Sr. Manager, Compliance, Governance & Assurance

Blue Cross and Blue Shield Association

Baltimore, MD

JOB DETAILS
SKILLS
Accounting, Artificial Intelligence (AI), Auditing, Automation, Business Administration, Business Growth, CISA - Certified Information Systems Auditor, CISSP - Certified Information Systems Security Professional, Coaching, Continuous Improvement, Contract Requirements, Cross-Functional, Due Diligence, Establish Priorities, External Audit, Financial Policies, Financial Services, HIPAA (Health Insurance Portability and Accountability Act), Healthcare, ISO (International Organization for Standardization), Industry Standards, Information Technology & Information Systems, Information/Data Security (InfoSec), Internal Audit, Internet Security, Leadership, Legal, Maintain Compliance, Metrics, Monitor Regulations, Organizational Development/Management, Policy Development, Policy Evaluation, Policy Implementation, Privacy Controls, Privacy Regulations, Process Improvement, Program Control, Program Evaluation, Programming Methodologies, Project/Program Management, Psychology, Public Policy, Public/Media/Press/Analyst Relations, Regulations, Regulatory Compliance, Risk, Risk Management, Scalable System Development, Security Auditing, State Laws and Regulations, Team Lead/Manager, Test Program, Testing, Time Management
LOCATION
Baltimore, MD
POSTED
2 days ago

Your Role

The Information Security team is seeking an experienced Senior Manager, Compliance, Governance & Assurance reporting to the Senior Director, Governance, Risk & Compliance (GRC). In this role you will be responsible for maintaining and expanding the company''s certification portfolio, ensuring compliance with regulatory, contractual, and customer requirements, establishing a mature policy governance framework, and building an internal assurance function that provides proactive oversight of control design, effectiveness and compliance obligations.

Our leadership model is about developing great leaders at all levels and creating opportunities for our people to grow - personally, professionally, and financially. We are looking for leaders that are energized by creative and critical thinking, building strong partnerships across the organization, getting results the right way, and fostering a culture of accountability and continuous improvement.

Your Knowledge and Experience

Required Qualifications

  • A minimum of 8 years of progressive experience in compliance, governance, risk management, audit, assurance, or related disciplines.
  • Bachelor''s degree or higher in Business, Information Systems, Cybersecurity, Risk Management, Accounting, Finance, Public Policy, or a related field.
  • A minimum of 4 years of people leadership experience with direct responsibility for supervising, coaching, and developing team members.
  • Proven experience managing compliance programs and certification frameworks including SOC 2, ISO 27001, HIPAA, HITRUST, and similar industry standards.
  • Demonstrated experience leading audits, assessments, remediation programs, and control maturity initiatives.
  • Experience building or significantly maturing compliance, governance, assurance, or policy management programs.
  • Strong understanding of governance, risk, compliance, internal control, and audit frameworks.
  • Exceptional communication and stakeholder management skills, including experience influencing senior leadership and partnering effectively across Security, Privacy, Legal, Risk Management, Internal Audit, and business functions.
  • Demonstrated ability to influence cross-functional teams and drive organizational change in complex environments.

Preferred Qualifications

  • Master''s degree in Business Administration, Information Systems, Cybersecurity, Risk Management, or a related discipline.
  • Professional certifications such as CISA, CRISC, CISSP, CIPP, CHC, CCEP, HITRUST CCSFP, ISO 27001 Lead Auditor, ISO 27001 Lead Implementer, or equivalent.
  • Experience operating within highly regulated industries, including healthcare, financial services, or technology organizations.
  • Experience implementing governance, risk, and compliance (GRC) platforms and compliance automation capabilities.
  • Experience supporting privacy programs and privacy-related compliance requirements, including HIPAA, GDPR, and state privacy regulations.

Leadership Competencies

  • Ability to define and execute a strategic vision for compliance, governance, and assurance maturity.
  • Skilled at leading through influence across security, legal, privacy, audit, technology, and business teams.
  • Applies metrics, risk-based decision-making, and evidence-based reasoning to prioritize investments and remediation activities.
  • Thrives in fast-paced and evolving environments while maintaining operational rigor and accountability.
  • Passionate about building scalable programs, improving organizational effectiveness, and developing future leaders.
  • Acumen & Communication: Translates complex compliance and governance concepts into clear business language and builds trust with technical and non-technical stakeholders alike.

Hybrid

This role requires employees to be in-office based on our hybrid workplace model, balancing purposeful in-person collaboration with flexibility. For most teams, this means coming into the office two days each week.

Employees living more than 50 miles from an office location will work with their manager to determine in-office time based on business need.

Your Work

In this role, you will:

Compliance & Governance Leadership

  • Lead and mature the enterprise compliance program, ensuring ongoing alignment with regulatory, contractual, customer, and industry requirements.
  • Own the organization''s compliance and certification portfolio, including SOC 2, ISO 27001, HIPAA, HITRUST, and other applicable frameworks, driving audit readiness and successful certification outcomes.
  • Develop and maintain compliance and governance roadmap aligned with organizational priorities, risk management objectives, and business growth.
  • Establish and oversee governance processes, metrics, and reporting that provide leadership visibility into compliance posture, risks, and program effectiveness.
  • Monitor evolving regulatory and industry requirements and translate them into actionable governance, policy, and control improvements.

Policy Governance & Assurance

  • Establish and mature the enterprise policy governance lifecycle, including policy development, review, approval, communication, exception management, and periodic maintenance.
  • Build and operationalize a risk-based internal assurance function to evaluate compliance with policies, standards, regulatory obligations, and control requirements.
  • Define and execute assurance methodologies, testing programs, and monitoring activities to assess control effectiveness and identify opportunities for continuous improvement.
  • Develop a small, stable set of compliance and assurance health indicators that can be reported regularly to leadership.
  • Define reusable compliance and governance capabilities, including policy management processes, assurance testing frameworks, control assessment methodologies, and audit readiness programs.

Audit, Certification & Stakeholder Management

  • Partner with Internal Audit, Security, Privacy, Legal, Risk Management, and business leaders to coordinate audits, assessments, certifications, and customer due diligence activities.
  • Lead remediation governance, ensuring findings, recommendations, and observations are appropriately prioritized, tracked, and resolved in a timely manner.
  • Serve as a trusted advisor to leadership on compliance, governance, and assurance matters.
  • Build strong relationships with external auditors, assessors, regulators, customers, and other key stakeholders.
  • Leverage automation and Artificial Intelligence capabilities to improve compliance monitoring, evidence management, assurance activities, and operational efficiency.

People & Culture

  • Manage a team with focus on policy and strategy implementation.
  • Foster a culture of continuous learning, psychological safety, and security advocacy across the broader organization.

Your Work

In this role, you will:

Compliance & Governance Leadership

  • Lead and mature the enterprise compliance program, ensuring ongoing alignment with regulatory, contractual, customer, and industry requirements.
  • Own the organization''s compliance and certification portfolio, including SOC 2, ISO 27001, HIPAA, HITRUST, and other applicable frameworks, driving audit readiness and successful certification outcomes.
  • Develop and maintain compliance and governance roadmap aligned with organizational priorities, risk management objectives, and business growth.
  • Establish and oversee governance processes, metrics, and reporting that provide leadership visibility into compliance posture, risks, and program effectiveness.
  • Monitor evolving regulatory and industry requirements and translate them into actionable governance, policy, and control improvements.

Policy Governance & Assurance

  • Establish and mature the enterprise policy governance lifecycle, including policy development, review, approval, communication, exception management, and periodic maintenance.
  • Build and operationalize a risk-based internal assurance function to evaluate compliance with policies, standards, regulatory obligations, and control requirements.
  • Define and execute assurance methodologies, testing programs, and monitoring activities to assess control effectiveness and identify opportunities for continuous improvement.
  • Develop a small, stable set of compliance and assurance health indicators that can be reported regularly to leadership.
  • Define reusable compliance and governance capabilities, including policy management processes, assurance testing frameworks, control assessment methodologies, and audit readiness programs.

Audit, Certification & Stakeholder Management

  • Partner with Internal Audit, Security, Privacy, Legal, Risk Management, and business leaders to coordinate audits, assessments, certifications, and customer due diligence activities.
  • Lead remediation governance, ensuring findings, recommendations, and observations are appropriately prioritized, tracked, and resolved in a timely manner.
  • Serve as a trusted advisor to leadership on compliance, governance, and assurance matters.
  • Build strong relationships with external auditors, assessors, regulators, customers, and other key stakeholders.
  • Leverage automation and Artificial Intelligence capabilities to improve compliance monitoring, evidence management, assurance activities, and operational efficiency.

People & Culture

  • Manage a team with focus on policy and strategy implementation.
  • Foster a culture of continuous learning, psychological safety, and security advocacy across the broader organization.

About the Company

B

Blue Cross and Blue Shield Association

At the Blue Cross and Blue Shield Association (BCBSA), we provide business strategy, technical support and consulting expertise to 36 Blue Cross and Blue Shield companies across the nation, employing more than 1,000 of the best strategic thinkers in the industry. We are a Brand manager that sets quality control standards for the 36 independent companies that use the Blue Cross and Blue Shield Brands, and we serve as a trade association that represents these Blue companies. It is through our involvement that the Blues companies share a united vision and strategy while also benefiting from the local strength of all member companies.
COMPANY SIZE
2,000 to 2,499 employees
INDUSTRY
Insurance
WEBSITE
https://www.bcbs.com/about-us/careers