Information Security Architect, Principal

At Blue Shield of California we are parents, leader, students, visionaries, heroes, and providers. Everyday we come together striving to fulfill our mission, to ensure all Californians have access to high-quality health care at a sustainably affordable price. For more than 80 years, Blue Shield of California has been dedicated to transforming health care by making it more accessible, cost-effective, and customer-centric. We are a not-for-profit, independent member of the Blue Cross Blue Shield Association with 6,800 employees, more than $20 billion in annual revenue and 4.3 million members. The company has contributed more than $500 million to Blue Shield of California Foundation since 2002 to have a positive impact on California communities. Blue Shield of California is headquartered in Oakland, California with 18 additional locations including Sacramento, Los Angeles, and San Diego. Were excited to share Blue Shield of California has received awards and recognition for LGBT diversity, quality improvement, most influential women in corporate America, Bay Areas top companies in volunteering & giving, and one of the worlds most ethical companies. Here at Blue Shield of California, were striving to make a positive change across our industry and the communities we live in Join us!


Blue Shield of California's mission is to ensure all Californians have access to high-quality health care at a sustainably affordable price. We are transforming health care in a way that truly serves our nonprofit mission by lowering costs, improving quality, and enhancing the member and physician experience.

To fulfill our mission, we must ensure a diverse, equitable, and inclusive environment where all employees can be their authentic selves and fully contribute to meet the needs of the multifaceted communities we serve. Our comprehensive approach to diversity, equity, and inclusion combines a focus on our people, processes, and systems with a deep commitment to promoting social justice and health equity through our products, business practices, and presence as a corporate citizen.

Blue Shield has received awards and recognition for being a certified Great Place to Work, best place to work for LGBTQ equality, leading disability employer, one of the best companies for women to advance, Bay Area's top companies in volunteering & giving, and one of the world's most ethical companies. Here at Blue Shield of California, we are striving to make a positive change across our industry and the communities we live in - join us!

Your Role

The IT Consumer and Enterprise Identity and Access Management team is responsible for the planning, architecting, building, delivery, and operational support of the Identity and Access Management (IAM) program. Work in Chief Information Security Officer (CISO) office responsible for the planning, architecting, building, delivery and support of the Identity and Access Management (IAM) program. This position will provide direction and guidance to the development, specifications, and communications of the IAM application and architecture, as well as provide in-depth technical consultation to the business units and IT management and assist in developing plans and direction for the integration of information security requirements.

Your Work

In this role, you will:

  • Develop, deploy and maintain an Identity and Access Management (IAM) solutions that enable the enterprise to develop and implement security solutions and capabilities that are clearly aligned with business, technology and threat drivers.
  • Maintain and expand core IAM capabilities that improve security, increase operational efficiency and enable business.
  • Aligns IAM processes across the organization and develops and documents standards for organizational use. Co-leads an IAM selection process, evaluates existing and emerging technologies and tools in the selection of an IAM service offering for the business units.
  • Actively participate in a product team and work with business and engineering team to articulate security requirements in a way that leads to the secure creation and enhancement of the identity security product.
  • Ensure products are built and sustained with security and compliance by design.
  • Influence and communicate effectively with non-technical audiences including senior product and business management.
  • Define high-level migration plans to address the gaps between the current and future state. Define high-level migration plans to address the gaps between the current and future state
  • Drive security as an integrated component in digital product success by collaborating closely with product delivery teams.
  • Develops product strategies, vision and roadmaps that align with the architecture and technology direction of the business unit, consistent with enterprise priorities as agreed with product-line management.
  • Embeds with product teams as needed to ensure full transparency and no surprises, keeping product stakeholders up to date with the latest on delivery status, product security risks and scope changes.
  • Track developments and changes in the digital business and threat environments to ensure that these are adequately addressed in security strategy plans and architecture artifacts.
  • Evaluates new products, methods, and technologies to protect against existing and emerging security threats.
  • Act as the communicator of the vision to translate the product strategy and vision developed with business stakeholders into what the product team must bear in mind to ensure security and compliance are embedded
  • Review security technologies, tools and services, and make recommendations.
  • Secure identities in M356 using Multifactor Authentication, conditional access, and Azure AD Privileged Identity Management (PIM)
  • Work across the company to drive adoption of technical standards, design principles and architecture patterns
  • Have excellent communication skills (written and verbal). Demonstrate strong problem-solving ability and analytical skills. Strong business acumen and a commitment to integrity, process improvement and customer satisfaction
  • Persuasive in influencing strategic security architecture direction, framing reference architectures and pattern components, specifying policies and standards, drive consensus on target state architectures, and influence roadmaps


Your Knowledge and Experience
  • Bachelor's degree in Computer Science, Engineering or related field or equivalent work experience
  • CISSP, CCSP, CISM, TOGAF or other security and/or Enterprise Architecture methodology certifications.
  • At least 12 years of related IT security and Identity Security Architecture experience
  • Identity management familiarity in one or more of the following areas: single sign-on (SSO), data management, identity federation, Multifactor Authentication, Cloud identity, enterprise directory architecture and design, including directory schema, directory services, namespace and replication topology experience, resource provisioning, and process integration. Identity and access governance includes role-based access control, access request and certification, user life cycle management processes, and organizational change management.
  • Experience with administrating authentication technologies, such as Microsoft Active Directory/Windows authentication, OpenLDAP, Kerberos, OpenID Connect, OAuth, and federated identity management.
  • Basic familiarity with the principles of design thinking, and lean and agile software delivery
  • Strong understanding of Secure Software Development Lifecycle (S-SDLC) and identity in cloud (Azure, Google , Amazon)
  • Knowledge of healthcare industry and industry related technology a strong plus
  • General understanding and familiarity with protecting against web and web services security vulnerabilities including the OWASP Top Ten SANS Top Twenty-Five
  • Experience in designing, architecting, and implementing complex enterprise applications, infrastructures with security built in
  • Fundamental working knowledge of industry-standard enterprise architecture models (e.g. TOGAF, NIST.SP.800-53r4, ISO 27002, SABSA, HIPAA, HITECH, PCI-DSS) and such security frameworks

Our Values:
  • Honest: We hold ourselves to the highest ethical and integrity standards. We hold ourselves to the highest ethical and integrity standards. We build trust by doing what we say we're going to do and by acknowledging and correcting where we fall short
  • Human. We strive to be our authentic selves, listening and communicating effectively, and showing empathy towards others by walking in their shoes
  • Courageous. We stand up for what we believe in and are committed to the hard work necessary to achieve our ambitious goals

Physical Requirements

Office Environment - roles involving part to full time schedule in Office Environment. Due to the current public health emergency in California, Blue Shield employees are almost all working remotely. Based in our physical offices and work from home office/deskwork Activity level: Sedentary, frequency most of work day.
Please click here for further physical requirement detail.

External hires must pass a background check/drug screen. Qualified applicants with arrest records and/or conviction records will be considered for employment in a manner consistent with Federal, State and local laws, including but not limited to the San Francisco Fair Chance Ordinance. All qualified applicants will receive consideration for employment without regards to race, color, religion, sex, national origin, sexual orientation, gender identity, protected veteran status or disability status and any other classification protected by Federal, State and local laws.
COVID-19 update: From the earliest days of the pandemic, Blue Shield of California has been unyielding in our commitment to putting the health and safety of our people, our members and our communities first. As a federal contractor and a health care company, Blue Shield requires all employees to be fully vaccinated prior to start date as a condition of employment and provide proof of vaccination status. Blue Shield will consider requests for medical or religious accommodation to this vaccination requirement prior to your start date
EEO Policy