Your Role

The Global Business Services (GBS) organization team leads the Enterprise Procurement practice as a partner with business and functional stakeholders to plan, select and contract with third-party suppliers, as well as to advance environmental/social/governance outcomes of supplier relationships and manage the supplier governance program, as well as to lead captive insurance company operations. The Supplier Relationship Specialist, Consultant will report to the Sr. Manager of Procurement Operations and Risk Management. In this role you will guide 1) Risk Management of Enterprise Procurement Operations, 2) Risk Management of Blue Shield's Third-Party Suppliers and 3) Business Resilience of GBS Operations.

The GBS Risk Management function adds value throughout the procurement workflow and supplier lifecycle by restricting high-risk suppliers from being onboarded, to assessing and reporting on risk levels of existing critical suppliers, to guiding remediation of corrective action plans and to safely offboard terminated suppliers. By proactively mitigating supplier risk and ensuring Enterprise Procurement is audit-ready at all times, GBS is able to protect Blue Shield's reputation and interests, which are foundational to delivering affordable healthcare that is worthy of our family and friends.

Your Work

In this role, you will:

• Guide and advance GBS's Enterprise Procurement due diligence activities, strategies and controls related to all supplier selection, onboarding, contracting and termination events.
• Actively contribute to advancing the Procurement Center of Excellence as a subject matter expert, serving in both advisor and innovator capacities. Drive continuous improvement of processes and control calibration into the procurement practice to increase supplier compliance, reduce enterprise risk and introduce unaddressed risks for consideration.
• Track and measure the effectiveness of controls at mitigating supplier risk over time. Analyze trends, identify opportunities, develop strategies and implement solutions for reducing risk and increasing compliance of suppliers.
• Drive ongoing calibration of supplier contract language with enterprise policies and emerging risk categories, as well as to enable more quantitative validation of supplier compliance during supplier due diligence and assessment activities.
• Guide partners through annual and biannual cycles to measure supplier resilience and efficiency along key control categories (Business Performance, Security Posture, Finance Viability and Compliance). Consult on remediation plans, track progress and escalate as appropriate.
• Reinforce and navigate Business Operations teams' roles as supplier relationship managers to ensure their success in assessing supplier risks and executing quality remediation plans.
• Conduct adhoc assessments of critical suppliers across key control categories, to be executed virtually or onsite as needed.
• Advise Business on how to evaluate the design and operational effectiveness of controls in their critical suppliers' SOC1 and HiTRUST reports to ensure critical interpretations of SOC1 auditor opinions and scope and various security and privacy standards within a supplier's HiTRUST report.
• Drive disciplined practice of managing risk of GBS-managed suppliers by regularly assessing vulnerabilities, validating contractual compliance and driving improvements that mitigate operational risks. Ensure suppliers' Disaster Recovery Plans remain contractually compliant and engage Blue Shield's Technical Business Continuity team to evaluate effectiveness and testing of those plans.
• Engage, align and test GBS Business Recovery Plan with owners of other Plans in Blue Shield's Business Continuity Program that operate within the enterprise procure-to-pay ecosystem.
• Provide ongoing visibility to GBS leadership on the collective performance of each supplier that includes operational (GBS) and technology (IT) measurements. Report to GBS Governance on supplier performance for Business Reviews.

Your Knowledge and Experience

• Requires a bachelor's degree or equivalent experience.
• Requires at least 7 years of prior relevant experience.
• Requires deep understanding of Procurement functions, activities and systems as well as third-party agreements (preferably in a highly regulated industry).
• Requires prior roles in one or more related functions (e.g. Risk Management of Procurement/Sourcing, Third-Parties or Operations, Vendor Relationship Management, Internal Audit, Governance-Risk-Compliance program, Law).
• Requires comprehensive understanding of SOC1 and HiTRUST reports. Ability to critically evaluate exceptions or deficiencies in reports as well as how to address regulatory requirements relative to HiTRUST CSF framework.
• Requires high competency in all Microsoft Office applications (Word, PowerPoint, Excel, etc), with preferred competency in applying Microsoft 365 platform and apps (SharePoint, Teams, Lists, etc).
• Requires an auditor's mindset - analytical, attention to detail, objective, ethical, recognizes risk and vulnerabilities, assesses and mitigates controls and processes, clearly articulates findings, solves problems methodically, adaptable to change, continuously learns and understands organization's operations, industry and regulatory environment.
• Requires experience assessing suppliers' operational compliance of key controls through virtual and/or onsite inspections.
• Requires high competency in driving enterprise-wide programs/projects that involve multiple internal stakeholders, and which have accountability to cross-functional framework and charter. Ability to drive stakeholder alignment, roles/responsibilities and accountability, while communicating risks and necessary adjustments in a timely manner.
• Requires ability to communicate clearly and effectively about highly complex content and processes in (both verbal and written), as well as to listen and observe in ways that promote trust, collaboration, consensus and thought partnership.
• Requires strong time management skills, adept at balancing priorities, driving measured progress and delivering on schedule. Ability to manage multiple projects concurrently.
• Strongly prefer completion of Third Party Risk Management (TPRM) trainings and one or more related certifications (e.g. CISA, CISSP or CTPRP).
• Prefer experience in applying Agile mindset and methods to deliver business value, drive continuous improvement, adapt to change and innovate.

Pay Range: The pay range for this role is $109,120.00 to $163,680.00 for California.

Note: Please note that this range represents the pay range for this and many other positions at Blue Shield that fall into this pay grade. Blue Shield salaries are based on a variety of factors, including the candidate's experience, location (California, Bay area, or outside California), and current employee salaries for similar roles.