Team Leader Technology Risk Governance

US-IA-Des Moines
Job ID
Information Technology
Requires Non-Compete?

Job Summary

In this role, you will lead and direct a team responsible for strategic and operational mobilization of Corporate Information Security (CIS) risk, policy, standards, the governance program, and metrics initiatives. In collaboration with the Chief Information Security Officer, you will maintain and implement a strategic road-map that focuses on implementing improvements that mature processes, practices, policies, controls, measures, roles and skills across multi-disciplined teams. In addition, you will apply governance, measurement systems, consistent vendor management, and training to support, track, and report on progress against corporate and divisional business objectives and realization of strategic value.


Core Competencies:

  • Accountability: Owning and taking responsibility for one’s actions.
  • Business Acumen: Understanding industry, market, financial and company specific operations.
  • Collaboration and Communication: Working together; listen to other’s ideas; communicate accurately and concisely.
  • Decision Making: Consider all facts and impacts when making decisions.
  • Focus on the Customer: Consistently doing what is in the best interest of our customer. Leaving a positive impression on the customer by elevating their experience; making it simpler and educating to helping them understand.

Minimum Qualifications Required (all must be met to be considered)

  • Bachelor’s degree or direct and applicable work experience
  • 7 years’ experience to include a combination of the following:
    • IT audit and/or quality review
    • Identification and management of IT risk; recommending ways to mitigate IT risk
    • Oversight or experience creating metrics on IT Risk
    • Identifying the need for and writing policies/procedures or other compliance documentation
    • Raising awareness by communicating, training and/or creating awareness programs for established policies/procedures
    • Utilizing control routines and risk management policies to identify and analyze risk
  • Formal leadership experience or informal leadership experience typically gained through project management or by coaching/mentoring others by providing guidance and feedback to help an employee to strengthen their knowledge and skills.
  • Experience planning and implementing change management initiatives.  Remaining flexible to meet constantly changing priorities. Supporting innovation and creativity by encouraging staff to accept and resolve challenges.
  • Demonstrated presentation skill as well as communication skills, both verbal and written.
  • Previous experience thinking strategically and communicating strategy and direction to a team.
  • Demonstrated ability to influence others to accomplish work, reach consensus and take action.
  • Proven ability to measure and evaluate work processes, services and products to achieve organizational goals. Ability to redesign processes as needed using bet methods and technology automation to meet or exceed business needs.
  • Demonstrated experience consulting with stakeholders to understand needs and provide counsel to meet business objectives.
  • Strong interpersonal skills, with the ability to develop strong relationships of collaboration and trust
  • Travel 5-10%  

Required to obtain CISSP and CISA within 2 years of hire

Hiring Specifications Preferred

  • 3+ years formal leadership experience
  • Master’s Degree
  • Certified Information Systems Security Professional (CISSP) - (ISC)²
  • IT Security experience

Job Accountabilities

Required to obtain CISSP and CISA within 2 years of hire

a. Provide leadership and day-to-day management of financial and human resources, primarily focusing on employee coaching,
development, performance improvement, coordination and budgeting for staff and department(s) specific functions/services. Support
business objectives and produce results that are effective, accurate, timely, and on target to meet business and stakeholder needs.

b. Accountable for the delivery and oversight for the daily administration of policies and standards framework for CIS including policy
and standards change management process, key approving stakeholders, and overall policy lifecycle.

c. Enhance the risk management framework be leading a team to develop and manage a risk governance framework across all of
technology; including risk life cycle, risk discovery and tracking, risk evaluation and rating, risk ownership and remediation and risk
cataloging. Will partner with cross-functional teams to develop a Technology Risk Governance committee and working group that
focuses on vision, mission, charter and overall risk oversight of technology.

d. Lead an IT Controls and Compliance team to manage technology audit issues and IT risk. Partner with key stakeholders and
external regulatory bodies to manage regulatory and audit examinations.

e. Govern and coordinate relevant IT Risk activities (e.g., Audit, Regulatory, risk assessment, control testing, monitoring, vulnerability
management, risk reporting) and remediation of identified gaps and issues.

f. Collaborate with Enterprise Data Management in the development and execution of a Risk Data Warehouse (RDW). Implement data
analytics processes and tools to use for dash-boarding and data driven risk decisions.

g. Define and drive reporting standards that support data security reporting and metrics, that includes security measures reported to the
Board of Directors. Will guide/lead an analyst on the integration of data using internal and external data sources to develop intelligent
metrics to support business decisions.

h. Provide oversight for all security risk policies, standards and programs. Create a vision for Corporate Information Security that
focuses on awareness and knowledge management of security threats. Look to refresh and develop policy frameworks to ensure content
is refreshed regularly and up-to-date.

i. Manage and oversee the Corporate Information Security (CIS) awareness and education. Engage and collaborate with stakeholders
across the organization to develop and execute information security awareness campaigns. Develop a security training and awareness
campaigns and schedule including company wide information security curriculums including mandatory global information security
training, simulated phishing training, secure code development and SDLC training.

j. Provide professional expertise and advise IT and Wellmark senior leadership in complying with all applicable laws, regulations, and
accreditations, including Health Insurance Portability and Accountability Act (HIPAA), Sarbanes-Oxley Act (SOX), Graham-Leach-
Bliley Act (GLBA), Utilization Review Accreditation Commission (URAC), National Committee for Quality Assurance (NCQA),
Patient Protection and Affordable Care Act (PPACA), etc. Assess changes in the regulatory, business, and technology environment and
recommend and implement appropriate changes to Wellmark IT policies, controls, and processes as well as IT roles and responsibilities.

k. Other duties as assigned.


Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed