Information Security Risk and Governance Specialist, Senior

About Blue Shield of California and the Ascendiun Family of Companies

As of January 2025, Blue Shield of California became a subsidiary of Ascendiun. Ascendiun is a nonprofit corporate entity that is the parent to a family of organizations including Blue Shield of California and its subsidiary, Blue Shield of California Promise Health Plan; Altais, a clinical services company; and Stellarus, a company designed to scale healthcare solutions. Together, these organizations are referred to as the Ascendiun Family of Companies.

At Ascendiun, we believe in a brighter future for healthcare. As the parent to a family of four innovative healthcare companies, we’re reimagining what’s possible. Ascendiun is guided by the goal of transforming a dysfunctional American health care system into one worthy of our family and friends and sustainably affordable for everyone.

To achieve our mission, we foster an environment where all employees can thrive and contribute fully to address the needs of the various communities we serve. We are committed to creating and maintaining a supportive workplace that upholds our values and advances our goals.

Our Values:

• Honest. We hold ourselves to the highest ethical and integrity standards. We build trust by doing what we say we're going to do and by acknowledging and correcting where we fall short.
• Human. We strive to listen and communicate effectively, and showing empathy by understanding others’ perspectives. 
• Courageous. We stand up for what we believe in and are committed to the hard work necessary to achieve our ambitious goals. 

Physical Requirements:

Office Environment - roles involving part to full time schedule in Office Environment. Based in our physical offices and work from home office/deskwork - Activity level: Sedentary, frequency most of work day.

Please click here for further physical requirement detail. 

Equal Employment Opportunity:

External hires must pass a background check/drug screen. Qualified applicants with arrest records and/or conviction records will be considered for employment in a manner consistent with Federal, State and local laws, including but not limited to the San Francisco Fair Chance Ordinance. All qualified applicants will receive consideration for employment without regards to race, color, religion, sex, national origin, sexual orientation, gender identity, protected veteran status or disability status and any other classification protected by Federal, State and local laws.

Your Role​ 

 

The Technology and Data Trust Assurance Services team drives BSC technology and information security adherence to regulatory standards, as well as policies, standards, and controls development, with the goal of evaluating, directing and monitoring IT vendor performance, while safeguarding company assets and maintaining and securing the confidentiality, integrity, and availability of Blue Shield of California data. The Technology Risk and External Assurance program runs technology governance forums including the Artificial Intelligence (AI) Governance function and manages technology risk from identification to risk consequence management for BSC. The Information Security Risk & Governance Specialist, Senior will report to the Senior Manager, Technology External Assurance. In this role, you will be a key individual contributor to the Technology Risk and External Assurance team and Blue Shield’s overall strategy and goals by providing consistent, coordinated SOC 2 and PCI-DSS audit and compliance support, information security oversight including NIST CSF maturity assessments, AI governance and technology risk assessment support, and risk reporting in partnership with leaders, stakeholders, and Stellarus.

Your Work 

​ 

​In this role, you will:​ 

 

• Maintain, grow, and modify as needed a Blue Shield of California technology external assurance, risk management and AI governance knowledge bases, with a focus on improving technology risk management and security awareness organizational behavior, policies and standards, governance metrics, processes, and related workflows and tools.
• Provide excellent customer service to all of Technology Risk and External Assurance’s internal and external business stakeholders (including the Stellarus and Promise AI Governance functions) and collaborate with our Stellarus partners to meet customer needs and technology and security assurance requirements.
• Create and maintain security and technology risk management knowledge bases, web pages, playbook(s), processes, and procedures for guiding various technology risk and assurance processes, including security shared services tracking and ticketing queue metrics, security and risk management project support.
• Responsible for managing, triaging, and executing operational work queues for information security and AI governance within our ticketing system, security tools, and email intakes in partnership with Stellarus asset and service owners and business owners and requesters to ensure quality and timeliness.
• Engage with stakeholders across the organization to identify service quality needs, draft requirements, assist in the development of service enhancements, tracking, monitoring, and reporting of the overall health of our services provided to the Ascendiun family of companies.
• Perform impact analysis and root cause analysis of regulatory issues, security incidents, business requests, corrective action plans, and system changes on Technology Risk and External Assurance programs.
• Assist with research and preparation of materials for regular core team meeting and governance forums (e.g., board and committee meetings, AI governance forums, audits and assessment, team meetings, project meetings, stakeholder communications, etc.). 
• Facilitate collaboration and coordination of security controls and frameworks, AI use cases, and technology requests, intakes, workstreams, high priority engagements, security incidents and escalated issues.
• Promote and participate in security, compliance and AI acceptable use awareness and training initiatives.

Your Knowledge and Experience​ 

 

• Requires a bachelor’s degree or equivalent experience and 5+ years of prior relevant experience
• 2+ years of experience with technology service management, IT project management
• 2+ years of experience with information security awareness and training or IT user training
• Knowledge of Artificial Intelligence (AI) governance and monitoring practices is preferred 
• Ability to provide excellent customer service and to conduct user awareness training
• Knowledge of various information technology governance and control frameworks and industry standards such as COBIT and NIST
• Problem-solving and critical-thinking skills to recognize and comprehend complex issues, policies, regulatory requirements, and industry information affecting the business environment
• Ability to communicate and articulate complex analysis in a clear, precise, and actionable manner
• Proven collaborator with strong interpersonal skills, works collaboratively within the team and outside the team
• Proficient in developing presentations and in written and verbal communication
• Proficiency in Microsoft Office products 
• Experience managing workflows and queues in ticketing systems
• GCIH and CISSP certification preferred 

 

Hybrid

This role requires employees to be in - office based on our hybrid workplace model, balancing purposeful in - person collaboration with flexibility. For most teams, this means coming into the office two days each week.

Employees living more than 50 miles from an office location will work with their manager to determine in-office time based on business need.

#LI-CP4