Blue Shield of California · 22 hours ago
Information Security Risk & Governance Specialist, Principal (Third party Risk)
California, United States
Full-time
Hybrid
Senior Level, Lead/Staff
10+ years expBlue Shield of California is part of the Ascendiun Family of Companies, seeking an Information Security Risk & Governance Specialist to lead the Third-Party Risk Management program. This role involves assessing and mitigating risks associated with third-party relationships while ensuring compliance with regulatory requirements.
Financial ServicesHealth InsuranceNon Profit
Responsibilities
Design and implement a robust Third-Party Risk Management (TPRM) Program using tailored to healthcare regulatory and health technology requirements
Develop and maintain policies, procedures, and standards for third-party risk oversight
Establish governance structures and reporting mechanisms to ensure transparency and accountability
Implement and conduct comprehensive risk assessments for new and existing third-party vendors, focusing on cybersecurity, data privacy, financial stability, and operational resilience
Collaborate with procurement, legal, compliance, and business units to ensure thorough due diligence and contract risk mitigation
Define and maintain risk tiers and criticality ratings for vendors
Develop and support contract reviews for security exhibits
Implement and lead process for responding to IT and security questionnaires (sales, etc.)
Implement continuous monitoring processes for high-risk and critical vendors
Track and manage remediation activities for identified risks and control gaps
Maintain a centralized inventory and reporting of third-party relationships and associated risk profiles
Conduct third-party outreaches for incidents
Prepare documentation and evidence for internal audits, regulatory exams, and board-level reporting
Monitor changes in regulatory requirements and adjust program components accordingly
Serve as a subject matter expert and advisor to internal teams on third-party risk topics
Develop and deliver training programs to increase awareness and accountability across the organization
Facilitate cross-functional collaboration to enhance risk visibility and response
Evaluate and implement third-party risk management platforms and tools
Drive automation and process improvements to enhance program efficiency and scalability
Qualification
Required
Requires a bachelor's degree or equivalent experience
Requires at least 10 years of prior relevant experience
Experience in portfolio management, preferably within an Agile or SAFe environment, JIRA experience a plus
Experience partnering with all levels of management required
Driven, energetic, team player with superior oral and written communication skills
Strong analytical, organizational, and project management skills
Requires deep understanding of IT control frameworks; Artificial Intelligence experience is a plus
Preferred
Desire one or more of the following: CRISC (Certified in Risk and Information Systems Control), CISM (Certified Information Security Manager), CISA (Certified Information Systems Auditor), CISSP (Certified Information Systems Security Professional)
Company
Blue Shield of California
Blue Shield of California is a health insurance service provider.
5001-10000 employees
H1B Sponsorship
Blue Shield of California has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2023 (1)
2022 (41)
2021 (20)
2020 (31)
Funding
Current Stage
Late StageLeadership Team
Gary Culp
Senior Vice President, Government Markets
Gregory Siebert
Senior Vice President Provider Partnerships & Network Management
Recent News
Fierce Healthcare
2025-12-15
Company data provided by crunchbase