IT Security, Compliance, & Risk Coordinator

S

Sundial Software

IT Security, Compliance, & Risk Coordinator

Madison, WI
Full Time
Paid
  • Responsibilities

    The State of Wisconsin Wisconsin Historical Society (WHS) is looking for a Security Analyst II to act as an IT Security, Compliance, & Risk Coordinator

    Top Skills & Years of Experience: 5+ years of experience in the following:

    Must have:

    • Experience in cybersecurity compliance, audit coordination, or related IT risk management roles.

    • Experience managing IT security review processes, IT security exception workflows, and developing security policies or procedures

    • Experience coordinating vulnerability management programs and application security lifecycle oversight.

    • Experience creating and automating reports from industry standard IT security tools (e.g., Splunk, IronPort, Tenable, Cloudflare).

    Nice to have:

    • Prior experience in public-sector compliance or multi-agency single tenant environments.

    • Industry certifications such as Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), or Certified in Risk and Information Systems Control (CRISC), or Security+

    Onsite or Remote? Candidates MUST be WI residents or willing to relocate to WI prior to starting the role at their own expense. This is a hybrid position, so on-site work is required some days (likely 2-3 days) based on project and operational demands, but WHS is a great place to work right in the heart of downtown Madison and the UW-Madison Campus. Remote work is allowed and encouraged when possible.

    Public parking options are available nearby, public transportation is a half-block away, bike racks are available just outside of our doors. Commuting expenses are not covered by WHS.

    The Bureau of Information Technology Services (BITS) at the Wisconsin Historical Society (WHS) manages the technology and computer infrastructure that drives the Agency’s business systems. The IT department manages infrastructure and software that supports the WHS Headquarters building, the State Archives Preservation Facility (SAPF), and twelve Historic Sites around the State. This position reports to the Deputy IT Director and works closely with IT team members, key internal stakeholders across all WHS divisions, and external partners such as the Department of Administration’s (DOA) Division of Enterprise Technology (DET), providing expertise and support for a variety of complex cybersecurity technologies, IT risks, and compliance requirements.

    The IT Security, Compliance, & Risk Coordinator serves as the lead facilitator for agency cybersecurity compliance, audit readiness, and risk oversight ensuring alignment with state IT policies and standards, PCI DSS, and industry recognized frameworks. This role helps to guide agency IT security policy and procedure development, oversee audit responses, coordinates IT solution security review intake processes, manages the agency IT vulnerability management program, triages IT security exception requests and initiates review workflows, and maintains systems documentation such as risk registers and security review assessments.

    The Bureau of Information Technology Services (BITS) at the Wisconsin Historical Society (WHS) manages the technology and computer infrastructure that drives the Agency’s business systems.

    The IT department manages infrastructure and software that supports the WHS Headquarters

    building, the State Archives Preservation Facility (SAPF), and twelve Historic Sites around the

    State. This position reports to the Deputy IT Director and works closely with IT team members, key

    internal stakeholders across all WHS divisions, and external partners such as the Department of

    Administration’s (DOA) Division of Enterprise Technology (DET), providing expertise and support

    for a variety of complex cybersecurity technologies, IT risks, and compliance requirements.

    The IT Security, Compliance, & Risk Coordinator serves as the lead facilitator for agency

    cybersecurity compliance, audit readiness, and risk oversight ensuring alignment with state IT

    policies and standards, PCI DSS, and industry recognized frameworks. This role helps to guide

    agency IT security policy and procedure development, oversee audit responses, coordinates IT

    solution security review intake processes, manages the agency IT vulnerability management

    program, triages IT security exception requests and initiates review workflows, and maintains

    systems documentation such as risk registers and security review assessments.

    Regularly performing complex risk assessments related to cloud-hosted solutions (e.g., SaaS,

    PaaS, IaaS), Artificial Intelligence (AI) technology and AI use cases, agency data governance and

    privacy protections, and application security governance; the IT Security, Compliance, & Risk

    Coordinator acts as a key liaison to external partners and collaborates closely with internal IT

    teams, division leadership, program staff, regulatory agencies, and vendors to strengthen the

    agency’s security and compliance posture.

    This IT Security, Compliance, & Risk Coordinator champions a security and compliance minded

    culture daily and plays an integral role in promoting agency-wide IT security and risk awareness.

    Responsibilities

    IT Compliance & Risk Assessment Management:

    • Develop, implement, maintain, and monitor adherence to IT security or compliance

    policies and procedures, including data protection regulations or internal security

    policies, ensuring alignment with industry standards and regulatory requirements.

    Page 2

    • Conduct regular scans and coordinate risk assessments to identify potential security

    threats and vulnerabilities within IT systems, including those related to use of cloud-

    hosted solutions, AI use cases, and emerging technology integrations.

    • Develop and implement risk mitigation strategies while collaborating with partner

    agencies or managed service providers and internal technical teams to identify and

    address identified vulnerabilities, security, and compliance gaps.

    • Maintain a risk register and ensure that all identified risks are documented, assessed,

    and addressed promptly.

    • Oversee data governance activities to protect sensitive data and ensure compliance

    with privacy and security requirements.

    • Support application security governance, including lifecycle management, secure

    design guidance, and vendor compliance reviews.

    • Coordinate with legal and regulatory bodies to stay updated on compliance

    requirements and ensure organizational alignment.

    IT Incident Response Planning and Execution:

    • Assist in the development and maintenance of IT incident response plans and

    procedures. Test and evaluate existing IT incident response plans for effectiveness.

    • Educate IT staff, and non-IT staff as appropriate, on IT incident response procedures

    providing clear actionable steps to assist staff in a timely resolution.

    • Participate in incident response activities, including investigation, documentation, and

    notification or status updates of ongoing security incidents.

    • Create and maintain post-mortem documentation or tracking of resolved incidents,

    tracking patterns, and informing IT or agency leadership on incident impact, root

    cause, and steps taken to avoid subsequent incidents.

    IT Risk Reporting:

    • Analyze incident trends to recommend improvements to security controls and

    processes.

    • Utilize enterprise and agency resources for security monitoring and reporting of risk

    levels, network activity, email threat detection (e.g., spam, malware, phishing).

    • Produce executive-level risk and security reports for IT leadership and other key

    stakeholders.

    Cybersecurity Awareness and Training:

    • Lead agency-wide cybersecurity education and compliance initiatives, ensuring

    awareness and adherence to PCI DSS, NIST-based, and state-level standards.

    • Develop and deliver cybersecurity awareness programs to educate employees about

    security best practices and emerging threats.

    • Regularly create engaging training materials and conduct workshops to promote a

    security-conscious culture.

    • Regularly champion, provide guidance, and promote awareness on cybersecurity,

    data governance, and responsible technology use across the organization.

    Audit Functions:

    • Coordinate and prepare audit responses for oversight bodies including but not limited

    to the Department of Administration (DOA) or Legislative Audit Bureau (LAB).

    Page 3

    • Plan and execute IT audits to evaluate the effectiveness of security controls and

    compliance with policies.

    • Prepare detailed audit reports outlining findings, recommendations, and corrective

    actions.

    • Follow up on audit findings to ensure that corrective actions have been implemented

    effectively.

    Minimum Qualifications

    • 5+ years of experience in cybersecurity compliance, audit coordination, or related risk

    management roles.

    • Experience managing IT security review processes, IT security exception workflows, and

    developing security policies or procedures.

    • Experience creating and automating reports from industry standard IT security tools (e.g.,

    Splunk, IronPort, Tenable, Cloudflare).

    • Experience coordinating vulnerability management programs and application security

    lifecycle oversight.

    • Proven ability to coordinate complex risk assessments and compliance activities

    • Strong knowledge of IT Security Incident Response planning and preparation

    • Strong knowledge of PCI DSS standards and SAQ preparation.

    • Strong knowledge of NIST-based frameworks and government security standards.

    • Strong knowledge of both direct and indirect AI-related risks (i.e., “AI as a default”)

    • Strong understanding of data governance and privacy protection practices.

    • Experience collaborating with cross-functional IT teams and program area staff, external

    auditors, and regulatory agencies.

    • Excellent communication and analytical skills, with ability to translate complex IT security

    related topics for diverse often non-technical audiences.

    • Demonstrated ability to develop and deliver effective training programs.

    Desired Qualifications

    • Prior experience in public-sector compliance or multi-agency single tenant environments.

    • Industry certifications such as Certified Information Systems Auditor (CISA), Certified

    Information Systems Security Professional (CISSP), or Certified in Risk and Information

    Systems Control (CRISC), or Security+ (preferred but not required).

    This is a hybrid position, on-site HQ work is required some days based on project and

    operational demands, but WHS is a great place to work right in the heart of downtown

    Madison and the UW-Madison Campus. Remote work may be permitted on a scheduled

    basis after an initial onboarding period. Candidates MUST be WI residents or willing to

    relocate to WI prior to starting the role at their own expense.

    Public parking options are available nearby, public transportation is half a block away,

    and bike racks are available just outside of our HQ doors. Regular commuting expenses

    are not covered by WHS.