Director of Cyber Risk & Assurance

Director of Cyber Risk & Assurance

U.S. citizenship is required for this position due to Department of Defense restrictions.

Our Director of Cyber Risk & Assurance within our Enterprise IT Security team leads our enterprise-wide cyber risk and assurance function and is responsible for establishing a modern, risk-based approach to cybersecurity governance, compliance, assurance, and regulatory readiness. This Director transforms traditional Governance, Risk, and Compliance (GRC) activities into a proactive capability that strengthens control effectiveness, clarifies accountability, and improves overall cybersecurity maturity.

They define the cyber risk framework, control ownership model, and assurance practices that support regulatory obligations, business needs, and the Enterprise Cyber Resilience operating model. The Director oversees key domains including issue and Plan of Action & Milestone (POA&M) governance, cybersecurity awareness, automation, AI cyber enablement, and M&A-related cyber risk support.

$185,000 ~ $225,000. The base pay offered for this position may vary within the posted range based on your job‑related knowledge, skills, experience and may fall outside of this range.

Our first consideration will be to have this employee be able to take advantage of Hybrid work and collaboration, living within the state of Wisconsin. Employees within 45 miles of WPS Headquarters (1717 W. Broadway in Madison, WI, 53713) will be expected to be able to work in office 3 days a week on a regular basis.

• U.S. citizenship is required for this position due to Department of Defense restrictions.
• Bachelor’s degree in Cybersecurity, Information Systems, Computer Science, Risk Management, Business, or related field; equivalent combination of education and relevant experience may be considered.
• 10 or more years of progressive experience in cybersecurity, technology risk, information security governance, security assurance or related risk functions.
• 5 or more years in a leadership role in cybersecurity risk, GRC, assurance, technology risk, or cyber governance.
• Demonstrated experience building or maturing a risk‑based cybersecurity governance, risk, compliance, or assurance program.
• Strong knowledge of cybersecurity control frameworks and regulatory expectations such as NIST CSF, NIST SP 800-53, NIST SP 800-171, HIPAA, CMS security requirements, CMMC, SOC 1/SOC 2, ISO 27001, or comparable frameworks.
• Proven experience using workflow automation, GRC tools, reporting dashboards, or process automation to improve risk, compliance, assurance, evidence collection, and remediation workflows.
• Working knowledge of AI‑related cybersecurity risk, safe‑use governance, AI policy considerations, or AI‑enabled workflow automation.
• Demonstrated ability to translate complex technical control gaps into clear business‑risk implications and prioritized remediation strategies, paired with strong executive‑level communication, presentation, and stakeholder‑leadership skills.

• Experience in healthcare, insurance, government contracting, Medicare Administrative Contractor (MAC), U.S. Department of Defense (DOD), Tricare, highly regulated, or federally controlled environments.
• Experience supporting Centers for Medicare & Medicaid Services (CMS), Section 912, CMMC, NIST 800-53/171, or other regulated audit and assurance environments.
• Master’s degree in Cybersecurity.
• Certifications such as CISSP, CISM, CRISC, CGRC, HCISPP, ISO 27001 Lead Implementer/Auditor, or similar.

• High speed cable or fiber.
• Minimum of 10 Mbps downstream and at least 1 Mbps upstream internet connection (can be checked at ).
• Please review Remote Worker FAQs for additional information.

• Remote and hybrid work options available.
• Performance bonus and/or merit increase opportunities.
• 401(k) with a 100% match for the first 3% of your salary and a 50% match for the next 2% of your salary (100% vested immediately).
• Competitive paid time off.
• Health insurance, dental insurance, and telehealth services start DAY 1.
• Professional and Leadership Development Programs.
• Review additional benefits: ().

This position may from time to time provide support to federal health care programs and other governmental or regulated industries. In accordance with law and/or contractual requirements, individuals in this role are or may be subject to all applicable federal regulations, agency contract requirements, and WPS internal policies, including but not limited to standards for data security, privacy, confidentiality, and program integrity.

WPS and its personnel are subject to mandatory enhanced screening and background investigation prior to being granted access to information systems and/or sensitive data in order to safeguard regulated information and government resources that provide critical services.