Apply on Employer Site

Blue Shield of California · 1 week ago

Information Security Risk & Governance Specialist, Principal (Third party Risk)

El Dorado Hills, CA, United States

Full-time

Hybrid

Senior Level, Lead/Staff

$165K/yr - $247K/yr

10+ years exp

Blue Shield of California is seeking an Information Security Risk & Governance Specialist within the Stellarus team. This senior-level role focuses on leading the development and oversight of the Third-Party Risk Management program to identify, assess, and mitigate risks associated with third-party relationships.

Financial ServicesHealth InsuranceNon Profit

No H1B

Responsibilities

Design and implement a robust Third-Party Risk Management (TPRM) Program using tailored to healthcare regulatory and health technology requirements

Develop and maintain policies, procedures, and standards for third-party risk oversight

Establish governance structures and reporting mechanisms to ensure transparency and accountability

Implement and conduct comprehensive risk assessments for new and existing third-party vendors, focusing on cybersecurity, data privacy, financial stability, and operational resilience

Collaborate with procurement, legal, compliance, and business units to ensure thorough due diligence and contract risk mitigation

Define and maintain risk tiers and criticality ratings for vendors

Develop and support contract reviews for security exhibits

Implement and lead process for responding to IT and security questionnaires (sales, etc.)

Implement continuous monitoring processes for high-risk and critical vendors

Track and manage remediation activities for identified risks and control gaps

Maintain a centralized inventory and reporting of third-party relationships and associated risk profiles

Conduct third-party outreaches for incidents

Prepare documentation and evidence for internal audits, regulatory exams, and board-level reporting

Monitor changes in regulatory requirements and adjust program components accordingly

Serve as a subject matter expert and advisor to internal teams on third-party risk topics

Develop and deliver training programs to increase awareness and accountability across the organization

Facilitate cross-functional collaboration to enhance risk visibility and response

Evaluate and implement third-party risk management platforms and tools

Drive automation and process improvements to enhance program efficiency and scalability

Qualification

Third-Party Risk ManagementIT control frameworksRegulatory complianceAnalytical skillsCRISCCISMCISACISSPProject managementAgile methodologyJIRACommunication skillsTeam playerOrganizational skills

Required

Requires a bachelor's degree or equivalent experience

Requires at least 10 years of prior relevant experience

Experience in portfolio management, preferably within an Agile or SAFe environment, JIRA experience a plus

Experience partnering with all levels of management required

Driven, energetic, team player with superior oral and written communication skills

Strong analytical, organizational, and project management skills

Requires deep understanding of IT control frameworks; Artificial Intelligence experience is a plus

Desire one or more of the following: CRISC (Certified in Risk and Information Systems Control), CISM (Certified Information Security Manager), CISA (Certified Information Systems Auditor), CISSP (Certified Information Systems Security Professional)