Senior IT Security Analyst

U.S. citizenship is required for this position due to Department of Defense restrictions.

Senior Security Policy Analyst responsible for developing, implementing, and maintaining security policies, standards, and procedures while leveraging Service Now to streamline policy management, compliance tracking, and reporting. This role combines deep knowledge of cybersecurity frameworks with governance, risk, and compliance operations, excels at clear communication, quality documentation, and support for security awareness and responsible AI initiatives.

$90,000 ~ $115,000. The base pay offered may vary within the range based on job‑related knowledge, skills, experience and may fall outside of this range.

This position is hybrid; the employee must live within Wisconsin and be within 45 miles of WPS Headquarters in Madison, WI to work in the office three days a week.

• Develop, review, and maintain corporate security policies, standards, procedures, and guidelines in alignment with NIST CSF, regulatory requirements, and industry best practices.
• Be accountable for integration and management of security policies, controls, and risk assessments within Service Now IRM and Managed Documents.
• Conduct risk assessments, control evaluations, and gap analyses mapped to NIST CSF to support audit readiness and compliance initiatives.
• Collaborate with IT, Risk, Compliance, and Business teams to ensure policy adoption and awareness across the organization.
• Create clear, concise, and actionable security documentation, including policies, procedures, guidance, and reports.
• Monitor compliance with internal policies and external regulatory requirements, identify gaps and drive remediation efforts.
• Provide reports and analytics on policy adherence, exceptions, and trends using Service Now dashboards and workflows.
• Serve as a subject‑matter expert on security governance, NIST CSF implementation, and risk management best practices.
• Mentor junior analysts and provide guidance on policy development, implementation, and Service Now utilization.
• Develop security awareness training programs to educate employees on corporate security policies, procedures, and best practices.
• Support AI governance awareness programs to inform employees about responsible AI use, ethical considerations, and regulatory requirements.
• Maintain and update training materials to reflect changes in policies, regulations, or emerging AI and cybersecurity threats.
• Assess and monitor third‑party vendors to ensure compliance with company security policies and industry regulations.

• U.S. citizenship is required for this position due to Department of Defense restrictions.
• Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, Network Security or related field or equivalent combination of education and experience.
• Five or more years of experience in security policy, governance, risk, and compliance roles.
• Strong working knowledge of NIST CSF and AI governance principles, and other cybersecurity frameworks such as ISO 27001, CIS, or SOC 2.
• Strong knowledge and understanding of cloud security policies, configuration standards, and best practices for AWS, Azure, GCP or SaaS applications to apply governance.
• Demonstrated experience with Service Now IRM modules, including policy, risk, audit, and compliance workflows.
• Ability to create clear, professional, and actionable security and risk governance documentation.
• Experience developing and delivering security awareness training programs.
• Excellent communication skills, capable of engaging both technical and non‑technical stakeholders.
• Demonstrated experience in developing and implementing security policies and standards in a highly regulated environment.
• Strong analytical, organizational, and project management skills, with the ability to drive initiatives independently.

• Familiarity with KnowBe4 or other security awareness platform tools.
• Familiarity using AI to facilitate automated workflows.

• High‑speed cable or fiber.
• Minimum of 10 Mbps downstream and at least 1 Mbps upstream internet connection…