Apply on Employer Site

Blue Shield of California · 1 week ago

Information Security Risk and Governance Specialist, Principal (IT Regulatory Assurance)

El Dorado Hills, CA, United States

Full-time

Hybrid

Senior Level, Lead/Staff

$165K/yr - $247K/yr

10+ years exp

Blue Shield of California is seeking a Principal Information Security Risk and Governance Specialist to support Stellarus within the Ascendiun Family of Companies. This role involves leading regulatory compliance initiatives, overseeing assessments and audits related to healthcare and technology standards, and ensuring the organization maintains a strong security posture.

Financial ServicesHealth InsuranceNon Profit

No H1B

Responsibilities

Serve as the primary point of contact for external audits, assessments, and regulatory inquiries

Develop and maintain compliance documentation, including policies, procedures, control matrices, and evidence repositories

Build plan and lead required assessments to comply with mandates and certifications (HIPAA, PCI DSS, SOC II, Type 2, etc.)

Conduct internal gap analyses and risk assessments to identify areas of non-compliance or control weaknesses

Track and report on audit findings, remediation efforts, and compliance status to senior leadership

Partner with teams across the enterprise to ensure alignment with regulatory requirements and enterprise risk objectives

Provide subject matter expertise during product development, vendor onboarding, and system implementations to ensure compliance is embedded in processes

Partner to maintain and enhance internal control frameworks aligned with regulatory standards and industry best practices (e.g., NIST, HITRUST, ISO 27001)

Partner to ensure policies and procedures are up-to-date and reflect current regulatory expectations and organizational practices

Implement continuous monitoring processes for key compliance controls, findings and mitigation plans

Prepare and present compliance metrics, dashboards, and executive summaries to leadership and governance committees

Qualification

HIPAAPCI DSSSOC 2IT control frameworksCRISCCISMCISACISSPAgileSAFeJIRAAnalytical skillsCommunication skillsProject management

Required

Requires a bachelor's degree or equivalent experience

Requires at least 10 years of prior relevant experience

Experience in portfolio management, preferably within an Agile or SAFe environment, JIRA experience a plus

Experience partnering with all levels of management required

Driven, energetic, team player with superior oral and written communication skills

Strong analytical, organizational, and project management skills

Requires deep understanding of IT control frameworks; Artificial Intelligence Risk Management Framework is strongly preferred

Preferred

Desire one or more of the following: CRISC (Certified in Risk and Information Systems Control), CISM (Certified Information Security Manager), CISA (Certified Information Systems Auditor), CISSP (Certified Information Systems Security Professional)