Director of Cyber Risk & Assurance

U.S. citizenship is required for this position due to Department of Defense restrictions.

Our Director of Cyber Risk & Assurance within our Enterprise IT Security team leads our enterprise-wide cyber risk and assurance function and is responsible for establishing a modern, risk-based approach to cybersecurity governance, compliance, assurance, and regulatory readiness. This Director transforms traditional Governance, Risk, and Compliance (GRC) activities into a proactive capability that strengthens control effectiveness, clarifies accountability, and improves overall cybersecurity maturity.

They define the cyber risk framework, control ownership model, and assurance practices that support regulatory obligations, business needs, and the Enterprise Cyber Resilience operating model. Our Director of Cyber Risk & Assurance oversees key domains including issue and Plan of Action & Milestone (POA&M) governance, cybersecurity awareness, automation, AI cyber enablement, and M&A-related cyber risk support.

Salary Range$185,000 ~ $225,000The base pay offered for this position may vary within the posted range based on your job-related knowledge, skills, experience and may fall outside of this range.

Work LocationOur first consideration will be to have this employee be able to take advantage of Hybrid work and collaboration, living within the state of Wisconsin. Employees within 45 miles of WPS Headquarters (1717 W. Broadway in Madison, WI, 53713) will be expected to be able to work in office 3 days a week on a regular basis.How do I know this opportunity is right for me?

If you:

• Enjoy leading the Cyber Risk & Assurance function encompassing governance, risk management, compliance coordination, and executive-level cyber risk reporting.
• Can drive a risk-based assurance model that strengthens control effectiveness, remediation accountability, and measurable cybersecurity maturity.
• Want to oversee the development and maintenance of an enterprise-aligned cybersecurity risk framework that meets regulatory, contractual, and AI governance expectations.
• Have overseen cybersecurity audits, regulatory readiness, and control assurance activities across all required frameworks and assessments within an enterprise level environment.
• Thrive when governing cybersecurity policies, awareness programs, and cross-functional alignment of security requirements to business-owned outcomes.
• Have established and enabled AI automation procedures, GRC enablement, and M&A/business-change risk practices that ensure consistent identification, assessment, and remediation of cyber risks.
• Enjoy leading staff development, stakeholder engagement, and executive-level risk communication to support enterprise cyber resilience and long-term cybersecurity strategy.

Minimum Qualifications

• U.S. citizenship is required for this position due to Department of Defense restrictions.
• Bachelor's degree in Cybersecurity, Information Systems, Computer Science, Risk Management, Business, or related field; equivalent combination of education and relevant experience may be considered.
• 10 or more years of progressive experience in cybersecurity, technology risk, information security governance, security assurance or related risk functions.
• 5 or more years in a leadership role in cybersecurity risk, GRC, assurance, technology risk, or cyber governance.
• Demonstrated experience building or maturing a risk-based cybersecurity governance, risk, compliance, or assurance program.
• Strong knowledge of cybersecurity control frameworks and regulatory expectations such as NIST CSF, NIST SP 800-53, NIST SP 800-171, HIPAA, CMS security requirements, CMMC, SOC 1/SOC 2, ISO 27001, or comparable frameworks.
• Proven experience using workflow automation, GRC tools, reporting dashboards, or process automation to improve risk, compliance, assurance, evidence collection, and remediation workflows.
• Working knowledge of AI-related cybersecurity risk, safe-use governance, AI policy considerations, or AI-enabled workflow automation.
• Demonstrated ability to translate complex technical control gaps into clear business-risk implications and prioritized remediation strategies, paired with strong executive-level communication, presentation, and stakeholder-leadership skills.

Preferred Qualifications

• Experience in healthcare, insurance, government contracting, Medicare Administrative Contractor (MAC), U.S. Department of Defense (DOD), Tricare, highly regulated, or federally controlled environments.
• Experience supporting Centers for Medicare & Medicaid Services (CMS), Section 912, CMMC, NIST 800-53/171, or other regulated audit and assurance environments.
• Master's degree in Cybersecurity.
• Certifications such as CISSP, CISM, CRISC, CGRC, HCISPP, ISO 27001 Lead Implementer/Auditor, or similar.

Remote Work Requirements

• High speed cable or fiber
• Minimum of 10 Mbps downstream and at least 1 Mbps upstream internet connection (can be checked at ).
• Please review Remote Worker FAQs for additional information.

Benefits

• Remote and hybrid work…