Blue Shield of California · 23 hours ago
Sr. Director, GRC and Customer Trust
Oakland, CA, United States
Full-time
Hybrid
Lead/Staff, Director/Executive
$240K/yr - $359K/yr
12+ years expBlue Shield of California is seeking a Sr. Director of GRC and Customer Trust to lead strategic security initiatives. This role involves governing technical controls, managing regulatory security assessments, and ensuring organizational resiliency while fostering customer trust through compliance programs.
Financial ServicesHealth InsuranceNon Profit
No H1B
Responsibilities
Lead Customer, External Assurance, and IT Risk Assurance teams with clear strategy and governance
Oversee all regulatory and customer technical assessments (PCI DSS, HIPAA, SOC 2, NIST CSF)
Ensure accurate, audit‑ready technical security documentation and timely responses to regulators, partners, and customers
Drive the full assessment lifecycle, including industry research and regulatory change management
Represent the organization at industry forums, elevating assessment and risk practices
Manage the Governance, Risk & Compliance (GRC) function and oversee enterprise controls design and effectiveness
Lead vendor security risk management and ensure compliance with regulatory, contractual, and cyber‑insurance requirements
Oversee IT compliance programs across HIPAA, PCI, NIST 800‑53, HITRUST, SOC 2 Type II, ISO 27001, and state laws
Implement compliance‑by‑design processes across technology and business platforms
Use data‑driven insights, KPIs, KRIs, and risk quantification to inform priorities and executive decision‑making
Primary interface for customer GRC requests
Design the Stellarus Trust Center platform for customer engagement
Centralize and automate customer self-service access to Stellarus security, privacy, and compliance information
Provide real-time customer access to approved security artifacts and key updates
Design governance models that support agile and DevSecOps delivery while meeting healthcare compliance
Translate regulatory and security requirements into clear, actionable controls for product teams
Partner with Technology and Security to embed automated safeguards (logging, monitoring, access controls)
Maintain continuous audit readiness for regulatory audits and customer security reviews
Lead the Technical Controls and Resiliency Assurance teams with a unified vision for enterprise safeguards
Oversee technical control frameworks, business continuity plans, and incident response integration (e.g., Stellarus)
Guide technical continuity lifecycle activities, ensuring seamless risk mitigation across platforms
Advance innovation to strengthen resiliency, control effectiveness, and operational excellence
Serve as a strategic advisor to Product, IT, Operations, and Legal leaders
Champion secure‑by‑default and risk‑informed product development
Mentor and develop GRC and IT Risk talent across direct and matrixed teams
Identify systemic risks and drive opportunities to streamline and strengthen enterprise controls
Deliver clear, actionable risk insights to executives and governance committees
Qualification
Required
Requires a Bachelor's degree in Business, Finance, Economics, Public Health, or Information Technology
Minimum of one industry applicable security and risk or compliance certifications (CRISC, CISSP, CISM, CISA, etc) required
Requires at least 12 years of experience in IT Risk Management, Management Consulting, Technology Strategy or IT Compliance
Requires at least 6 years of people management experience
Proven experience in technology risk and compliance management, preferably in the healthcare industry, with the ability to coordinate cross functional teams of IT professionals, business executives, and other key stakeholders towards common goals and objectives
Strong leadership skills with the ability to inspire and motivate a high-performing team
Proven ability to provide a strategic vision for a rapidly evolving organization
Excellent communication and collaboration skills, with a track record of successful cross-functional partnerships
Deep understanding of the technology landscape and emerging trends in technical security and industry regulatory compliance
Strategic thinker with the ability to translate complex concepts into actionable plans
Strong “hands-on” leadership style with the capability to get into the weeds with the team in problem solving and project execution
Ability to manage and fulfill a broad spectrum of the organization's needs – from baseline, tactical to strategic in nature
Effective technical ability to develop and analyze options, recommend solutions, and solve complex issues
Excellent communication skills, ability to present and translate highly technical capabilities to business leaders in a way to gain understanding and to conceptualize business value, ability to recognize strategic opportunities and use data to make timely and sound decisions
Excellent analytical, strategic conceptual thinking, strategic planning, and execution skills
Strong business acumen, including industry, domain-specific knowledge of the enterprise and its business units
Company
Blue Shield of California
Blue Shield of California is a health insurance service provider.
5001-10000 employees
Funding
Current Stage
Late StageLeadership Team
Gary Culp
Senior Vice President, Government Markets
Gregory Siebert
Senior Vice President Provider Partnerships & Network Management
Recent News
2026-01-13
Fierce Healthcare
2025-12-15
Company data provided by crunchbase