Required to obtain CISSP and CISA within 2 years of hire
a. Provide leadership and day-to-day management of financial and human resources, primarily focusing on employee coaching,
development, performance improvement, coordination and budgeting for staff and department(s) specific functions/services. Support
business objectives and produce results that are effective, accurate, timely, and on target to meet business and stakeholder needs.
b. Accountable for the delivery and oversight for the daily administration of policies and standards framework for CIS including policy
and standards change management process, key approving stakeholders, and overall policy lifecycle.
c. Enhance the risk management framework be leading a team to develop and manage a risk governance framework across all of
technology; including risk life cycle, risk discovery and tracking, risk evaluation and rating, risk ownership and remediation and risk
cataloging. Will partner with cross-functional teams to develop a Technology Risk Governance committee and working group that
focuses on vision, mission, charter and overall risk oversight of technology.
d. Lead an IT Controls and Compliance team to manage technology audit issues and IT risk. Partner with key stakeholders and
external regulatory bodies to manage regulatory and audit examinations.
e. Govern and coordinate relevant IT Risk activities (e.g., Audit, Regulatory, risk assessment, control testing, monitoring, vulnerability
management, risk reporting) and remediation of identified gaps and issues.
f. Collaborate with Enterprise Data Management in the development and execution of a Risk Data Warehouse (RDW). Implement data
analytics processes and tools to use for dash-boarding and data driven risk decisions.
g. Define and drive reporting standards that support data security reporting and metrics, that includes security measures reported to the
Board of Directors. Will guide/lead an analyst on the integration of data using internal and external data sources to develop intelligent
metrics to support business decisions.
h. Provide oversight for all security risk policies, standards and programs. Create a vision for Corporate Information Security that
focuses on awareness and knowledge management of security threats. Look to refresh and develop policy frameworks to ensure content
is refreshed regularly and up-to-date.
i. Manage and oversee the Corporate Information Security (CIS) awareness and education. Engage and collaborate with stakeholders
across the organization to develop and execute information security awareness campaigns. Develop a security training and awareness
campaigns and schedule including company wide information security curriculums including mandatory global information security
training, simulated phishing training, secure code development and SDLC training.
j. Provide professional expertise and advise IT and Wellmark senior leadership in complying with all applicable laws, regulations, and
accreditations, including Health Insurance Portability and Accountability Act (HIPAA), Sarbanes-Oxley Act (SOX), Graham-Leach-
Bliley Act (GLBA), Utilization Review Accreditation Commission (URAC), National Committee for Quality Assurance (NCQA),
Patient Protection and Affordable Care Act (PPACA), etc. Assess changes in the regulatory, business, and technology environment and
recommend and implement appropriate changes to Wellmark IT policies, controls, and processes as well as IT roles and responsibilities.
k. Other duties as assigned.