Apply on Employer Site

Blue Shield of California · 1 day ago

Information Security Risk and Governance Specialist, Principal (IT Regulatory Assurance)

California, United States

Full-time

Hybrid

Senior Level, Lead/Staff

10+ years exp

Blue Shield of California is seeking an Information Security Risk & Governance Specialist to lead regulatory compliance initiatives across the organization. This role involves overseeing assessments and audits related to HIPAA, PCI-DSS, SOC 2, and ensuring the organization maintains a strong security posture and meets all regulatory obligations.

Financial ServicesHealth InsuranceNon Profit

H1B Sponsor Likely

Responsibilities

Serve as the primary point of contact for external audits, assessments, and regulatory inquiries

Develop and maintain compliance documentation, including policies, procedures, control matrices, and evidence repositories

Build plan and lead required assessments to comply with mandates and certifications (HIPAA, PCI DSS, SOC II, Type 2, etc.)

Conduct internal gap analyses and risk assessments to identify areas of non-compliance or control weaknesses

Track and report on audit findings, remediation efforts, and compliance status to senior leadership

Partner with teams across the enterprise to ensure alignment with regulatory requirements and enterprise risk objectives

Provide subject matter expertise during product development, vendor onboarding, and system implementations to ensure compliance is embedded in processes

Partner to maintain and enhance internal control frameworks aligned with regulatory standards and industry best practices (e.g., NIST, HITRUST, ISO 27001)

Partner to ensure policies and procedures are up-to-date and reflect current regulatory expectations and organizational practices

Implement continuous monitoring processes for key compliance controls, findings and mitigation plans

Prepare and present compliance metrics, dashboards, and executive summaries to leadership and governance committees

Qualification

HIPAA compliancePCI-DSS complianceSOC 2 complianceIT control frameworksCRISC certificationCISM certificationCISA certificationCISSP certificationAgile methodologyAnalytical skillsProject managementCommunication skillsTeam player

Required

Requires a bachelor's degree or equivalent experience

Requires at least 10 years of prior relevant experience

Experience in portfolio management, preferably within an Agile or SAFe environment, JIRA experience a plus

Experience partnering with all levels of management required

Driven, energetic, team player with superior oral and written communication skills

Strong analytical, organizational, and project management skills

Requires deep understanding of IT control frameworks; Artificial Intelligence Risk Management Framework is strongly preferred

Desire one or more of the following: CRISC (Certified in Risk and Information Systems Control), CISM (Certified Information Security Manager), CISA (Certified Information Systems Auditor), CISSP (Certified Information Systems Security Professional)

Company

Blue Shield of California

Glassdoor3.8

Blue Shield of California is a health insurance service provider.

Founded in 1939

San Francisco, California, USA

5001-10000 employees

https://www.blueshieldca.com

H1B Sponsorship

Blue Shield of California has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)

Distribution of Different Job Fields Receiving Sponsorship

Represents job field similar to this job

Trends of Total Sponsorships

2023 (1)

2022 (41)

2021 (20)

2020 (31)