Sr. Manager, Governance Risk and Compliance Program

Your Role

The Senior Manager, Governance, Risk, & Compliance (GRC) Program will report to the Senior Director of Enterprise Risk Management. The successful candidate will be responsible for leading and enhancing the GRC Program including business resiliency and compliance with regulatory and contractual requirements. This direct people-leadership requires collaboration with executive leaders, business owners, and external partners to uphold compliant standards and best practices.

Key competencies required are GRC technical expertise and knowledge, critical thinking, collaboration, ability to influence others, strong written and verbal communication, efficient time management, and excellent organizational & problem-solving skills.

Your Work

In this role, you will:

• Lead the GRC and Business Resiliency Program through establishment of policies, procedures, and controls including review and validation of existing processes, policies, resources, and communications
• Maintain and enhance GRC and business resiliency applications and tools
• Partner with stakeholders to provide leadership and direction related to development, programming, coding, consulting, planning, and training on GRC and business resiliency
• Be responsible for the elevation and advancement of the GRC and Business Resiliency framework and governance to be consistent with industry best practices
• Act as technical subject matter expert to aid Information Technology and Security developers, analysts, or project managers understand compliance requirements and execute technical solutions
• Implement and maintain GRC and Business Resiliency work plans including auditing and monitoring, business impact analyses, and identifying functions, interdependencies, and recovery priorities
• Coordinate business resilience testing including tabletop exercises and recovery drills in partnership with Information Technology and Security Teams
• Prepare and present GRC reports, business resiliency findings, and incident response updates to executive leaders and committees

Your Knowledge and Experience

• Requires a Bachelor’s degree or equivalent experience
• Requires a minimum of 8 years prior relevant experience, including 4 years of direct people management experience
• Master’s Degree Preferred: Business Administration, Information Technology or Security, Business Administration, Data Science, or Cybersecurity
• Certifications Required: Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified Risk and Information Systems Control (CRISC), or Certified Business Continuity Professional (CBCP)
• Additional Certifications Preferred: Certified Information Systems Security Professional (CISSP), Project Management Professional (PMP), Certified in Risk Management Assurance, or ISO 27001 Lead Implementer or Auditor
• Requires prior experience in programming, coding, or configuration of GRC systems such as Archer, ServiceNow, Riskonnect, Compliance 360, or MetricStream
• Requires practical knowledge in leading and managing the execution of GRC and business continuity processes including crisis management and incident response
• Requires strong independent judgment, problem-solving, ability to work with minimal supervision, to multi-task, and to deliver exceptional quality work product in a highly regulated, demanding, and constantly changing corporate environment
• Requires ability to work collaboratively in a team, applying people management and mentoring skills
• Proficient in Microsoft Word, Excel, PowerPoint and Outlook

ABOUT THE TEAM
About Blue Shield of California

As of January 2025, Blue Shield of California became a subsidiary of Ascendiun. Ascendiun is a nonprofit corporate entity that is the parent to a family of organizations including Blue Shield of California and its subsidiary, Blue Shield of California Promise Health Plan; Altais, a clinical services company; and Stellarus, a company designed to scale healthcare solutions. Together, these organizations are referred to as the Ascendiun Family of Companies.

At Blue Shield of California, our mission is to create a healthcare system worthy of our family and friends and sustainably affordable. We are transforming health care in a way that genuinely serves our nonprofit mission by lowering costs, improving quality, and enhancing the member and physician experience.

To achieve our mission, we foster an environment where all employees can thrive and contribute fully to address the needs of the various communities we serve. We are committed to creating and maintaining a supportive workplace that upholds our values and advances our goals.

Blue Shield is a U.S. News Best Company to work for, a Deloitte U.S. Best Managed Company and a Top 100 Inspiring Workplace. We were recognized by Fair360 as a Top Regional Company, and one of the 50 most community-minded companies in the United States by Points of Light. Here at Blue Shield, we strive to make a positive change across our industry and communities – join us!

Our Values:

• Honest. We hold ourselves to the highest ethical and integrity standards. We build trust by doing what we say we're going to do and by acknowledging and correcting where we fall short.
• Human. We strive to listen and communicate effectively, showing empathy by understanding others' perspectives.
• Courageous. We stand up for what we believe in and are committed to the hard work necessary to achieve our ambitious goals.

Our Workplace Model:

At Blue Shield of California and the Ascendiun Family of Companies, we believe in fostering a workplace environment that balances purposeful in-person collaboration with flexibility. As we continue to evolve our workplace model, our focus remains on creating spaces where our people can connect with purpose – whether working in the office or through a hybrid approach – by providing clear expectations while respecting the diverse needs of our workforce.

Two Ways of Working:

• Hybrid (Default): Work from a business unit-approved office at least two (2) times per month (for roles below Director-level) or once per week (for Director-level roles and above). Exceptions:

o Member-facing and approved out-of-state roles remain remote.

o Employees living more than 50 miles from their assigned offices are expected to work with their managers on a plan for periodic office visits.

o For employees with medical conditions that may impact their ability to work in-office, we are committed to engaging in an interactive process and providing reasonable accommodations to ensure their work environment is conducive to their success and well-being.

• On-Site: Work from a business unit-approved office an average of four (4) or more days a week.

Physical Requirements:

Office Environment - roles involving part to full time schedule in Office Environment. Based in our physical offices and work from home office/deskwork - Activity level: Sedentary, frequency most of work day.

Equal Employment Opportunity:

External hires must pass a background check/drug screen. Qualified applicants with arrest records and/or conviction records will be considered for employment in a manner consistent with Federal, State and local laws, including but not limited to the San Francisco Fair Chance Ordinance. All qualified applicants will receive consideration for employment without regards to race, color, religion, sex, national origin, sexual orientation, gender identity, protected veteran status or disability status and any other classification protected by Federal, State and local laws.