Information Security Risk and Governance Specialist, Consultant

Blue Cross and Blue Shield Association

Rancho Cordova, CA

JOB DETAILS
SKILLS
Artificial Intelligence (AI), Biotech and Pharmaceutical, CEH - Certified Ethical Hacker, Communication Skills, Computer Security, Consulting, Cross-Functional, Customer Experience, Customer Support/Service, Healthcare, Information/Data Security (InfoSec), Leadership, Legal, Performance Analysis, Presentation/Verbal Skills, Regulatory Compliance, Reporting Skills, Risk, Risk Analysis, Risk Management, Risk Management Framework (RMF), Security Analysis, Security Monitoring, Standards Development, Technical Leadership, Technology Analysis, Vendor/Supplier Evaluation
LOCATION
Rancho Cordova, CA
POSTED
5 days ago

Your Role

The Technology and Data Trust Assurance Services team drives BSC technology and information security adherence to regulatory standards, as well as policies, standards, and controls development, with the goal of evaluating, directing and monitoring IT vendor performance, while safeguarding company assets and maintaining and securing the confidentiality, integrity, and availability of Blue Shield of California data. The Technology Risk and External Assurance program runs technology governance forums and manages technology risk from identification to risk consequence management for BSC. The Information Security Risk & Governance Specialist, Consultant will report to the Senior Manager, Technology Risk Assurance. In this role, you will be a key individual contributor to the Technology Risk and External Assurance team and Blue Shield's overall strategy and goals by providing consistent, coordinated technology governance, information security oversight, AI governance, technology risk assessment, and risk reporting in partnership with leaders, stakeholders, and Stellarus.

Your Knowledge and Experience

  • Requires a bachelor''s degree or equivalent experience

  • Requires at least 7 years of prior relevant experience

  • Previous experience working in the healthcare, pharmaceutical, biotechnology or related services industry is required

  • CISSP-ISSAP preferred

  • Red team experience preferred

  • Certified Ethical Hacker preferred

  • Knowledge of various information technology governance and control frameworks and industry standards such as COBIT, COSO, ITIL, PMBOK, HIPAA, and NIST are required

  • Knowledge of Artificial Intelligence (AI) governance and monitoring practices is preferred

  • Demonstrated experience as a governance, risk and compliance (GRC) expert is required

  • Requires business acumen, strategic thinking, financial analytical skills, and decision-making skills

  • Excellent communication and presentation skills at every level including executives is required

  • Experience working with healthcare partner and vendor contracts and understanding of the key components of basic agreements and how legal terms impact business terms and vice versa is preferred.

Hybrid

This role requires employees to be in - office based on our hybrid workplace model, balancing purposeful in - person collaboration with flexibility. For most teams, this means coming into the office two days each week.

Employees living more than 50 miles from an office location will work with their manager to determine in-office time based on business need.

#LI-CP4

Your Work

In this role, you will:

  • Participate in technology risk governance activities (e.g., committees, presentation preparations, training and awareness, etc.)

  • Develop and implement technology governance programs, including technical performance oversight, AI governance, and data exchange and third-party risk governance that will help BSC understand its inherent and residual risk exposure

  • Assess AI tools, techniques, and procedures to enhance AI risk management capabilities throughout the company

  • Implement strategic goals established by BSC leadership

  • Be responsible for third-party security risk assessment activities ensuring Blue Shield's data is stored, transmitted, and processed in a secure manner

  • Enhance and conduct training and awareness activities to business teams and applicable third parties

  • Partner with cross functional operational business partners including Customer Experience, Customer Care, Markets, Health Solutions and Enterprise Risk Management to operationalize and socialize the IT risk management framework and program and to identify shifts in the organization''s implicit risk appetite.

  • Lead and support the development of reporting processes to communicate progress of in-flight initiatives, risks and planned initiatives to senior executives and stakeholders in other business units

Your Work

In this role, you will:

  • Participate in technology risk governance activities (e.g., committees, presentation preparations, training and awareness, etc.)

  • Develop and implement technology governance programs, including technical performance oversight, AI governance, and data exchange and third-party risk governance that will help BSC understand its inherent and residual risk exposure

  • Assess AI tools, techniques, and procedures to enhance AI risk management capabilities throughout the company

  • Implement strategic goals established by BSC leadership

  • Be responsible for third-party security risk assessment activities ensuring Blue Shield's data is stored, transmitted, and processed in a secure manner

  • Enhance and conduct training and awareness activities to business teams and applicable third parties

  • Partner with cross functional operational business partners including Customer Experience, Customer Care, Markets, Health Solutions and Enterprise Risk Management to operationalize and socialize the IT risk management framework and program and to identify shifts in the organization''s implicit risk appetite.

  • Lead and support the development of reporting processes to communicate progress of in-flight initiatives, risks and planned initiatives to senior executives and stakeholders in other business units

About the Company

B

Blue Cross and Blue Shield Association

At the Blue Cross and Blue Shield Association (BCBSA), we provide business strategy, technical support and consulting expertise to 36 Blue Cross and Blue Shield companies across the nation, employing more than 1,000 of the best strategic thinkers in the industry. We are a Brand manager that sets quality control standards for the 36 independent companies that use the Blue Cross and Blue Shield Brands, and we serve as a trade association that represents these Blue companies. It is through our involvement that the Blues companies share a united vision and strategy while also benefiting from the local strength of all member companies.
COMPANY SIZE
2,000 to 2,499 employees
INDUSTRY
Insurance
WEBSITE
https://www.bcbs.com/about-us/careers