IT Security Vendor Risk Management job San Francisco California
IT Security Vendor Risk Management job San Francisco California
My Spider Scam Awareness Contacting Us F. A. Q.
Job Seekers
Search Jobs
Browse Jobs
Post a Resume
Job Alerts
Search Resumes
Browse Resumes
Post a Job

IT Security Vendor Risk Management Job

Employer Name: SpiderID: 13140223
Location: San Francisco, California Date Posted: 12/23/2022
Wage: Negotiable Category: Insurance
Job Code: 170029P-2191

Job Description:
Looking for a chance to do meaningful work that touches millions? Come join the hardest working, nonprofit health plan in California and help us shape the future of health care. Blue Shield of California's Mission is to ensure all Californians have access to high-quality care at an affordable price. Blue Shield is focused on improving health care delivery by working closely with providers and making it more accessible, affordable and customer-centric. Being a mission-driven organization means we do much more than serve our 4 million members: we were the first health plan in the nation to limit our annual net income to 2 percent of revenue and return the difference to our customers and the community, and since 2005 we have contributed more than $325 million to the Blue Shield of California Foundation to improve community health and end domestic violence. We also believe that a healthier California begins with our employees, so we provide them with resources to develop and maintain a healthy lifestyle through our award-winning wellness program, Wellvolution.

We're hiring smart thinkers and doers who want to work for a leader and innovator in the challenging, ever-changing healthcare space. Come and help us make health care better for everyone.



We have an opening for you to grow with us in San Francisco, CA. This critical role will be within the IT Security Risk & Governance organization, responsible for executing and managing 3 rd party vendor security risk management program, mitigation and response; compliance; control assurance; and user awareness. This role will be focused on developing and driving vendor security risk management strategies, executing vendor security risk assessments, ensuring the effectiveness of solutions, and providing security-focused consultative services to the organization. This individual will provide expertise and assistance to all IT projects to ensure the company's infrastructure and information assets are protected.


Conduct third party risk assessments to assist in determining their ability to protect confidential and sensitive data. Assessments and controls include those relevant to laws, regulations, and industry security standards. S/he will act as a subject matter expert, liaise with key business and technology stakeholders to ensure compliance expectations are realized in a timely manner.

In your role you will help the company grow our business and build on our success by:

  • Lead BSC's vendor security risk assessment efforts

  • Analyze assessment findings and establish a risk score based on an established scoring framework.

  • Present findings and assessment to business owners as well as third party vendor.

  • Review third party vendor remediation plans and determine if the plan sufficiently mitigates identified risks. Track progress on remediation of identified risks and vulnerabilities and provide appropriate reporting to constituents.

  • Enhance risk/vulnerability assessment programs and questionnaires to aid in the identification and mitigation of security risks.

  • Monitor appropriate sources for newly identified vulnerabilities, evaluate the risks such vulnerabilities pose to the organization's information and systems, and advise management of appropriate measures to eliminate or reduce the organization's risk or exposure to such vulnerabilities.

  • Communicate on regular basis with key stakeholders on status, issues and solutions to resolving those issues

  • Participating in security planning and analyst activities

  • Work in combination with Project Managers to ensure Security is engaged in projects

  • Developing, refining and implementing of enterprise wide security policies, procedures and standards to meet BSC's compliance responsibilities

  • Working with customers to identify security requirements using methods that may include risk and business impact assessments

  • Working closely with IT and development teams to design secure infrastructure solutions and applications, facilitating the implementation of protective and mitigating controls

  • Monitoring risk mitigation and coordinating policy and controls to ensure that other managers are taking effective remediation steps

  • Participating in security investigations and compliance reviews as requested by external auditors



At BSC, we recruit the best people to help grow our business and build on our success. To be considered for this position you must be able to demonstrate the following:


  • Bachelor's degree in Computer Science, Business or other related field, or related work experience

  • Minimum five years' experience with third party vendor risk management, information security, internal audit, compliance, and regulatory functions.

  • Effective organizational and planning skills and excellent verbal and written communication skills.

  • Candidate must be familiar with threats and vulnerabilities, latest trends and risks and be able to understand the technical remediation action steps or plans and communicate them effectively to teams within the organization and/or third-party vendor.

  • Experience using RSA Archer, or similar systems, to manage third party risk assessments

  • Strong working knowledge and experience with ISO 27001:2013 and 27002:2013 standards for information security

  • Familiarity with security regulations in compliance legislation and other directives including HIPPA, SOC2, PCI, Sarbanes-Oxley is a plus

Additionally, candidate must be able to:

  • Breakdown raw information and undefined problems into specific, workable components that in-turn clearly identifies the issues at hand

  • Make logical conclusions, anticipates obstacles and considers different approaches that are relevant to the decision-making process

  • Improve organizational performance though the application of original thinking to existing and emerging methods, processes, products and services

  • Employ sound judgment in determining how innovations will be deployed to produce return on investment

  • Identify, document, and monitor key business processes needed to achieve successful business results. Map and document processes while developing framework for process improvement

  • Identify and act upon opportunities for continuous improvement

  • Encourage prudent risk-taking, exploration of alternative approaches, and organizational learning

  • Demonstrate personal commitment to change through actions and words, and mobilize others to support change through times of stress and uncertainty

  • Achieve desired results by taking a systematic approach to work and by following defined work processes


  • CISA, CISSP, CRISC preferred

Job Criteria:
Start Date:
Position Type: Full-Time Permanent
Years of Experience Required:
Education Required:
Overnight Travel:
Vacation Time:

Contact Information:
Contact Name: Blue Shield of California Company Type:
Company: Blue Shield of California

Send ad to a friend


© 2023 Job Spider
Privacy Policy | CC Marketing Sites | Site Map | Links