Information Security Risk and Governance Specialist, ...

Job DescriptionYour Role This role supports Stellarus within the Ascendiun Family of Companies. The Risk Management & Controls Assurance team delivers actionable insights by quantifying IT and business risk to increase resilience while driving a security culture. Reporting to the Senior Manager, in this role, we are seeking a highly experienced and strategic individual contributor to lead the development, implementation, and governance of our enterprise-wide Business Continuity and Disaster Recovery (BC/DR) program. This role will be responsible for ensuring organizational resilience through effective planning, risk assessment, and coordination across business units and technology teams. Our leadership model is about developing great leaders at all levels and creating opportunities for our people to grow - personally, professionally, and financially. We are looking for leaders that are energized by creative and critical thinking, building and sustaining high-performing teams, getting results the right way, and fostering continuous learning. ResponsibilitiesYour WorkIn this role, you will: Program Development & Governance Design and implement a comprehensive Business Continuity (BC)/Disaster Recovery (DR) framework aligned with industry standards (e.g., ISO 22301, NIST SP 800-34), including an incident command center. Establish governance structures, policies, and procedures to support BC/DR initiatives. Develop and maintain BC/DR program documentation, including charters, plans, and metrics Establish and implement critical technology to support management of plans and alerts for enterprise Risk Assessment & Impact Analysis Conduct Business Impact Analyses (BIAs) and risk assessments to identify critical business functions and dependencies. Collaborate with stakeholders to define Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs). Plan Development & Maintenance Lead the creation and maintenance of Business Continuity Plans (BCPs) and Disaster Recovery Plans (DRPs) across departments. Ensure plans are updated regularly to reflect changes in business operations, technology, and risk landscape across departments. Develop and implement an incident command center, includes but not limited to, defining playbooks, critical roles and responsibilities, plan and roadmap. Testing & Exercises Design and execute BC/DR testing strategies, including tabletop exercises, failover tests, and full-scale simulations. Analyze test results and drive continuous improvement initiatives. Identify and assign high risk findings to be addressed by owners Audit & Compliance Ensure compliance with regulatory requirements, association mandates, and internal audit standards. Prepare and present reports to senior leadership and auditors. Vendor & Third-Party Coordination Assess and coordinate with third-party BC/DR capabilities and ensure alignment with organizational standards. QualificationsYour Knowledge and Experience Requires a bachelor's degree or equivalent experience Requires at least 10 years of prior relevant experience Experience in portfolio management, preferably within an Agile or SAFe environment, JIRA experience is a plus Experience partnering with all levels of management required Driven, energetic, team player with superior oral and written communication skills Proven track record of leading enterprise BC/DR programs in complex environments Requires deep understanding of BC/DR frameworks, methodologies, and technologies. Strong analytical, organizational, and project management skills. Ability to work independently and influence cross-functional teams. Desire one or more of the following: CBCP (Certified Business Continuity Planning Professional)- highly desired, CRISC (Certified in Risk and Information Systems Control), CISM (Certified Information Security Manager), CISA (Certified Information Systems Auditor), CISSP (Certified Information Systems Security Professional) #LI-FB1 About the Team About Stellarus and the Ascendiun Family of Companies Stellarus, launched in January 2025, is designed to scale innovative healthcare solutions that support customers in creating a health care experience deserving of their family, friends, and neighbors. Stellarus is part of a family of organizations that is overseen by a nonprofit corporate entity named Ascendiun. The Ascendiun Family of Companies also includes Blue Shield of California and its subsidiary, Blue Shield of California Promise Health Plan and Altais, a clinical services company. Stellarus' vision is to empower its customers to create a healthcare experience that is worthy of their family, friends, and neighbors. Stellarus' objective is to offer innovative, modern, scalable solutions that challenge the health care status quo. This very closely aligns with Blue Shield of California's vision by using innovation to improve quality, affordability, and experience for members. To achieve our mission, we foster an environment where all employees can thrive and contribute fully to address the needs of the various communities we serve. We are committed to creating and maintaining a supportive workplace that upholds our values and advances our goals. Our Values: At Stellarus, our core values of agility, trust, drive, courage and service shape our approach to developing innovative product offerings. Our Workplace Model: We believe in fostering a workplace environment that balances purposeful in-person collaboration with flexibility - providing clear expectations while respecting the diverse needs of our workforce. Our workplace model is designed around intentional in-person interaction, collaboration, connection, creativity and flexibility: For most teams, this means coming into the office two days per week. Employees living more than 50 miles from an office location, out of state employees, and employees in certain member-facing roles should work with their manager to determine in-office time based on business need. For employees with medical conditions that may impact their ability to work in-office, we are committed to engaging in an interactive process and providing reasonable accommodations to ensure their work environment is conducive to their success and well-being. The Company reserves the right to require more presence in the office based on business needs, and requirements are subject to change with periodic reviews. Physical Requirements: Office Environment - roles involving part to full time schedule in Office Environment. Based in our physical offices and work from home office/deskwork - Activity level: Sedentary, frequency most of work day. Please click here for further physical requirement detail. Equal Employment Opportunity: External hires must pass a background check/drug screen. Qualified applicants with arrest records and/or conviction records will be considered for employment in a manner consistent with Federal, State and local laws, including but not limited to the San Francisco Fair Chance Ordinance. All qualified applicants will receive consideration for employment without regards to race, color, religion, sex, national origin, sexual orientation, gender identity, protected veteran status or disability status and any other classification protected by Federal, State and local laws.

Created: 2026-03-04