Job Description

Your Role​

The Technology and Data Trust Assurance Services team drives BSC technology and information security adherence to regulatory standards, as well as policies, standards, and controls development, with the goal of evaluating, directing and monitoring IT vendor performance, while safeguarding company assets and maintaining and securing the confidentiality, integrity, and availability of Blue Shield of California data. The Technology Risk and External Assurance program runs technology governance forums including the Artificial Intelligence (AI) Governance function and manages technology risk from identification to risk consequence management for BSC. The Information Security Risk & Governance Specialist, Senior will report to the Senior Manager, Technology External Assurance. In this role, you will be a key individual contributor to the Technology Risk and External Assurance team and Blue Shield’s overall strategy and goals by providing consistent, coordinated SOC 2 and PCI-DSS audit and compliance support, information security oversight including NIST CSF maturity assessments, AI governance and technology risk assessment support, and risk reporting in partnership with leaders, stakeholders, and Stellarus.

Your Work

​

​In this role, you will:​

• Maintain, grow, and modify as needed a Blue Shield of California technology external assurance, risk management and AI governance knowledge bases, with a focus on improving technology risk management and security awareness organizational behavior, policies and standards, governance metrics, processes, and related workflows and tools.
• Provide excellent customer service to all of Technology Risk and External Assurance’s internal and external business stakeholders (including the Stellarus and Promise AI Governance functions) and collaborate with our Stellarus partners to meet customer needs and technology and security assurance requirements.
• Create and maintain security and technology risk management knowledge bases, web pages, playbook(s), processes, and procedures for guiding various technology risk and assurance processes, including security shared services tracking and ticketing queue metrics, security and risk management project support.
• Responsible for managing, triaging, and executing operational work queues for information security and AI governance within our ticketing system, security tools, and email intakes in partnership with Stellarus asset and service owners and business owners and requesters to ensure quality and timeliness.
• Engage with stakeholders across the organization to identify service quality needs, draft requirements, assist in the development of service enhancements, tracking, monitoring, and reporting of the overall health of our services provided to the Ascendiun family of companies.
• Perform impact analysis and root cause analysis of regulatory issues, security incidents, business requests, corrective action plans, and system changes on Technology Risk and External Assurance programs.
• Assist with research and preparation of materials for regular core team meeting and governance forums (e.g., board and committee meetings, AI governance forums, audits and assessment, team meetings, project meetings, stakeholder communications, etc.).
• Facilitate collaboration and coordination of security controls and frameworks, AI use cases, and technology requests, intakes, workstreams, high priority engagements, security incidents and escalated issues.
• Promote and participate in security, compliance and AI acceptable use awareness and training initiatives.

Your Knowledge and Experience​

• Requires a bachelor’s degree or equivalent experience and 5+ years of prior relevant experience
• 2+ years of experience with technology service management, IT project management
• 2+ years of experience with information security awareness and training or IT user training
• Knowledge of Artificial Intelligence (AI) governance and monitoring practices is preferred
• Ability to provide excellent customer service and to conduct user awareness training
• Knowledge of various information technology governance and control frameworks and industry standards such as COBIT and NIST
• Problem-solving and critical-thinking skills to recognize and comprehend complex issues, policies, regulatory requirements, and industry information affecting the business environment
• Ability to communicate and articulate complex analysis in a clear, precise, and actionable manner
• Proven collaborator with strong interpersonal skills, works collaboratively within the team and outside the team
• Proficient in developing presentations and in written and verbal communication
• Proficiency in Microsoft Office products
• Experience managing workflows and queues in ticketing systems
• GCIH and CISSP certification preferred

Hybrid

This role requires employees to be in - office based on our hybrid workplace model, balancing purposeful in - person collaboration with flexibility. For most teams, this means coming into the office two days each week.

Employees living more than 50 miles from an office location will work with their manager to determine in-office time based on business need.

#LI-CP4