Cybersecurity Quantitative Risk Analyst, Senior

Job Description

This role supports Stellarus within the Ascendiun Family of Companies. The Risk Management & Controls Assurance team delivers actionable insights by quantifying IT and business risk to increase resilience while driving a security culture. This Information Security Risk & Governance Specialist, Principal role will report to the Director working as a Risk Quantification Analyst . This position will play a critical role in identifying, evaluating, and quantifying risks, supporting executive decision-making, and driving data-driven business insights. The ideal candidate will bring thought leadership, technical expertise, and a proactive approach to evolve the existing risk management program.

Responsibilities

Your Work

In this role, you will :

• Program Leadership : Lead and further develop the existing risk quantification function, ensuring alignment with the FAIR methodology, NIST CSF 2.0, Unified Control Framework (UCF) and healthcare regulatory requirements (e.g., HIPAA, PCI).
• Risk Analysis : Oversee and perform detailed quantitative analysis on IT, operational and business risks using ThreatConnect and other FAIR-based platforms. Translate quantified risks into financial and business terms to support risk appetite, risk tolerance, and risk-informed decision-making.
• Risk Scenario Development : Design and lead scenario analyses and simulations to evaluate risks related to cybersecurity, IT operations, third parties, and strategic initiatives. Provide quantified insights to support investment justification, control prioritization, and vendor or partner selection.
• Cross-Functional Collaboration : Partner with stakeholders in IT, Enterprise Architecture, Finance, and Operations to ensure risk quantification informs business strategy. Support executive and board-level risk reporting with clear, actionable insights.
• Metrics, Data & Reporting : Develop and implement metrics, KRIs, and KPIs to monitor and communicate risk exposures, emerging trends, and mitigation outcomes. Leverage enterprise data warehouse and analytics platforms to produce timely, accurate, and transparent reporting.
• Thought Leadership and Change Adoption : Act as an internal champion for quantitative risk management, fostering adoption across all three lines of defense. Stay current with industry best practices, frameworks, and tools; recommend new approaches to advance program maturity.

Qualifications

About the Team

About Stellarus and the Ascendiun Family of Companies

Stellarus, launched in January 2025, is designed to scale innovative healthcare solutions that support customers in creating a health care experience deserving of their family, friends, and neighbors.

Stellarus is part of a family of organizations that is overseen by a nonprofit corporate entity named Ascendiun. The Ascendiun Family of Companies also includes Blue Shield of California and its subsidiary, Blue Shield of California Promise Health Plan and Altais, a clinical services company.

Stellarus' vision is to empower its customers to create a healthcare experience that is worthy of their family, friends, and neighbors. Stellarus' objective is to offer innovative, modern, scalable solutions that challenge the health care status quo. This very closely aligns with Blue Shield of California's vision by using innovation to improve quality, affordability, and experience for members.

To achieve our mission, we foster an environment where all employees can thrive and contribute fully to address the needs of the various communities we serve. We are committed to creating and maintaining a supportive workplace that upholds our values and advances our goals.

Our Values :

At Stellarus, our core values of agility, trust, drive, courage and service shape our approach to developing innovative product offerings.

Our Workplace Model :

At Stellarus and the Ascendiun Family of Companies, we believe in fostering a workplace environment that balances purposeful in-person collaboration with flexibility. As we continue to evolve our workplace model, our focus remains on creating spaces where our people can connect with purpose - whether working in the office or through a hybrid approach - by providing clear expectations while respecting the diverse needs of our workforce.

Two Ways of Working :

o Member-facing and approved out-of-state roles remain remote.

o Employees living more than 50 miles from their assigned offices are expected to work with their managers on a plan for periodic office visits.

o For employees with medical conditions that may impact their ability to work in-office, we are committed to engaging in an interactive process and providing reasonable accommodations to ensure their work environment is conducive to their success and well-being.

Physical Requirements :

Office Environment - roles involving part to full time schedule in Office Environment. Based in our physical offices and work from home office / deskwork - Activity level : Sedentary, frequency most of work day.

Please click here for further physical requirement detail.

Equal Employment Opportunity :

External hires must pass a background check / drug screen. Qualified applicants with arrest records and / or conviction records will be considered for employment in a manner consistent with Federal, State and local laws, including but not limited to the San Francisco Fair Chance Ordinance. All qualified applicants will receive consideration for employment without regards to race, color, religion, sex, national origin, sexual orientation, gender identity, protected veteran status or disability status and any other classification protected by Federal, State and local laws.