform any other job related instructions, as requested, with reasonable
accommodation
Accountability:

Working Conditions:
 General office environment; may be required to sit/stand for
long periods of time
The statements contained herein describe the essential functions of this position and is not an all-inclusive listing of work requirements. Individuals may perform other duties as assigned, subject to reasonable accommodation.
Confidential and Proprietary