Blue Shield of California
California, United States (Hybrid)
About the Team
About Blue Shield of California
As of January 2025, Blue Shield of California became a subsidiary of Ascendiun. Ascendiun is a nonprofit corporate entity that is the parent to a family of organizations including Blue Shield of California and its subsidiary, Blue Shield of California Promise Health Plan; Altais, a clinical services company; and Stellarus, a company designed to scale healthcare solutions. Together, these organizations are referred to as the Ascendiun Family of Companies.
At Blue Shield of California, our mission is to create a healthcare system worthy of our family and friends and sustainably affordable. We are transforming health care in a way that genuinely serves our nonprofit mission by lowering costs, improving quality, and enhancing the member and physician experience.
To achieve our mission, we foster an environment where all employees can thrive and contribute fully to address the needs of the various communities we serve. We are committed to creating and maintaining a supportive workplace that upholds our values and advances our goals.
Blue Shield is a U.S. News Best Company to work for, a Deloitte U.S. Best Managed Company and a Top 100 Inspiring Workplace. We were recognized by Fair360 as a Top Regional Company, and one of the 50 most community-minded companies in the United States by Points of Light. Here at Blue Shield, we strive to make a positive change across our industry and communities – join us!
Our Values:
• Honest. We hold ourselves to the highest ethical and integrity standards. We build trust by doing what we say we're going to do and by acknowledging and correcting where we fall short.
• Human. We strive to listen and communicate effectively, showing empathy by understanding others' perspectives.
• Courageous. We stand up for what we believe in and are committed to the hard work necessary to achieve our ambitious goals.
About the Job
Your Role
We are seeking a highly experienced and visionary Chief Information Security Officer (CISO) to lead our information security program. The CISO will be responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected.
This position reports directly to the Chief Information Officer. This position reports on a regular and as-needed basis to Stellarus Chief Executive Officer and Board of Trustees regarding relevant Information Security matters to include Information security training and breaches for the organization. This executive-level position encompasses the development and enforcement of policies and strategies to protect against ever-evolving cyber threats, ensuring compliance with strict healthcare regulations such as HIPAA/HITECH. The CISO directs the overall planning and execution of enterprise security systems, using operational and tactical expertise to direct security management reports, who oversee analysts, engineers and architects. As a business enabler, the CISO ensures business decisions are not hampered by security but adhere to corporate security policies and are implemented with security in mind. The CISO champions a flexible, highly adaptable and secure operating business environment.
The CISO must have a strong technical background and fully understand threats, risk mitigation and technical controls to lead a team of security professionals through corporate obligations and defenses. The CISO assumes accountability for the daily tactical operations and overall strategic execution of the team under his or her leadership.
Responsibilities
In This role, you will:
• Develop, implement, and monitor a strategic, comprehensive enterprise information security and IT risk management program.
• Work directly with the business units to facilitate risk assessment and risk management processes.
• Develop and enhance an information security management framework.
• Understand and interact with related disciplines through committees to ensure the consistent application of policies and standards across all technology projects, systems, and services.
• Provide leadership to the enterprise's information security organization.
• Partner with business stakeholders across the company to raise awareness of risk management concerns.
• Serve as the primary point of contact for clients on all information security matters, addressing their concerns, answering question, and offering security solutions.
• Build and maintain long-term relationships with key client stakeholders, including C-level executives, to ensure satisfaction and trust in our security practices.
• Assist with the overall business technology planning, providing a current knowledge and future vision of technology and systems.
Additional Responsibilities
• Monitor for and ensure timely and proper response to cyber threats
• Monitor program governance related to the identification and timely remediation of vulnerabilities and misconfigurations
• Monitor information security program effectiveness
• Develop and enforce security policies and ensure compliance with HIPAA, HITRUST, and required regulations
• Collaborate with business units to improve security awareness
Qualifications
• Bachelor’s degree in Computer Science, Information Systems, or a related field (preferred).
• Minimum of 15+ years of experience including 8+ years of experience in a combination of risk management, information security, and IT positions.
• Knowledge of common information security management frameworks, such as ISO/IEC 27001, COBIT, and NIST.
• Experience with contract and vendor negotiations and management, including managed services.
• Experience in managing and leading security incidents and events to protect corporate IT assets, including intellectual property, regulated data, and the company’s reputation.
• Professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or other similar credentials, is required.
• Strong leadership skills and the ability to work effectively with business managers, IT engineering, and IT operations staff.
• Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences.
• Strategic thinking and a strong understanding of the healthcare payer market and its regulatory environment.
Management Experience:
Ten (10) years progressive management experience in areas of expertise: HIPAA Security Regulation; and practical experience working with Cyber/Information Privacy and Security laws (such as FISMA, PCI-DSS, GLBA, FIPS, NIST-CSF and data breach reporting laws), generally accepted Cyber/Information Security principles, and accepted industry practice. Healthcare and/or Federal government experience cybersecurity experience is a plus progressive management experience.
Special Requirements:
Communication Skills: Above Average Verbal (Heavy Public Contact), Writing/ Correspondence, Writing/Reports
Other Requirements:
• Expert technical knowledge of Cyber/Information Security, infrastructure, network, server, workstation, and security related technologies both software and hardware.
• Expert working knowledge of best practice security design associated with the above technology. Strong demonstrated knowledge of technologies including network, server, desktop, storage, medical security and how Cyber/Information Security relates to the overall business of the organization.
Equal Employment Opportunity:
External hires must pass a background check/drug screen. Qualified applicants with arrest records and/or conviction records will be considered for employment in a manner consistent with Federal, State and local laws, including but not limited to the San Francisco Fair Chance Ordinance. All qualified applicants will receive consideration for employment without regards to race, color, religion, sex, national origin, sexual orientation, gender identity, protected veteran status or disability status and any other classification protected by Federal, State and local laws.
Our Workplace Model:
At Blue Shield of California and the Ascendiun Family of Companies, we believe in fostering a workplace environment that balances purposeful in-person collaboration with flexibility. As we continue to evolve our workplace model, our focus remains on creating spaces where our people can connect with purpose – whether working in the office or through a hybrid approach – by providing clear expectations while respecting the diverse needs of our workforce.
Two Ways of Working:
• Hybrid (Default): Work from a business unit-approved office at least two (2) times per month (for roles below Director-level) or once per week (for Director-level roles and above).Exceptions:
• Member-facing and approved out-of-state roles remain remote.
• Employees living more than 50 miles from their assigned offices are expected to work with their managers on a plan for periodic office visits.
• For employees with medical conditions that may impact their ability to work in-office, we are committed to engaging in an interactive process and providing reasonable accommodations to ensure their work environment is conducive to their success and well-being.
• On-Site: Work from a business unit-approved office an average of four (4) or more days a week.
Physical Requirements:
Office Environment - roles involving part to full time schedule in Office Environment. Based in our physical offices and work from home office/deskwork - Activity level: Sedentary, frequency most of workday.
Apply Online
24-Mar-2025