• Sr Information Security Third Party Risk Manager

    Location US-IA-Des Moines
    Job ID
    Information Technology
    Requires Non-Compete?
  • Job Summary

    About the Career: In this role, you will be responsible for oversight of third party security programs for Wellmark’s most complex/high priority third party vendors that store, process, and/or access Wellmark confidential and proprietary data.  This includes assessing third party security posture and maximizing protections for all aspects of security for the third party landscape.  As a part of a new department, you will also develop, enhance, and execute the Third Party Security team’s innovative strategy and business objectives.  You will partner and collaborate with Wellmark third party vendors, Procurement Services, Corporate Information Security (CIS) team members, Legal, and contract owners to drive deliverables. In addition, you will support process owner execution identification, development and testing information.


    Our Ideal Candidate: In addition to the highly technical skill set you have, you feel strong when you can look at a process and assist others in the evaluation of its design and effectiveness. You are highly self-motivated and feel fulfilled when your work is proactive in approach. Others may tell you that the secret behind your success is the way you work with others toward a common goal; you ensure that the right people are at the table and are engaged in working together.  


    Why Wellmark Technology? At a time when technology is creating new business models, disrupting industries and creating valuable experiences for consumers, our role as technology team members must elevate an organization through innovative transformation, modernized technology and delivery of new business strategies, including an aim to continuously evolve and enhance the customer experience. At Wellmark, our technology transformation program is called Ascend and is led by our empowered technology leaders and team members. Together, we are leaning into the future, owning the outcome and working together to transform how we work and what innovative solutions we deliver, all while ensuring our member’s data is secure.



    Wellmark has been named one of the best employers in the U.S. by Forbes Magazine, ranking #3 out of the top 500 midsize employers in the nation and 1st among midsize insurance companies! 

    Minimum Qualifications Required (all must be met to be considered)

    • Bachelor's Degree or direct and applicable work experience
    • Minimum 7 years’ experience to include a combination of the following:
      • 4 + years IT security/security audit/risk management experience
      • Experience with control routines and risk management processes; including, identifying, analyzing and measuring risk; recommending ways to mitigate risk
      • Experience managing IT vendor relationships, to include collaborating with third parties and monitoring service levels
    • Strong understanding of the domains of information security, including, but not limited to: network security, access management, application security, change management, risk management, and data security.
    • Strong decision making and communication skills (both written and oral) with the ability to influence and drive change as well as adapt communication to your audience; up to an including executive level management
    • Ability to multi-task and work both independently as well as part of an assessment team
    • Proven ability to understand stakeholder needs when identifying potential issues and recommending value-add initiatives
    • Ability to plan, execute, document, and lead assessment activities following established processes and procedures
    • Demonstrated ability to analyze information, assess risk appropriately, and recommend innovative ideas for remediation efforts
    • Demonstrated ability of planning and implementing change initiatives, while remaining flexible to meet constantly changing and sometimes opposing demands
    • Travel approximately 10-20% may be needed at times

    Hiring Specifications Preferred

    • Bachelor’s Degree
    • IT Certifications
      • Certified Information Security Management (CISM) - Information Systems Audit and Control Association(ISACA)
      • Certified Information Systems Auditor (CISA) - Information Systems Audit and Control Association (ISACA)
      • Certified Information Systems Security Professional (CISSP) - (ISC)²
    • Previous experience with reviewing penetration test assessments
    • Leadership typically gained through a combination of project and informal leadership that demonstrates competencies

    Job Accountabilities

    a. Manage and oversee the development, enhancement and execution of the Third Party Security strategy, to include assessing information security risks related to third party vendors that store, process, and/or access Wellmark confidential and proprietary information. Will perform onsite assessments and/or participate in calls with relevant vendor partners.

    b. Lead and execute security assessments for Wellmark's most complex/high priority third party vendors. Assessments include reviewing responses to and providing follow up questions on security questionnaires, penetration tests, network perimeter reports, and other applicable evidence items. Will review security gaps and provide risk mitigation recommendations to strengthen third party protection of Wellmark confidential and proprietary information. Document assessment results and recommended mitigation activities, along with third party risk scores, within a Third Party Security report. Provide peer review of work product and deliverables.

    c. Execute information security risk and control identification, evaluation, documentation, analysis and reporting processes, including leveraging analytic tools. Will support the vendor partner in the identification and testing of information security controls for risk mitigation effectiveness.

    d. Will partner and collaborate with Procurement Services, third party vendors, Corporate Information Security (CIS) team members, Legal, as well as other cross functional stakeholders to drive deliverables that support the development and management of a third party risk program. Continuously look to optimize processes that will govern the ongoing evaluation of risk for third party vendors, partners and affiliates who store, process, and/or access Wellmark confidential or proprietary data.

    e. Responsible for documenting and tracking to remediation third party information security risks within a formal risk registry. Provide high-level summation of information security risk assessments to the Vendor Management Steering Committee and all levels of leadership throughout the organization, as appropriate. Look to ensure all information security risks are remediated in a timely fashion.

    f. In support of all pre-contract activities, review and consult on security contract language to ensure Wellmark's protection of data and that the contract adheres to established guidelines. As directed by Wellmark legal provide education and communication to third party legal teams, regarding the importance of protecting Wellmark data.

    g. Execute the third party escalation process, as appropriate, and discuss consequence models to address insufficient adherence to information security control standards or governance.

    h. Develop, document, and maintain operational metrics to ensure information security risks and the performance of the information security program are measured sufficiently to enable success.

    i. Other duties as assigned.


    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed