Chief Information Security Officer
- Madison, WI
- Direct Hire - Full Time
- NM37505777
- Competitive
- IT
- 7/15/2025
Summary
The QTI Group is partnering with WPS to hire its next Chief Information Security Officer (CISO).
The Chief Information Security Officer (CISO) is responsible for establishing and maintaining the enterprise-wide information security strategy to protect company assets, customer data, and technology infrastructure. The CISO leads risk management, cybersecurity operations, policy development, incident response, and compliance efforts to mitigate threats and support business objectives. This role partners with senior leadership to align security strategy with organizational goals and regulatory expectations. The CISO leads the team responsible for maintaining contemporary knowledge of all security regulations and ensuring compliance with all WPS and relevant government requirements. The CISO assumes a strategic and operational leadership role that collaborates across departments to foster a strong culture of security awareness and resilience.
The Chief Information Security Officer (CISO) is responsible for establishing and maintaining the enterprise-wide information security strategy to protect company assets, customer data, and technology infrastructure. The CISO leads risk management, cybersecurity operations, policy development, incident response, and compliance efforts to mitigate threats and support business objectives. This role partners with senior leadership to align security strategy with organizational goals and regulatory expectations. The CISO leads the team responsible for maintaining contemporary knowledge of all security regulations and ensuring compliance with all WPS and relevant government requirements. The CISO assumes a strategic and operational leadership role that collaborates across departments to foster a strong culture of security awareness and resilience.
Location: Requires regular on-site presence in Madison, Wisconsin (expected a minimum of 3-4 days/week)
Essential Functions Include:
- Develop and lead the execution of the company’s information security vision, strategy, and roadmap.
- Advise the executive team on cybersecurity threats, risk mitigation, and emerging security technologies.
- Ensure security strategy supports business growth, digital transformation, and innovation.
- Oversee the security of enterprise systems, networks, applications, and data, including cloud and hybrid environments.
- Partner with Application Development and Infrastructure teams to ensure application and infrastructure security is optimized for each line of business (cloud, SaaS, on-premise).
- Identify, assess, and manage cybersecurity risks across the enterprise.
- Ensure our systems and data are protected from internal and external threats and maintain compliance with all regulatory requirements, including NIST 800-53, NIST 800-171, HIPAA, and other healthcare-related security standards.
- Conduct risk assessments and oversee third-party/vendor security evaluations.
- Lead the organization’s incident response planning, simulations, investigations, and recovery efforts. Direct root cause analysis and implement lessons learned following incidents.
- Oversee business continuity and disaster recovery strategies from a cybersecurity perspective.
- Develop, implement and maintain a robust cybersecurity training and awareness program for all employees and contractors.
- Manage security budgets, staffing plans, and vendor relationships.
- Collaborate with IT, legal, compliance, risk management, and operations teams to embed security in business practices.
- Coach and mentor the enterprise security team to ensure a culture of accountability and excellence; implement programs to drive employee engagement and satisfaction.
Qualifications Include:
- Bachelor’s degree in Information Security, Computer Science, Information Systems, or a related field required.
- Active Certified Information Systems Security Professional (CISSP) certification; or achieved within six months of hire.
- Fifteen (15) or more years of progressive experience in information security, with a minimum of five (5) years in a senior leadership role.
- Demonstrated ability to operate autonomously at a senior level - setting strategic direction, prioritizing initiatives, and driving them through to execution with measurable impact.
- Possess expert knowledge and understanding of information security architecture, systems design, and the current threat landscape within the healthcare industry.
- Strong knowledge and understanding of identity and access management, cybersecurity operations, vulnerability management, incident response, DevSecOps, third party risk management, and governance risk and compliance (GRC).
- Extensive knowledge and understanding of National Institute of Standards and Technology (NIST); experience with NIST 800-53 preferred.
- Exceptional leadership and team-building capabilities.
- Excellent interpersonal and communication skills with the ability to influence at all levels.
- Strong analytical and problem-solving skills with an emphasis on using data to drive decision-making.
- Ability to present complex cybersecurity topics to technical and non-technical stakeholders.
- Experience managing budgets, teams, and large-scale security initiatives.
- Ability to identify, prioritize and drive work efforts with the highest returns on investment to achieve desired health plan goals.
- Ability to work in a complex, rapidly evolving environment with multiple internal and external stakeholders.
- Extensive knowledge and understanding of information security regulations including Federal Information Security Management Act (FISMA), Federal Risk and Authorization Management Program (FedRAMP), Federal Information Processing Standard (FIPS), Defense Federal Acquisition Regulation Supplement (DFARS), Health Insurance Portability and Accountability Act (HIPAA), Personally Identifiable Information(PII), Protected Health Information(PHI) and relevant Executive Orders preferred.
*U.S. citizenship is required for this position due to Department of Defense restrictions.