Director of Cyber Risk & Assurance
WPS—A health solutions company · Madison, WI · 1 mo ago
Information Technology$185k/yrFull-time
About the role
The Director of Cyber Risk & Assurance within our Enterprise IT Security team leads the enterprise-wide cyber risk and assurance function. This role transforms traditional GRC activities into a proactive capability that strengthens control effectiveness, clarifies accountability, and improves overall cybersecurity maturity.
Responsibilities
- Define the cyber risk framework, control ownership model, and assurance practices that support regulatory obligations, business needs, and the Enterprise Cyber Resilience operating model.
- Oversee key domains including issue and POA&M governance, cybersecurity awareness, automation, AI cyber enablement, and M&A-related cyber risk support.
Requirements
- U.S. citizenship is required due to Department of Defense restrictions.
- Bachelor’s degree in Cybersecurity, Information Systems, Computer Science, Risk Management, Business, or related field; 10+ years of progressive experience in cybersecurity, technology risk, information security governance, security assurance or related risk functions.
- Experience building or maturing a risk-based cybersecurity governance, risk, compliance, or assurance program.
- Strong knowledge of cybersecurity control frameworks and regulatory expectations such as NIST CSF, NIST SP 800-53, NIST SP 800-171, HIPAA, CMS security requirements, CMMC, SOC 1/SOC 2, ISO 27001, or comparable frameworks.
- Experience supporting Centers for Medicare & Medicaid Services (CMS), Section 912, CMMC, NIST 800-53/171, or other regulated audit and assurance environments.
- Experience in healthcare, insurance, government contracting, Medicare Administrative Contractor (MAC), U.S. Department of Defense (DOD), Tricare, highly regulated, or federally controlled environments.
Qualifications
- Master’s degree in Cybersecurity.
- Certifications such as CISSP, CISM, CRISC, CGRC, HCISPP, ISO 27001 Lead Implementer/Auditor, or similar.
Skills
- Leading the Cyber Risk & Assurance function encompassing governance, risk management, compliance coordination, and executive-level cyber risk reporting.
- Driving a risk-based assurance model that strengthens control effectiveness, remediation accountability, and measurable cybersecurity maturity.
- Overseeing the development and maintenance of an enterprise-aligned cybersecurity risk framework that meets regulatory, contractual, and AI governance expectations.
- Supporting cybersecurity audits, regulatory readiness, and control assurance activities across all required frameworks and assessments within an enterprise level environment.
- Enabling AI automation procedures, GRC enablement, and M&A/business-change risk practices that ensure consistent identification, assessment, and remediation of cyber risks.
- Leading staff development, stakeholder engagement, and executive-level risk communication to support enterprise cyber resilience and long-term cybersecurity strategy.
Benefits
- Remote and hybrid work options available.
- Performance bonus and/or merit increase opportunities.
- 401(k) with a 100% match for the first 3% of your salary and a 50% match for the next 2% of your salary (100% vested immediately).
- Competitive paid time off.
- Health insurance, dental insurance, and telehealth services start DAY 1.
- Professional and Leadership Development Programs.