Security Risk Analyst OR Senior Security Risk Analyst

U.S. citizenship is required for this position due to Department of Defense restrictions.

Who We Are

WPS Health Solutions is a leading not-for-profit health insurer in Wisconsin. Our services offer health insurance plans for individuals, families, seniors, and group plans for small to large businesses. We process claims and provide customer service support for beneficiaries of the Medicare program and manage benefits for millions of active-duty and retired military personnel across the U.S. and abroad. In 2021, WPS Health Solutions celebrated 75 years of making health insurance easier for those we serve. Proud to be military and veteran ready.

Our Culture

WPS’ Performance-Based Culture is where the great work and innovations of our people are seen, fueled, and rewarded. We accomplish this by creating an inclusive, empowering employee experience, focusing on People, Work, and Conditions. This results in people bringing their authentic selves to work every day in an organization that successfully adapts to business changes and new opportunities. We are guided by our Purpose: Together, making health care easier for the people we serve.

In 2021 and 2022, WPS Health Solutions was recognized for several awards including:

• Madison, Wisconsin’s Top Workplaces
• Top Workplace national cultural excellence awards for Remote Work and Work-Life Flexibility
• Achievers 50 Most Engaged Workplaces® with the further honor of Achievers “Elite 8” winner in the category of Culture Alignment

Role Snapshot

This position can be filled at the Professional level or Senior level of Security Risk Analyst.

The Information Security Risk Analyst implements and maintains a comprehensive information security risk management program. This includes defining key risk indicators, risk registers, processes, and standards. Will work with various departments to identify, measure, and report on risk based on information assets.

Demonstrate a clear understanding of security risks and controls; how controls mitigate the risks, and how controls could be cost-effectively and uniformly applied to protect information systems from security risks. Understand the policy, standards and procedures found in the WPS Security Program as well as understanding the appropriate laws and regulations that affect WPS business. Perform detailed security evaluation and control reviews of information systems and processes as a result of internal direction and business partner needs.

In this role you will:

• Identify and communicate recommended security and control deficiencies for business units.
• Document and monitor the implementation of controls for applications, technologies & assets.
• Maintain assessment criteria of applications & systems for measuring compliance of company policies, procedures, standards, security training programs, technical infrastructure, applications and development efforts against defined compliance baselines.
• Understand information security risks pertinent to its business goals and technology infrastructure and support an enterprise information security risk program to identify & assess and respond to risks.
• Maintain an up-to-date understanding of emerging trends in information security risks; apply new techniques and trends, in-line with overall information security objectives and risk tolerance.
• Provide leadership, expertise and solutions on moderate to complex initiatives.
• make independent decisions to determine areas of risk that should be assessed.
• Plan and manage small to medium projects.

How do I know this opportunity is right for me? If you:

• Possess strong knowledge of the risk Analysis: principles, assessments, tools and protocols of security administration / products.
• Have familiarity with security frameworks such as NIST, HITRUST and other government regulated contractual requirements
• Want to develop, document, maintain and support the information security risk management program in line with information security policy, practices and leading industry standards.
• Want to utilize your knowledge of the current methods and strategies used for monitoring and controlling access to networks and servers.
• Have experience analyzing security protocols and assessing compliance, security policies control deficiencies for business units.
• Enjoy working with stakeholders to identify system vulnerabilities and provide solutions for remediation.
• Understand concepts of hardware, software, networks and facilities that make up infrastructure and IT systems.
• Want to be a thought leader and utilize recent security trends and emerging technology and stays current on innovative security solutions.
• Have worked with vendor life cycle security management processes providing vendor security assessments for evaluations and tracking of risk changes.
• Have experience with GRC tools such as ServiceNow and automated workflows.

What will I gain from this role?

• Working in a highly complex, highly security conscious environment that has a security umbrella that encompasses Health Insurance, contracts with Center for Medicare and Medicaid Services (CMS) and Department of Defense (DOD) contracts that include, Tricare and VA.
• Assisting in the modernization and transition of legacy systems to cloud-based platforms.
• Being on a results oriented team, focused on security process improvements.
• Experience working in an agile environment to help drive high priority work.
• A deep understanding of Service Contract Act (SCA) and how it factors into compensation decisions.
• Experience working in an environment that serves our Nation’s military, veterans, Guard and Reserves and Medicare beneficiaries.
• Working in a continuous performance feedback environment.

Minimum Qualifications

• U.S. citizenship is required for this position due to Department of Defense restrictions.
• Ability to obtain and maintain Federal security clearance (ADP II)
• Bachelor's Degree in related field or equivalent post high school and/or related work experience.
• Senior level: 1 or more years of related work experience

Preferred Qualifications

• Experience with IT compliance and regulatory requirements to include working with internal and external auditors, government agencies (e.g. CMS), or security coordinator experience.
  • Professional level: 1 or more years of experience.
  • Senior level: 3 or more years of experience.
• Certifications that could include: CISA, CRISC, GCCC, CISSP
• Understanding of networking and security technologies.
• Advanced knowledge of Microsoft Office products, such as Teams, Excel, Word, PowerPoint, and SharePoint.
• Experience working in a team environment under minimal supervision with the ability to make sound decisions.
• Understanding of documentation processes and workflows.
• Familiar with a variety of security concepts, practices and procedures. A wide degree of creativity and latitude is expected.

This role is open to 100% remote work for this opportunity in the following approved states:
Arizona, Colorado, Connecticut, Florida, Georgia, Illinois, Indiana, Iowa, Michigan, Minnesota, Missouri, Nebraska, New Jersey, North Carolina, North Dakota, Ohio, South Carolina, South Dakota, Texas, Virginia, Wisconsin

Your team:

Our team is a group of security professionals with a variety of backgrounds and expertise focused on providing sound security leadership to the organization. This requires the team to work closely together and rely on each other’s strengths and areas of expertise.

Benefits

• The base pay offered for this position may vary based on your experience, knowledge, skills and may fall outside the posted range:
  Professional level: $50,000 ~ $114,000 plus
  Senior Level: 70,700 ~ $131,300 plus
  

• Remote and hybrid work options available
• Performance bonus and/or merit increase opportunities
• 401(k) with dollar-per-dollar match up to 6% of salary (100% vested immediately)
• Competitive paid time off
• Health, dental insurance, Teladoc starts DAY 1
• Review additional benefits here

Sign up for Job Alerts

FOLLOW US!

LinkedIn

Facebook

Twitter

Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities

The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information. 41 CFR 60-1.35(c)