Information Security Risk and Governance Specialist, Principal

Your Role

The Technology and Data Trust Assurance Services team drives BSC information security adherence to regulatory standards, as well as policies, standards, and controls development, with the goal of safeguarding company assets and maintaining and securing the confidentiality, integrity, and availability of Blue Shield of California information assets. The Information Risk Governance Specialist, Principal will report to the Director, Technical Risk and External Assurance. In this role you will provide subject matter expertise, thought leadership, guidance, and best practice support across security, artificial intelligence (AI), and governance risk management functions.  You will drive processes for data and technical security governance frameworks like COBIT, ensuring clear accountability for key stakeholders and stewards of Blue Shield of California technology and data assets.  You will develop relationships across Blue Shield of California and Stellarus, supporting executive leadership committee activities, developing and maturing governance committee processes and outcomes.   Our leadership model is about developing great leaders at all levels and creating opportunities for our people to grow – personally, professionally, and financially. We are looking for leaders that are energized by creative and critical thinking, building and sustaining high-performing teams, getting results the right way, and fostering continuous learning.

Your Work

In This Role, You Will:

• Provide subject matter expertise, thought leadership, guidance, best practice and support across security and governance risk management functions. 
• Drive processes for data governance frameworks, with a focus on improvement of data sharing and trust through modifications to organization behavior, policies and standards, governance metrics, processes, and related tools.
• Lead the data governance function and ensure clear accountability for key stakeholders and stewards of the company's principal data assets.
• Create and maintain data governance policies, playbook(s), processes, and procedures for guiding various data management processes, including the adoption of data security and privacy, data sharing practices, and data dissemination activities.
• Perform impact analysis of regulatory, business, corrective action plans, and system changes on the Information Risk Governance program, respective data domains and relevant data governance policies and procedures within the context of information security and privacy.
• Responsible for preparing materials for regular core team and key governance forums (e.g., Information Exchange Steering Committee to review progress and initiatives with key constituents.
• Create relationships within Blue Shield to understand business requirements and work with them to accomplish those requirements within the security framework, ensuring accountability with governance requirements 
• Manage and escalate roadblocks that may jeopardize progress
• Contribute to the development of goals for the department and planning efforts (budgets, operational plans, etc.)
• Responsible for making moderate to significant improvements of processes, systems, and services to enhance performance of job area
• Manage complex IT governance activities ensuring successful delivery 

Your Knowledge and Experience

• Requires a bachelor’s degree or equivalent experience 
• Requires at least 10 years of relevant experience, including a solid understanding of AI technology and models and associated security risks 
• Requires knowledge and experience with Information Security governance frameworks, such as Proven experience as an Information security governance, compliance and/or risk manager and knowledge of various information security governance and control frameworks such as NIST, HITRUST, and COBIT.  Experience and knowledge of the U.S. Department of Health and Human Services Health Insurance Portability and Accountability Act Security Rule and Privacy Rule preferred.
• CISSP, CRISC, CISM, CISA or similar certification is strongly preferred
• Significant experience leading large, complex, enterprise-wide products and system implementations that have strategic importance to the organization
• Ability to understand internal and external drivers for changes to data governance policies
• Problem-solving and critical-thinking skills to recognize and comprehend complex issues, policies, regulatory requirements, and industry information affecting the business environment
• Experience managing enterprise data governance and data sharing functions strongly preferred