Deputy Information System Security Officer*

WPS Health Solutions Madison , WI 53706

Posted 4 weeks ago

Who We Are

We are a leading not-for-profit health insurer in Wisconsin, and our services have grown to reach active-duty and retired military personnel, seniors, and families in Wisconsin, across the U.S., and around the world. Learn more!

WPS receives World's Most Ethical Company Award for 10th Year in a Row - 2019 Most Ethical Companies Announcement

At Our Core

WPS Health Solutions has earned a reputation as a leader in the insurance and benefits administration industry through our commitment to excellence and high-quality service. Our corporate values reflect the core of who we are and how we conduct business every day.

Customer Focused

I recognize how my actions impact internal and external customers by being responsible for the customer experience. I look beyond the immediate issue to recognize and solve the problem.

Individual Responsibility

I own my actions. I am accountable and dedicated to achieving the best results for WPS Health Solutions and our customers. I embrace my role in helping the company achieve a high-performance workplace.

Mutual Respect

I lead by example and act ethically, honestly and am trustworthy. I show appreciation for others by giving and taking constructive feedback and encouragement.

Driven and Passionate

I approach my work with enthusiasm, and personal commitment to the success of our business. I keep the importance of the work we do for our customers alive in my attitude and interactions with others, and demonstrate pride in the worthiness of our purpose.

Position Summary

The Deputy Information System Security Officer will provide day-to-day subject matter expertise, consulting, and operational services for information security on mission-critical systems. You will support teams and work closely with Legal, Compliance and Government counterparts on mission-critical Information Technology (IT) projects and compliance initiatives. You will work closely with organization Privacy Officers to ensure systems design and business processes meet data privacy requirements. The functions of the Deputy ISSO align and support the functions, strategy and vision set forth by the Chief Information Security Officer (CISO).

In this role you will:

Information System Security Compliance (70%)

  • Interpret and maintain a working knowledge of WPS contracts, specifically regarding cybersecurity and compliance expectations and reporting requirements.

  • Maintain working relationships with regulatory agencies and governing bodies such as the Department of Defense (DoD), and CMS. Keep organization up to date on recent and future developments.

  • Track and review exceptions to required system configurations.

  • Work closely with Compliance to establish and maintain a process for identifying and documenting security control compliance (predictable/repeatable/sustainable).

  • Provide input to corrective action plans and preventative measures to appropriate implementation teams in response to findings by internal and external auditors.

  • Coordinate closely with IS subject matter experts to ensure tied-out and executable security controls, embrace and support a process of continuous improvement, along with evolving security control design.

  • Consult with IS teams and business units to promote compliance with company policy and regulatory requirements.

  • Coordinate with internal and external IT auditors to coordinate and schedule audits, risk assessments, official external evaluations, and penetration tests.

  • Provide compliance status to internal and external customers monthly (at a minimum), including Plan of Action and Milestones (POA&M).

  • Provide maintenance support of applicable system security plans to ensure they are current and complete, coordinate security plan certification and government reporting, as required.

  • Align security operations with corporate policy and regulatory requirements and guidelines.

  • Analyze security features of new IS products/solutions to ensure they meet company and regulatory requirements as part of system development life cycle.

  • Analyze security functionality of new/redesigned system architecture to meet company and regulatory requirements (specifically CMS Technical Reference Architecture) as part of system development life cycle.

  • Participate in information security investigations.

  • Perform daily prioritization of work to ensure assigned projects are completed timely.

  • Facilitate IT system information security program and ensure necessary safeguards are in place and working as intended.

  • Review compliance of all components with security requirements (such as CMS Core Security Requirements) and report vulnerabilities to management.

Leadership (30%)

  • Provide leadership, expertise, and solutions on moderately complex initiatives.

  • Assume backup role for Sr ISSO as needed.

  • Lead moderately complex projects and provide guidance to less experienced staff

  • Represent information security by participating on various security and compliance teams to address information security compliance requirements.

You should have:

  • Bachelor's degree in Information Systems or related field OR equivalent post high school education and/or work-related experience

  • Minimum of 1 or more related Security, Audit, and/or Project Management certifications such as Certified Information Security Manager (CISM), Certified

  • Information Systems Security Professional (CISSP), Certified Government Auditing Professional (CGAP)

  • Must complete a minimum of 40 Continuing Professional Education (CPE) hours annually.

In addition, we prefer:

  • 4 or more years of IT experience to include the following:
  • 2 or more years hands-on experience with one or more security standard (e.g. Service Organization Control 2 (SOC 2), PCI, National Institute of Science and Technology (NIST), Sarbanes-Oxley (SOX), International Organization for Standards (ISO), Control Objects for Information and Related Technologies (COBIT)) and

familiarity with HIPAA, PCI, and CMS requirements AND

  • 1 or more years of experience as an Information Security Engineer and/or 1 or more years of experience as a Senior IT Auditor with familiarity of IT Audit best practices; and/or 1 or more years security compliance experience as an IT Administrator

Stay connected: Sign-up for Job Alerts

FOLLOW US!

Facebook

Twitter

LinkedIn


icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon
lc_ad

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Information Security And Threat Manager

WPS Health Solutions

Posted 1 week ago

VIEW JOBS 4/12/2019 12:00:00 AM 2019-07-11T00:00 Who We Are We are a leading not-for-profit health insurer in Wisconsin, and our services have grown to reach active-duty and retired military personnel, seniors, and families in Wisconsin, across the U.S., and around the world. Learn more! WPS receives World's Most Ethical Company Award for 10th Year in a Row - 2019 Most Ethical Companies Announcement At Our Core WPS Health Solutions has earned a reputation as a leader in the insurance and benefits administration industry through our commitment to excellence and high-quality service. Our corporate values reflect the core of who we are and how we conduct business every day. Customer Focused I recognize how my actions impact internal and external customers by being responsible for the customer experience. I look beyond the immediate issue to recognize and solve the problem. Individual Responsibility I own my actions. I am accountable and dedicated to achieving the best results for WPS Health Solutions and our customers. I embrace my role in helping the company achieve a high-performance workplace. Mutual Respect I lead by example and act ethically, honestly and am trustworthy. I show appreciation for others by giving and taking constructive feedback and encouragement. Driven and Passionate I approach my work with enthusiasm, and personal commitment to the success of our business. I keep the importance of the work we do for our customers alive in my attitude and interactions with others, and demonstrate pride in the worthiness of our purpose. U.S. citizenship is required for this position due to Department of Defense restrictions. Position Summary The focus of the Manager is the directional function of their department. Managers interpret and explain policies and are responsible for coordinating activities within the department. In this role you will: Leadership (50%) * Responsible for setting the assigned department mission, values and strategic goals at the project level. * Responsible for the creation and execution of roadmaps for technologies their department supports. * Inspire team towards growth through innovative solutions. * Build policy and procedure that aligns with technical vision. * Foster learning environment. * Identify ways to reduce costs while ensuring business goals and objectives are met. * Look for process improvements or automation to ensure effective processes and adherence to the budget. * Own day to day decisions and strategic aspects of the department. * Remove obstacles and barriers to meet the needs of the customer. * Responsible for the management and development of staff, provide staff with opportunities for growth, training and mentoring. Assess performance and as appropriate, reward and discipline employees. * Write and deliver performance evaluations for direct staff; reviews and gives input to performance. Security and Threat Engineering (50%) * Meet with business partners, understand the business needs and help to solve business problems through security solutions. * Lead strategic security architecture build out and ensure work aligns with program goals and direction. * Manage the resources, build out and support of a world class security infrastructure. * Align projects and staff according to risk factors impacting the business. * Create metrics to support the functions of the unit and measure the effectiveness of security controls implemented by the team. * Translate complex security concepts into business digestible concepts. * Establish and manage security architecture and vision. * Map out strategies that align with security program and build on industry best practices while meeting and exceeding compliance obligations. You should have: * Bachelor's Degree in IT, CIS, MIS, or related field; or equivalent combination of education and work experience. * Minimum of 6 or more years progressive technical experience in IT or related department, including at least 4 or more years in a leadership level role or proven leadership ability. * Experience with resource and budget management. * Strong analytical and communication skills. * Strong understanding of security technologies and roadmaps and how to align the technology with business needs and plans. * Contain an understanding of multiple security engineering pillars and concepts. * Advanced knowledge in multiple areas of IT security including but not limited to: Networking, Identity and Access Management, Cloud Security, Operating Systems, Security, Security Compliance, Threat Management, Data Protection, Security Operations, Penetration testing, Application Security, or Development Security Operations. In addition, we prefer: * Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM) * Project Management Certification, such as CompTIA Project+, IAPM, MPM, CAPM PMP. * Applicable SANS related certifications (GSEC, GSLC, GSTR) * Experience aligning security systems with security frameworks such as NIST, COBIT, FISMA. * Experience with project and/or program management. Stay connected: Sign-up for Job Alerts FOLLOW US! Facebook Twitter LinkedIn WPS Health Solutions Madison WI

Deputy Information System Security Officer*

WPS Health Solutions