Posted in Other 30+ days ago.
Location: San Francisco, California
Blue Shield of California's mission is to ensure all Californians have access to high-quality health care at a sustainably affordable price. We are transforming health care in a way that truly serves our nonprofit mission by lowering costs, improving quality, and enhancing the member and physician experience.
To fulfill our mission, we must ensure a diverse, equitable, and inclusive environment where all employees can be their authentic selves and fully contribute to meet the needs of the multifaceted communities we serve. Our comprehensive approach to diversity, equity, and inclusion combines a focus on our people, processes, and systems with a deep commitment to promoting social justice and health equity through our products, business practices, and presence as a corporate citizen.
Blue Shield has received awards and recognition for being a certified Great Place to Work, best place to work for LGBTQ equality, leading disability employer, one of the best companies for women to advance, Bay Area's top companies in volunteering & giving, and one of the world's most ethical companies. Here at Blue Shield of California, we are striving to make a positive change across our industry and the communities we live in - join us!
Your Role
The IT Controls Assurance team drive BSC information security adherence to regulatory standards, as well as policies, standards, and controls development, with the goal of safeguarding company assets and maintaining confidentiality, integrity, and availability of information. The Information Security Risk and Governance Specialist, Principal will report to the Senior Manager of IT Controls Assurance. In this role you will monitoring and guiding implementation and assessment of appropriate technical/security controls and regulatory requirements, as well as developing an information security compliance program within Assurance Services. The Principal is a senior subject matter expert and trusted advisor in information technology and security governance, risk and compliance best practices.
Your Work
In this role, you will:
Provide subject matter expertise, thought leadership, guidance, best practice and support across security and governance risk management functions.
Drive security risk management processes by partnering with the business and technical stakeholder
Lead the Risk Management function and maintain risk management framework
Be responsible for entire portfolio delivery as IT Security Governance industry subject matter expert
Perform highly complex security risk reviews, identify gaps in IT Security Governance capabilities, and develop security risk mitigation plan
Evaluate existing controls library to identify compliance risk
Communicate and collaborate with corporate counsels, privacy, legal, enterprise risk management, HR departments and external customers or vendors to monitor compliance enforcement of standards and regulations
Consult with and review the work of team members to accomplish operational plans and results within schedule and budget
Influence decisions which are usually more project and operationally oriented and explain policies, standards, practices, and procedures of the job area/department to others within the organization
Prepare reports for senior management and external regulatory bodies as appropriate
Your Knowledge and Experience
Requires a bachelor's degree or equivalent experience
Requires at least 10 years of prior relevant experience
CISSP, CRISC, CISM, CISA required or similar certification
Proven experience as an Information security governance, compliance and/or risk expert and knowledge of various information security governance and control frameworks such as NIST, HITRUST and PCI-DSS, HIPAA, SOC experience is required
Foster a team culture of continuous improvement, mentoring and learning, data driven decisions, and accountability for delivery of key metrics and deliverables is required
Excellent communication and presentation skills at every level including executives is required
Practical knowledge in leading and managing the execution of process, projects and tactics within an area is required
Our Values
Honest. We hold ourselves to the highest ethical and integrity standards. We build trust by doing what we say we're going to do and by acknowledging and correcting where we fall short
Human. We strive to be our authentic selves, listening and communicating effectively, and showing empathy towards others by walking in their shoes
Courageous. We stand up for what we believe in and are committed to the hard work necessary to achieve our ambitious goals
Additional Information
ATR International
|
ATR International
|
Meta
|