• Sr Information Security Third-Party Risk Manager

    Location US-IA-Des Moines
    Job ID
    Information Technology
    Requires Non-Compete?
  • Job Summary

    About the Career: In this role, you will be responsible for oversight of third party security programs for Wellmark’s most complex/high priority third party vendors that store, process, and/or access Wellmark confidential and proprietary data.  This includes assessing third party security posture and maximizing protections for all aspects of security for the third party landscape.  As a part of a new department, you will also develop, enhance, and execute the Third Party Security team’s innovative strategy and business objectives.  You will partner and collaborate with Wellmark third party vendors, Procurement Services, Corporate Information Security (CIS) team members, Legal, and contract owners to drive deliverables. In addition, you will support process owner execution identification, development and testing information.


    Our Ideal Candidate: In addition to the highly technical skill set you have, you feel strong when you can look at a process and assist others in the evaluation of its design and effectiveness. You are highly self-motivated and feel fulfilled when your work is proactive in approach. Others may tell you that the secret behind your success is the way you work with others toward a common goal; you ensure that the right people are at the table and are engaged in working together.  


    Why Wellmark Technology? At a time when technology is creating new business models, disrupting industries and creating valuable experiences for consumers, our role as technology team members must elevate an organization through innovative transformation, modernized technology and delivery of new business strategies, including an aim to continuously evolve and enhance the customer experience. At Wellmark, our technology transformation program is called Ascend and is led by our empowered technology leaders and team members. Together, we are leaning into the future, owning the outcome and working together to transform how we work and what innovative solutions we deliver, all while ensuring our member’s data is secure.


    Wellmark has been named one of the best employers in the U.S. by Forbes Magazine, ranking #3 out of the top 500 midsize employers in the nation and 1st among midsize insurance companies! 

    Minimum Qualifications Required (all must be met to be considered)

    • Bachelor's Degree or direct and applicable work experience
    • Minimum 7 years’ experience to include a combination of the following:
      • 4 + years IT security/security audit/risk management experience
      • Experience with control routines and risk management processes; including, identifying, analyzing and measuring risk; recommending ways to mitigate risk
      • Experience managing IT vendor relationships, to include collaborating with third parties and monitoring service levels
    • Strong understanding of the domains of information security, including, but not limited to: network security, access management, application security, change management, risk management, and data security.
    • Strong decision making and communication skills (both written and oral) with the ability to influence and drive change as well as adapt communication to your audience; up to an including executive level management
    • Ability to multi-task and work both independently as well as part of an assessment team
    • Proven ability to understand stakeholder needs when identifying potential issues and recommending value-add initiatives
    • Ability to plan, execute, document, and lead assessment activities following established processes and procedures
    • Demonstrated ability to analyze information, assess risk appropriately, and recommend innovative ideas for remediation efforts
    • Demonstrated ability of planning and implementing change initiatives, while remaining flexible to meet constantly changing and sometimes opposing demands

    Travel approximately 10-20% may be needed at times

    Hiring Specifications Preferred

    • Bachelor’s Degree
    • IT Certifications
      • Certified Information Security Management (CISM) - Information Systems Audit and Control Association(ISACA)
      • Certified Information Systems Auditor (CISA) - Information Systems Audit and Control Association (ISACA)
      • Certified Information Systems Security Professional (CISSP) - (ISC)²
    • Previous experience with reviewing penetration test assessments
    • Leadership typically gained through a combination of project and informal leadership that demonstrates competencies

    Job Accountabilities

    a. Manage and oversee the development, enhancement and execution of assessing information security risks related to thirdparty vendor relationships that store and/or process Wellmark confidential and proprietary information. Will perform physical site assessments of relevant vendor partners, provide peer review of work product and deliverables, and execute release of information analysis to third party vendor partners.

    b. Responsible for the annual review of all security tests for all Wellmarks most complex/highpriority 3rd party vendors. Will review security gaps and provide risk mitigation recommendations to strengthen their protection of Wellmark confidential and proprietary information.

    c. Execute information security risk and control identification, evaluation, documentation, analysis and reporting processes including analytic tools. Will support the vendor partner in the development and testing of information security controls for risk mitigation effectiveness.

    d. Will partner and collaborate with Procurement Services, vendors, Corporate Information Security CIS team members, as well as other crossfunctional stakeholders to drive deliverables that support the development and management of a thirdparty risk program. Continuously look to optimize processes that will govern the ongoing evaluation of risk for vendors, partners and affiliates who store or process Wellmark confidential or proprietary data.

    e. Responsible for tracking and documentation for all thirdparty information security risk. Provide highlevel summation of information risk assessment to Vendor Management and all levels of leadership throughout the organization, as appropriate. Look to ensure all information security risks are remediated in a timely fashion.

    f. Consult with Wellmark legal team and third party legal teams, as directed by Wellmark legal, to ensure contractual wording related to information security risks is sufficient and accountable.

    g. Will assist in the development of thirdparty escalation procedures and consequence models to address insufficient adherence to information security control standards or governances.

    h. Develop and maintain operational metrics to ensure information security risk and the performance of the information security program are measured sufficiently to enable success.

    i. Other duties as assigned.


    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed