Director of Cyber Risk & Assurance

Description U.S. citizenship is required for this position due to Department of Defense restrictions.

Our Director of Cyber Risk & Assurance within our Enterprise IT Security team leads our enterprise-wide cyber risk and assurance function and is responsible for establishing a modern, risk-based approach to cybersecurity governance, compliance, assurance, and regulatory readiness. This Director transforms traditional Governance, Risk, and Compliance (GRC) activities into a proactive capability that strengthens control effectiveness, clarifies accountability, and improves overall cybersecurity maturity. They define the cyber risk framework, control ownership model, and assurance practices that support regulatory obligations, business needs, and the Enterprise Cyber Resilience operating model. Our Director of Cyber Risk & Assurance oversees key domains including issue and Plan of Action & Milestone (POA&M) governance, cybersecurity awareness, automation, AI cyber enablement, and M&A-related cyber risk support.

Salary Range
$185,000 ~ $225,000
The base pay offered for this position may vary within the posted range based on your job-related knowledge, skills, experience and may fall outside of this range .

Work Location
Our first consideration will be to have this employee be able to take advantage of Hybrid work and collaboration, living within the state of Wisconsin. Employees within 45 miles of WPS Headquarters (1717 W. Broadway in Madison, WI, 53713) will be expected to be able to work in office 3 days a week on a regular basis.

How do I know this opportunity is right for me? If you:

• Enjoy leading the Cyber Risk & Assurance function encompassing governance, risk management, compliance coordination, and executive-level cyber risk reporting.
• Can drive a risk-based assurance model that strengthens control effectiveness, remediation accountability, and measurable cybersecurity maturity.
• Want to oversee the development and maintenance of an enterprise-aligned cybersecurity risk framework that meets regulatory, contractual, and AI governance expectations.
• Have overseen cybersecurity audits, regulatory readiness, and control assurance activities across all required frameworks and assessments within an enterprise level environment.
• Thrive when governing cybersecurity policies, awareness programs, and cross-functional alignment of security requirements to business-owned outcomes.
• Have established and enabled AI automation procedures, GRC enablement, and M&A/business-change risk practices that ensure consistent identification, assessment, and remediation of cyber risks.
• Enjoy leading staff development, stakeholder engagement, and executive-level risk communication to support enterprise cyber resilience and long-term cybersecurity strategy.

Minimum Qualifications

• U.S. citizenship is required for this position due to Department of Defense restrictions.
• Bachelor's degree in Cybersecurity, Information Systems, Computer Science, Risk Management, Business, or related field; equivalent combination of education and relevant experience may be considered.
• 10 or more years of progressive experience in cybersecurity, technology risk, information security governance, security assurance or related risk functions.
• 5 or more years in a leadership role in cybersecurity risk, GRC, assurance, technology risk, or cyber governance.
• Demonstrated experience building or maturing a risk-based cybersecurity governance, risk, compliance, or assurance program.
• Strong knowledge of cybersecurity control frameworks and regulatory expectations such as NIST CSF, NIST SP 800-53, NIST SP 800-171, HIPAA, CMS security requirements, CMMC, SOC 1/SOC 2, ISO 27001, or comparable frameworks.
• Proven experience using workflow automation, GRC tools, reporting dashboards, or process automation to improve risk, compliance, assurance, evidence collection, and remediation workflows.
• Working knowledge of AI-related cybersecurity risk, safe-use governance, AI policy considerations, or AI-enabled workflow automation.
• Demonstrated ability to translate complex technical control gaps into clear businessrisk implications and prioritized remediation strategies, paired with strong executivelevel communication, presentation, and stakeholderleadership skills.

Preferred Qualifications

• Experience in healthcare, insurance, government contracting, Medicare Administrative Contractor (MAC), U.S. Department of Defense (DOD), Tricare, highly regulated, or federally controlled environments.
• Experience supporting Centers for Medicare & Medicaid Services (CMS), Section 912, CMMC, NIST 800-53/171, or other regulated audit and assurance environments.
• Master's degree in Cybersecurity.
• Certifications such as CISSP, CISM, CRISC, CGRC, HCISPP, ISO 27001 Lead Implementer/Auditor, or similar.

Remote Work Requirements

• High speed cable or fiber
• Minimum of 10 Mbps downstream and at least 1 Mbps upstream internet connection (can be checked at
• Please review Remote Worker FAQs for additional information.

Benefits

• Remote and hybrid work options available
• Performance bonus and/or merit increase opportunities
• 401(k) with a 100% match for the first 3% of your salary and a 50% match for the next 2% of your salary (100% vested immediately)
• Competitive paid time off
• Health insurance, dental insurance, and telehealth services start DAY 1
• Professional and Leadership Development Programs
• Review additional benefits: (

Who We Are

WPS, a health solutions company, is a leading not-for-profit health insurer and federal government contractor headquartered in Madison, Wisconsin. WPS offers health insurance plans for individuals, families, seniors and group health plans for small to large businesses. We process claims and provide customer support for beneficiaries of the Medicare program and manage benefits for millions of active-duty and retired military personnel across the U.S. and abroad. WPS has been making healthcare easier for the people we serve for nearly 80 years. Proud to be military and veteran ready.

Culture Drives Our Success

WPS' culture is where the great work and innovations of our people are seen, fueled and rewarded. We accomplish this by creating an open and empowering employee experience. We recognize the benefits of employee engagement as an investment in our workforce-both current and future-to effectively seek, leverage, and include differing and unique perspectives that fuel agility and innovation on high-performing teams. This results in people bringing their authentic selves to work every day in an organization that successfully adapts to business changes and new opportunities.

We are proud of the recognition we have received from local and national organization regarding our culture and workplace: WPS Newsroom - Awards and Recognition.

Sign up for Job Alerts

FOLLOW US!

Instagram
LinkedIn
Facebook
WPS Health Blog This position may from time to time provide support to federal health care programs and other governmental or regulated industries. In accordance with law and/or contractual requirements, individuals in this role are or may be subject to all applicable federal regulations, agency contract requirements, and WPS internal policies, including but not limited to standards for data security, privacy, confidentiality, and program integrity. WPS and its personnel are subject to mandatory enhanced screening and background investigation prior to being granted access to information systems and/or sensitive data in order to safeguard regulated information and government resources that provide critical services.

Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities


This employer is required to notify all applicants of their rights pursuant to federal employment laws.
For further information, please review the Know Your Rights notice from the Department of Labor.