Information Security Governance and Policy, Principal

Employment Type

: Full-Time


: Information Technology

At Blue Shield of California we are parents, leader, students, visionaries, heroes, and providers. Everyday we come together striving to fulfill our mission, to ensure all Californians have access to high-quality health care at a sustainably affordable price. For more than 80 years, Blue Shield of California has been dedicated to transforming health care by making it more accessible, cost-effective, and customer-centric. We are a not-for-profit, independent member of the Blue Cross Blue Shield Association with 6,800 employees, more than 20 billion in annual revenue and 4.3 million members. The company has contributed more than 500 million to Blue Shield of California Foundation since 2002 to have a positive impact on California communities. Blue Shield of California is headquartered in Oakland, California with 18 additional locations including Sacramento, Los Angeles, and San Diego. We're excited to share Blue Shield of California has received awards and recognition for - LGBT diversity, quality improvement, most influential women in corporate America, Bay Area's top companies in volunteering giving, and one of the world's most ethical companies. Here at Blue Shield of California, we're striving to make a positive change across our industry and the communities we live in - Join us! Description Looking for a chance to do meaningful work that touches millions? Come join the hardest working, nonprofit health plan in California and help us shape the future of health care. Blue Shield of California's Mission is to ensure all Californians have access to high-quality care at an affordable price. Blue Shield is focused on improving health care delivery by working closely with providers and making it more accessible, affordable and customer-centric. Being a mission-driven organization means we do much more than serve our 4 million members we were the first health plan in the nation to limit our annual net income to 2 percent of revenue and return the difference to our customers and the community, and since 2005 we have contributed more than 325 million to the Blue Shield of California Foundation to improve community health and end domestic violence. We also believe that a healthier California begins with our employees, so we provide them with resources to develop and maintain a healthy lifestyle through our award-winning wellness program, Wellvolution. We're hiring smart thinkers and doers who want to work for a leader and innovator in the challenging, ever-changing healthcare space. Come and help us make health care better for everyone. Description This is a change agent position. We are seeking breadthdepth of experience as a recognized expert, delivering business value and meeting commitments, operating across a matrixed environment, able to manage ambiguity and to reach understanding and gain commitment to act. Focus on successful executiondelivery of outcomes, and track record for driving change are critical. BSC recognizes that IT Services are crucial, strategic, organizational assets and therefore we must invest appropriate levels of resource into the support, delivery and management of these critical IT Services and the IT systems that underpin them. BSC IT is 'on a journey' increasing maturity within its IT functions. This Principal position has responsibility within the Information Security GRC organization, for leading the Governance Policy and Controls function and ensuring alignment with regulations and industry standards. Responsibilities The Information Security Governance, Policy and Controls (Principal) position will drive BSC information security adherence to regulatory standards and policy, standards and controls development, with the goal of safeguarding the company assets and maintaining confidentiality, integrity and availability of information. The Principal for Information Security Governance, Policy and Controls has a senior subject matter expert role in monitoring and guiding implementation of appropriate security controls, regulatory requirements, as well as developing an information security policy, controls and compliance program. The Principal for Information Security Governance, Policy and Controls shall be well-versed in information security governance, risk and compliance best practices. Qualifications Essential responsibilities include Develop or enhance information security policies, controls and standards aligned with best practices and information security frameworks Develop and oversee control systems to prevent or deal with violations of legal guidelines and internal policies Responsible for making improvements and modifications to operating policies, standards and controls to protect information and assets. Deep functional expertise in the area of information security policy, standards, guidelines and risk compliance functions. Advanced knowledge of information security policy and governance practice and industry certification through previous experience. Evaluate existing policies, standards and procedures to identify compliance risk Communicates and collaborates with corporate counsels, privacy, legal, enterprise risk management, HR departments and external customers or vendors to monitor enforcement of standards and regulations. Consult and reviews the work of team members to accomplish operational plans and results within schedule and budget. Influences decisions which are usually more project and operationally oriented and explains policies, standards, practices and procedures of the job areadepartment to others within the organization. Prepare reports for senior management and external regulatory bodies as appropriate Requirements Requires a college degree or equivalent experience and minimum 7 years prior relevant experience Requires practical knowledge in leading and managing the execution of process, projects and tactics within an area Advance knowledge and skills including technical or functional expertise, business acumen and financial analysis skills, risk management, critical thinking and decision-making skills. Solid understanding of healthcare information security governance, risk, and compliance practices Proven experience as an Information security governance, compliance andor risk expert and knowledge of various information security governance and control frameworks such as NIST, ISO, HiTrust, PCI-DSS and HIPAA, SOC 1,2 requirements is a must Knowledge of risk assessment, control, and industry's compliance standards and regulations Strong critical thinking, decision-making and delegation skills An analytical mind able to 'see' the complexities of procedures and regulations and with problem solving and systems thinking aptitude Excellent communication and presentation skills at executive level Familiarity with security regulations in compliance legislation and other directives including HIPAA, PCI, Sarbanes-OxleyModel Audit Rule Additionally, candidate must be able to Demonstrate personal commitment to change through actions and words, and mobilize others to support change through times of stress and uncertainty Foster a team culture of continuous improvement, mentoring and learning, data driven decisions, and accountability for delivery of key metrics and deliverables Breakdown raw information and undefined problems into specific, workable components that in-turn clearly identifies the issues at hand Make logical conclusions, anticipates obstacles and considers different approaches that are relevant to the decision-making process Improve organizational performance though the application of original thinking to existing and emerging methods, processes, products and services Qualifications Bachelor's degree in Computer Science, Engineering or related field or equivalent work experience CISSP , CRISC, CISM preferred andor an expert in the field of Information Security Management System (ISMS), Policy, Governance and Compliance Management DicePost Physical Requirements Office Environment - roles involving part to full time schedule in Office Environment. Based in our physical offices and work from home officedeskwork - Activity level Sedentary, frequency most of work day. Please click here for further physical requirement detail. External hires must pass a background checkdrug screen. Qualified applicants with arrest records andor conviction records will be considered for employment in a manner consistent with Federal, State and local laws, including but not limited to the San Francisco Fair Chance Ordinance. All qualified applicants will receive consideration for employment without regards to race, color, religion, sex, national origin, sexual orientation, gender identity, protected veteran status or disability status and any other classification protected by Federal, State and local laws.

Launch your career - Create your profile now!

Create your Profile

Loading some great jobs for you...