Information Security Risk and Governance Specialist, Senior at Blue Shield of California

El Dorado Hills, California, United States -

Full Time

Start Date

Immediate

Expiry Date

27 Aug, 26

Salary

173848.0

Posted On

29 May, 26

Experience

5 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

SOC 2 Compliance, PCI-DSS Compliance, NIST CSF, AI Governance, Technology Risk Assessment, IT Project Management, COBIT, Information Security Awareness, Risk Reporting, Ticketing Systems, Microsoft Office, Critical Thinking, Interpersonal Communication, Problem Solving, Technical Writing, Stakeholder Management

Industry

Hospitals and Health Care

Description

Your Role The Technology and Data Trust Assurance Services team drives BSC technology and information security adherence to regulatory standards, as well as policies, standards, and controls development, with the goal of evaluating, directing and monitoring IT vendor performance, while safeguarding company assets and maintaining and securing the confidentiality, integrity, and availability of Blue Shield of California data. The Technology Risk and External Assurance program runs technology governance forums including the Artificial Intelligence (AI) Governance function and manages technology risk from identification to risk consequence management for BSC. The Information Security Risk & Governance Specialist, Senior will report to the Senior Manager, Technology External Assurance. In this role, you will be a key individual contributor to the Technology Risk and External Assurance team and Blue Shield’s overall strategy and goals by providing consistent, coordinated SOC 2 and PCI-DSS audit and compliance support, information security oversight including NIST CSF maturity assessments, AI governance and technology risk assessment support, and risk reporting in partnership with leaders, stakeholders, and Stellarus. About Blue Shield of California and the Ascendiun Family of Companies As of January 2025, Blue Shield of California became a subsidiary of Ascendiun. Ascendiun is a nonprofit corporate entity that is the parent to a family of organizations including Blue Shield of California and its subsidiary, Blue Shield of California Promise Health Plan; Altais, a clinical services company; and Stellarus, a company designed to scale healthcare solutions. Together, these organizations are referred to as the Ascendiun Family of Companies. At Ascendiun, we believe in a brighter future for healthcare. As the parent to a family of four innovative healthcare companies, we’re reimagining what’s possible. Ascendiun is guided by the goal of transforming a dysfunctional American health care system into one worthy of our family and friends and sustainably affordable for everyone. To achieve our mission, we foster an environment where all employees can thrive and contribute fully to address the needs of the various communities we serve. We are committed to creating and maintaining a supportive workplace that upholds our values and advances our goals. Our Values: * Honest. We hold ourselves to the highest ethical and integrity standards. We build trust by doing what we say we're going to do and by acknowledging and correcting where we fall short. * Human. We strive to listen and communicate effectively, and showing empathy by understanding others’ perspectives. * Courageous. We stand up for what we believe in and are committed to the hard work necessary to achieve our ambitious goals. Our Workplace Model: We believe in fostering a workplace environment that balances purposeful in-person collaboration with flexibility - providing clear expectations while respecting the diverse needs of our workforce. Our workplace model is designed around intentional in-person interaction, collaboration, connection, creativity and flexibility: * For most teams, this means coming into the office two days per week. * Employees living more than 50 miles from an office location, out of state employees, and employees in certain member-facing roles should work with their manager to determine in-office time based on business need. * For employees with medical conditions that may impact their ability to work in-office, we are committed to engaging in an interactive process and providing reasonable accommodations to ensure their work environment is conducive to their success and well-being. The Company reserves the right to require more presence in the office based on business needs, and requirements are subject to change with periodic reviews. Physical Requirements: Office Environment - roles involving part to full time schedule in Office Environment. Based in our physical offices and work from home office/deskwork - Activity level: Sedentary, frequency most of work day. Please click here for further physical requirement detail. [https://www.blueshieldca.com/physical-job-requirements] Equal Employment Opportunity: External hires must pass a background check/drug screen. Qualified applicants with arrest records and/or conviction records will be considered for employment in a manner consistent with Federal, State and local laws, including but not limited to the San Francisco Fair Chance Ordinance. All qualified applicants will receive consideration for employment without regards to race, color, religion, sex, national origin, sexual orientation, gender identity, protected veteran status or disability status and any other classification protected by Federal, State and local laws.

Responsibilities

The role involves providing SOC 2 and PCI-DSS audit support and conducting NIST CSF maturity assessments. It also focuses on AI governance, technology risk assessments, and risk reporting to safeguard company data assets.