Information Security Risk and Governance Specialist, Consultant

Your Role The Technology and Data Trust Assurance Services team drives BSC technology and information security adherence to regulatory standards, as well as policies, standards, and controls development, with the goal of evaluating, directing and monitoring IT vendor performance, while safeguarding company assets and maintaining and securing the confidentiality, integrity, and availability of Blue Shield of California data . The Technology Risk and External Assurance program runs technology governance forums and manages technology risk from identification to risk consequence management for BSC. The Information Security Risk & Governance Specialist, Consultant will report to the Senior Manager, Technology Risk Assurance. In this role, you will be a key individual contributor to the Technology Risk and External Assurance team and Blue Shield's overall strategy and goals by providing consistent, coordinated technology governance, information security oversight, AI governance, technology risk assessment, and risk reporting in partnership with leaders, stakeholders, and Stellarus. Your Knowledge and Experience Requires a bachelor's degree or equivalent experience Requires at least 7 years of prior relevant experience Previous experience working in the healthcare, pharmaceutical, biotechnology or related services industry is required Knowledge of various information technology governance and control frameworks and industry standards such as

COBIT, COSO, ITIL, PMBOK, AICPA SOC

Trust Principles, and NIST is required Knowledge of Artificial Intelligence (AI) governance and monitoring practices is preferred Demonstrated experience as a governance, risk and compliance (GRC) expert is required Requires business acumen, strategic thinking, financial analytical skills, and decision-making skills Excellent communication and presentation skills at every level including executives is required Experience working with healthcare partners and vendor contracts and understanding of the key components of basic agreements and how legal terms impact business terms and vice versa is preferred. #LI-CP4 Your Work In this role, you will: Participate in technology risk governance activities (e.g., committees, presentation preparations, training and awareness, etc.) Develop and implement technology governance programs, including technical performance oversight, AI governance, and data exchange and third-party risk governance that will help BSC understand its inherent and residual risk exposure Assess AI tools, techniques, and procedures to enhance AI risk management capabilities throughout the company Implement strategic goals established by BSC leadership Be responsible for third-party security risk assessment activities ensuring Blue Shield's data is stored, transmitted, and processed in a secure manner Enhance and conduct training and awareness activities to business teams and applicable third parties Partner with cross functional operational business partners including Customer Experience, Customer Care, Markets, Health Solutions and Enterprise Risk Management to operationalize and socialize the IT risk management framework and program and to identify shifts in the organization's implicit risk appetite. Lead and support the development of reporting processes to communicate progress of in-flight initiatives, risks and planned initiatives to senior executives and stakeholders in other business units