OaklandRecruiter Since 2001
the smart solution for Oakland jobs

Information Security Risk and Governance Specialist, Principal

Company: Blue Shield of California
Location: Oakland
Posted on: June 6, 2021

Job Description:

Job Summary

The Information Security Compliance (Principal) position will drive BSC information security adherence to regulatory standards, as well as policies, standards and controls development, with the goal of safeguarding company assets and maintaining confidentiality, integrity and availability of information. The Principal for Information Security Compliance is a senior subject matter expert role in monitoring and guiding implementation and assessment of appropriate security controls and regulatory requirements, as well as developing an information security compliance program within IT Data & Analytics. The Principal for Information Security Compliance function shall be well-versed in information security governance, risk and compliance (GRC) best practices.

This is a change agent position. We are seeking breadth/depth of experience as a recognized expert, delivering business value and meeting commitments, operating across a matrixed environment, able to manage ambiguity and to reach understanding and gain commitment to act. A focus on successful execution/delivery of outcomes and a track record for driving change are both critical for this role.

BSC recognizes that data and analytics are crucial, strategic, organizational assets and therefore we must invest appropriate levels of resources into the support, delivery and management of these critical services and the IT systems that underpin them.

BSC IT is "on a journey" increasing maturity within its IT functions. This principal position has responsibility within the Data & Analytics division of the IT organization for maturing the compliance function and ensuring alignment with regulations, policies and control standards.


  • Develop or enhance information security compliance objectives aligned with best practices and information security frameworks
  • Formally document, develop and oversee control systems to prevent or deal with violations of legal guidelines and internal policies
  • Make improvements and modifications to operating controls to protect information and assets
  • Evaluate existing controls library to identify compliance risk
  • Communicate and collaborate with corporate counsels, privacy, legal, enterprise risk management, HR departments and external customers or vendors to monitor compliance enforcement of standards and regulations
  • Consult with and review the work of team members to accomplish operational plans and results within schedule and budget
  • Influence decisions which are usually more project and operationally oriented and explain policies, standards, practices and procedures of the job area/department to others within the organization
  • Prepare reports for senior management and external regulatory bodies as appropriate
  • Bachelor's degree in Computer Science, Engineering or related field or equivalent work experience
  • CISSP, CRISC, CISM preferred and/or an expert in the field of Information Security Management System (ISMS), Governance, Controls and Compliance Management

Knowledge and Experience

  • College degree or equivalent experience and minimum 7 years prior relevant experience
  • Solid understanding of healthcare information security governance, risk, and compliance practices
  • Deep functional expertise in the area of information security compliance functions
  • Knowledge of risk assessment, control, and industry compliance standards and regulations
  • Intimate understanding of data privacy, confidentiality, integrity, availability and security concepts and compliance best practices
  • Proven experience as an Information security governance, compliance and/or risk expert and knowledge of various information security governance and control frameworks such as NIST, ISO, HiTrust, PCI-DSS and HIPAA, SOC 1,2 requirements is a must
  • An analytical mind able to "see" the complexities of procedures and regulations and with problem solving and systems thinking aptitude
  • Practical knowledge in leading and managing the execution of process, projects and tactics within an area
  • Advanced knowledge and skills including technical or functional expertise, business acumen and financial analysis skills, risk management, critical-thinking, decision-making and delegation skills
  • Excellent communication and presentation skills at executive level
  • Familiarity with security regulations in compliance legislation and other directives including HIPAA, PCI, Sarbanes-Oxley/Model Audit Rule
  • Demonstrate personal commitment to change through actions and words, and mobilize others to support change through times of stress and uncertainty
  • Foster a team culture of continuous improvement, mentoring and learning, data driven decisions, and accountability for delivery of key metrics and deliverables
  • Break down raw information and undefined problems into specific, workable components that in-turn clearly identify the issue at hand
  • Make logical conclusions, anticipate obstacles and consider different approaches that are relevant to the decision-making process
  • Improve organizational performance though the application of original thinking to existing and emerging methods, processes, products and services

Additional Information

  • About Company: At Blue Shield of California we are parents, leader, students, visionaries, heroes, and providers. Everyday we come together striving to fulfill our mission, to ensure all Californians have access to high-quality health care at a sustainably affordable price. For more than 80 years, Blue Shield of California has been dedicated to transforming health care by making it more accessible, cost-effective, and customer-centric. We are a not-for-profit, independent member of the Blue Cross Blue Shield Association with 6,800 employees, more than $20 billion in annual revenue and 4.3 million members. The company has contributed more than $500 million to Blue Shield of California Foundation since 2002 to have a positive impact on California communities. Blue Shield of California is headquartered in Oakland, California with 18 additional locations including Sacramento, Los Angeles, and San Diego. We're excited to share Blue Shield of California has received awards and recognition for - LGBT diversity, quality improvement, most influential women in corporate America, Bay Area's top companies in volunteering & giving, and one of the world's most ethical companies. Here at Blue Shield of California, we're striving to make a positive change across our industry and the communities we live in - Join us!
  • Physical Requirements:

Office Environment - roles involving part to full time schedule in Office Environment. Based in our physical offices and work from home office/deskwork - Activity level: Sedentary, frequency most of work day.

Please click here for further physical requirement detail.

  • EEO Footer: External hires must pass a background check/drug screen. Qualified applicants with arrest records and/or conviction records will be considered for employment in a manner consistent with Federal, State and local laws, including but not limited to the San Francisco Fair Chance Ordinance. All qualified applicants will receive consideration for employment without regards to race, color, religion, sex, national origin, sexual orientation, gender identity, protected veteran status or disability status and any other classification protected by Federal, State and local laws.
  • Requisition ID: 21001PQ
  • Posting Date: May 21, 2021
  • Schedule: Full-time

Keywords: Blue Shield of California, Oakland , Information Security Risk and Governance Specialist, Principal, Other , Oakland, California

Click here to apply!

Didn't find what you're looking for? Search again!

I'm looking for
in category

Log In or Create An Account

Get the latest California jobs by following @recnetCA on Twitter!

Oakland RSS job feeds