• Third Party Security Risk Lead (Information Security)

    Location US-IA-Des Moines
    Job ID
    213133
    Category
    Information Technology
    Requires Non-Compete?
    No
  • Job Summary

    About the Career: In this role, you will utilize your technical background to lead and execute information security assessments for Wellmark's most complex/high priority third party vendors including the identification and assessment of third party information systems, networks, and purchased software. You will document, evaluate, and test security controls and formulate risk scores and mitigation activities within a Third Party Security report. In addition, you will collaborate and influence the design of technology solutions, to systematically address security issues within third party environments. And you will collaborate with third party Chief Information Security Officers and their teams to provide insight / direction regarding security process improvements.

     

    Our Ideal Candidate: In addition to the highly technical skill set you have, you feel strong when you can partner with and advise complex/high priority vendors. You feel effective when you influence and/or drive enhancements to controls and/or processes to increase effectiveness of security programs. You are highly self-motivated and feel fulfilled when your work is proactive in approach. 

     

    Why Wellmark Technology? At a time when technology is creating new business models, disrupting industries and creating valuable experiences for consumers, our role as technology team members must elevate an organization through innovative transformation, modernized technology and delivery of new business strategies, including an aim to continuously evolve and enhance the customer experience. At Wellmark, our technology transformation program is called Ascend and is led by our empowered technology leaders and team members. Together, we are leaning into the future, owning the outcome and working together to transform how we work and what innovative solutions we deliver, all while ensuring our member’s data is secure.

     

    Wellmark has been named one of the best employers in the U.S. by Forbes Magazine, ranking #3 out of the top 500 midsize employers in the nation and 1st among midsize insurance companies! 

    Minimum Qualifications Required (all must be met to be considered)

    • Bachelor's Degree
    • Minimum 7 years’ experience to include any combination of the following:
      • Information Security/IT Consulting/ security audit/risk management experience
      • Specific experience with control routines and risk management processes; including, identifying, analyzing and measuring risk; recommending ways to mitigate risk
      • Managing IT vendor relationships, including collaborating with third parties and monitoring service levels
    • Candidate must be familiar with threats and vulnerabilities, latest industry trends and risks, with the ability to understand the technical remediation action steps/plans and be able to communicate them effectively to teams within the organization and/or third-party vendor.
    • Strong understanding of the domains of information security, including, but not limited to: network security, access management, application security, change management, risk management, and data security.
    • Strong decision making and communication skills (both written and verbal) with the ability to influence and drive change as well as adapt communication to your audience
    • Ability to multi-task and work both independently as well as part of an assessment team
    • Proven ability to understand stakeholder needs when identifying potential issues and recommending value-add initiatives
    • Ability to plan, execute, document, and lead assessment activities following established processes and procedures
    • Demonstrated ability to analyze information, assess risk appropriately, and recommend innovative ideas for remediation efforts
    • Demonstrated ability of planning and implementing change initiatives, while remaining flexible to meet constantly changing and sometimes opposing demands
    • Travel up to 20% may be needed at times

    Hiring Specifications Preferred

    • Master’s Degree
    • Previous experience with security architecture / cloud security architecture
    • IT Certifications
      • Certified Information Security Management (CISM) - Information Systems Audit and Control Association(ISACA)
      • Certified Information Systems Auditor (CISA) - Information Systems Audit and Control Association (ISACA)
      • Certified Information Systems Security Professional (CISSP) - (ISC)²
      • Certified Penetration Tester (CPT)
    • Previous experience with reviewing penetration test assessments

    Job Accountabilities

    a. Lead and execute information security assessments for Wellmarks most complex/high priority third party vendors including the identification and assessment of third party information systems, networks, and purchased software. Document, evaluate, and test security controls and formulate risk scores and mitigation activities within a Third Party Security report.

    b. Collaborate and influence the design of technology solutions, to systematically address security issues within third party environments. Collaborate with third party Chief Information Security Officers and their teams to provide insight / direction regarding security process improvements.

    c. Research and advise best practice technology, design, and methodology approaches to add value to relevant vendor partners. Maintain a current understanding of emerging trends and risks associated with changes and increased sophistication in technology. Provide guidance to third parties on information technology and business issues, as needed.

    d. Perform onsite assessments and participate in calls with relevant vendor partners. Will perform technical reviews of penetration test reports and connect findings to the effectiveness of security controls in place within third party environments.

    e. Review third party remediation plans and determine if the plan sufficiently mitigates identified risk. Responsible for documenting and tracking to remediation third party information security risks within a formal risk registry. Prepare and present highlevel summation of information security risk assessments to the Vendor Management Steering Committee and all levels of leadership throughout the organization, as appropriate. Look to ensure all information security risks are remediated in a timely fashion.

    f. Execute the third party escalation process, as appropriate, and discuss consequence models to address insufficient adherence to information security control standards or governance.

    g. Develop and execute a program to track and monitor the location and security of Wellmark data at third party facilities.

    h. Act as a liaison between the Third Party Security team and Wellmark Solution and Security Architects to ensure security risks are addressed appropriately.

    i. Partner and collaborate with Procurement Services, third party vendors, Corporate Information Security CIS team members, Legal, as well as other cross functional stakeholders to drive deliverables that support the development and management of a third party risk program. Continuously look to optimize processes that will govern the ongoing evaluation of risk for third party vendors, partners and affiliates who store, process, and/or access Wellmark confidential or proprietary data.

    j. Consult with business stakeholders regarding subject matter knowledge related to potential security improvements third parties should make in order to align business expectations with security best practices.

    k. Develop, document, and maintain operational metrics to ensure information security risks and the performance of the information security program are measured sufficiently to enable success.

    l. Mentor and coach staff through project, including helping staff with risk assessment and scoping of project, setting budgets and target dates, resolving conflict, prioritization of issues and navigating the organization. Perform peer review of work product and deliverables.

    m. Other duties as assigned.

    Options

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed