VP, Information Security (CISO)

Blue Shield of California

Remote Eligibility

On-site

Domain

Governance, Risk & compliance

State

California

City

Oakland

Job Description

Posted on:

February 17, 2025

Primary NIST Speciality

Oversee and Govern

NIST Sub-speciality

Executive Cyber Leadership

Seniority

Executive

Salary ($K)

370

430

Summary and company overview

Your Role

We are seeking a highly experienced and visionary Chief Information Security Officer (CISO) to lead our information security program. The CISO will be responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected.

This position reports directly to the Chief Information Officer. This position reports on a regular and as-needed basis to Stellarus Chief Executive Officer and Board of Trustees regarding relevant Information Security matters to include Information security training and breaches for the organization. This executive-level position encompasses the development and enforcement of policies and strategies to protect against ever-evolving cyber threats, ensuring compliance with strict healthcare regulations such as HIPAA/HITECH. The CISO directs the overall planning and execution of enterprise security systems, using operational and tactical expertise to direct security management reports, who oversee analysts, engineers and architects. As a business enabler, the CISO ensures business decisions are not hampered by security but adhere to corporate security policies and are implemented with security in mind. The CISO champions a flexible, highly adaptable and secure operating business environment.

The CISO must have a strong technical background and fully understand threats, risk mitigation and technical controls to lead a team of security professionals through corporate obligations and defenses. The CISO assumes accountability for the daily tactical operations and overall strategic execution of the team under his or her leadership.

Company Overview

Blue Shield of California is part of the Ascendiun Family of Companies. Ascendiun is a new, nonprofit corporate entity that launched in January 2025, as the parent to the family of organizations that includes Blue Shield of California and its subsidiary, Blue Shield of California Promise Health Plan; Altais, a clinical services firm; and Stellarus, a company designed to scale healthcare solutions.

Stellarus is a leading technology company that specializes in providing innovative technical products and services for healthcare payers. Stellarus’ goal is to help health plans reimagine the healthcare system. Our objective is to offer innovative, modern, scalable solutions that challenge the health care status quo.

Responsibilities

Develop, implement, and monitor a strategic, comprehensive enterprise information security and IT risk management program.
Work directly with the business units to facilitate risk assessment and risk management processes.
Develop and enhance an information security management framework.
Understand and interact with related disciplines through committees to ensure the consistent application of policies and standards across all technology projects, systems, and services.
Provide leadership to the enterprise's information security organization.
Partner with business stakeholders across the company to raise awareness of risk management concerns.
Serve as the primary point of contact for clients on all information security matters, addressing their concerns, answering questions, and offering security solutions.
Build and maintain long-term relationships with key client stakeholders, including C-level executives, to ensure satisfaction and trust in our security practices.
Assist with the overall business technology planning, providing current knowledge and future vision of technology and systems.

Additional Responsibilities

Monitor for and ensure timely and proper response to cyber threats.
Monitor program governance related to the identification and timely remediation of vulnerabilities and misconfigurations.
Monitor information security program effectiveness.
Develop and enforce security policies and ensure compliance with HIPAA, HITRUST, and required regulations.
Collaborate with business units to improve security awareness.

Job Requirements

Required Qualifications

Minimum of 15+ years of experience including 8+ years of experience in a combination of risk management, information security, and IT positions.
Professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or other similar credentials, is required.
Strong leadership skills and the ability to work effectively with business managers, IT engineering, and IT operations staff.
Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences.

Preferred Qualifications

Bachelor’s degree in Computer Science, Information Systems, or a related field (preferred).
Knowledge of common information security management frameworks, such as ISO/IEC 27001, COBIT, and NIST.
Experience with contract and vendor negotiations and management, including managed services.
Experience in managing and leading security incidents and events to protect corporate IT assets, including intellectual property, regulated data, and the company’s reputation.
Strategic thinking and a strong understanding of the healthcare payer market and its regulatory environment.

Management Experience:

Ten (10) years progressive management experience in areas of expertise: HIPAA Security Regulation; and practical experience working with Cyber/Information Privacy and Security laws (such as FISMA, PCI-DSS, GLBA, FIPS, NIST-CSF and data breach reporting laws), generally accepted Cyber/Information Security principles, and accepted industry practice. Healthcare and/or Federal government experience cybersecurity experience is a plus progressive management experience.

Special Requirements:

Communication Skills: Above Average Verbal (Heavy Public Contact), Writing/Correspondence, Writing/Reports.

Other Requirements:

Expert technical knowledge of Cyber/Information Security, infrastructure, network, server, workstation, and security related technologies both software and hardware.
Expert working knowledge of best practice security design associated with the above technology. Strong demonstrated knowledge of technologies including network, server, desktop, storage, medical security and how Cyber/Information Security relates to the overall business of the organization.

Additional commentary

Pay Range

The pay range for this role is: $370K to $430K for California.

Note

Please note that this range represents the pay range for this and many other positions at Blue Shield that fall into this pay grade. Blue Shield salaries are based on a variety of factors, including the candidate's experience, location (California, Bay area, or outside California), and current employee salaries for similar roles.