Information Security Risk and Governance Specialist, Consultant

Information Security Risk and Governance Specialist, Consultant

Vacancy expired!

Blue Shield of California's mission is to ensure all Californians have access to high-quality health care at a sustainably affordable price. We are transforming health care in a way that truly serves our nonprofit mission by lowering costs, improving quality, and enhancing the member and physician experience.

To fulfill our mission, we must ensure a diverse, equitable, and inclusive environment where all employees can be their authentic selves and fully contribute to meet the needs of the multifaceted communities we serve. Our comprehensive approach to diversity, equity, and inclusion combines a focus on our people, processes, and systems with a deep commitment to promoting social justice and health equity through our products, business practices, and presence as a corporate citizen.

Blue Shield has received awards and recognition for being a certified Great Place to Work, best place to work for LGBTQ equality, leading disability employer, one of the best companies for women to advance, Bay Area's top companies in volunteering & giving, and one of the world's most ethical companies. Here at Blue Shield of California, we are striving to make a positive change across our industry and the communities we live in - join us!

Your Role

The Delegation Operations team, under the purview of the Delegation Oversight Committee (DOC) which is a sub-committee of the Quality Oversight Committee (QOC), is responsible for oversight of contracted delegated entities. This includes auditing for IT integrity and Security, reviewing corrective actions, performing follow-up and monitoring activities.

The Information Security Risk and Governance Specialist, Consultant will report to the Sr. Manager, Delegation Operations . In this role you will be responsible performing oversight of IT systems utilized by our contracted delegated entities to perform delegated functions. This would include disaster recovery, HIPAA, data integrity as well as oversight of IT internal controls Influences the performance of the business unit or related functional areas in achieving Blue Shield of California's objectives. This position requires both a CISA and CIA certification.

Your Work

In this role, you will:

• Execute assigned audit procedures and document workpapers in line with CS internal audit standards.
• Identify and present audit issues, manage agreed upon actions in audit reports including discussion with relevant to management.
• The ability to develop, present and finalize audit reports. This process entails initial drafting of the report, discussion with management to ensure factual accuracy and concurrence.
• Developing, presenting, and finalizing audit reports. This process entails initial drafting of the report, discussion with management to ensure factual accuracy and concurrence and coordination with Management to obtain written responses to Audit's recommendations
• Liaise with the audit team during each audit, including advising the audit manager of progress and issues; and Continuous monitoring and Key Risk Indicator analysis, e.g., stability reporting, problem tickets, usage of break-glass access (if needed).
• Maintaining relevant audit tools/scripts to support technical analysis (e.g., of operating system, database configurations).
• Alternatively, comparable experience within IT or a related area e.g., IT risk management.
• Results driven and able to build good working relationships with senior management in a variety of cultures.
• Highly motivated and proactive professional with strong organizational, interpersonal and time management skills.
• Provide metrics for the cyber security risk management dashboard reporting

• The ability to effectively perform onsite audits and walk-throughs.
• HIPAA Security Rules expertise in relation to HIPAA security compliance.
• Strong technical and analytical abilities, including a detailed understanding of application and IT general controls, technical environments and emerging IT trends.
• 7+ years of IT auditing experience, either in Internal Audit or with a professional services firm (i.e. Big 4).
• A solid understanding of Compliance and Privacy requirements.
• IT audit-relevant certification (e.g. CISA, CIA) or commensurate experience preferable.
• Excellent communication and written skills.
• Project Management or Lean Six Sigma background would be a bonus.
• Cyber Defense knowledge would be useful as well.

• Honest. We hold ourselves to the highest ethical and integrity standards. We build trust by doing what we say we're going to do and by acknowledging and correcting where we fall short
  

• Human. We strive to be our authentic selves, listening and communicating effectively, and showing empathy towards others by walking in their shoes
  

• Courageous. We stand up for what we believe in and are committed to the hard work necessary to achieve our ambitious goals