State of Washington
IT Security Risk and Compliance Manager
State of Washington, Walla Walla, Washington, United States
Mission of the Washington Health Benefit Exchange
Washington Health Benefit Exchange is a public‑private partnership that operates WashingtonHealthplanfinder, the eligibility and enrollment portal used by one in four Washington residents to obtain health and dental coverage. Our mission is to radically improve how Washington residents secure health insurance through innovative and practical solutions, an easy‑to‑use customer experience, and our core values of integrity, respect, equity, and transparency. Equity Statement
Equity is fundamental to the mission of the Washington Health Benefit Exchange. The process of advancing toward equity and becoming anti‑racist is disruptive and demands vigilance to dismantle deeply entrenched systems of privilege and oppression. While systemic racism is a root cause of many societal inequities, we must also use an intersectional approach to address all forms of bias and oppression, which interact with and often exacerbate racial inequities. To be successful, we must recognize the socioeconomic drivers of health and focus on people and places where needs are greatest. As we listen to community, we must hold ourselves accountable to responding to recommendations to remedy inequitable policies, systems, or practices within the Exchange’s area of influence. Our goal is that all Washingtonians have full and equal access to opportunities, power and resources to achieve their full potential. Position Summary
The IT Security Risk and Compliance Manager will manage, oversee, and coordinate the work of team members and activities in IT security compliance, risk management, and other duties as defined by the Chief Information Security Officer (CISO). The manager is responsible for developing the strategic direction for regulatory compliance and managing the risk of WAHBE data and information systems, continuously assessing security controls, creating and implementing IT security policy, procedures, and standards, and ensuring agency compliance with federal and state regulations. Duties
Provide supervision, guidance, and oversight of the WAHBE IT Security Risk and Compliance Team. Develop, maintain, and implement cybersecurity compliance deliverables, ensuring they meet CMS, IRS, and WAHBE requirements. Conduct comprehensive cybersecurity risk assessments to identify and evaluate potential threats and vulnerabilities. Perform thorough risk analysis, evaluating security controls and vulnerabilities. Ensure security controls align with WAHBE IT Security standards and compliance with CMS and IRS regulations. Develop and implement an information security risk management framework, including gap analysis, remediation timelines, and regular reviews. Develop risk management metrics and reports to communicate remediation efforts and risk treatment progress. Coordinate risk mitigation plans for federal reporting and ensure remediation activities are completed and effective. Collaborate with Compliance Officer, Information Security Manager, Cloud/Infrastructure Manager, Product Owner, Tech Ops, and other IT stakeholders. Manage CMS and IRS security audits and safeguard reviews. Manage third‑party security risk assessments and coordinate remediation plans. Maintain and update WAHBE Information Security policies and procedures. Review laws, regulations, and agreements to ensure security and privacy language is authorized. Foster innovation and manage risks during major transformations. Provide briefings and updates to CISO and engage with Enterprise Risk and Compliance Committee. Communicate obstacles that hinder compliance deliverables to CISO promptly. Collaborate with external partners to meet WAHBE policy, state, and federal regulations. Serve as liaison for audits, assessments, and reviews. Recruit, hire, lead, mentor, and retain talented risk and compliance staff. Qualifications – Required
Bachelor’s degree in engineering or technology‑related major and ten years of experience, including at least five years in staff management. Five years of experience leading and managing staff or contractors within IT risk and compliance domains. Excellent understanding of CMS standards such as MARS‑E 2.2 and ARC‑AMPE; and IRS standards such as Publication 1075. Excellent understanding of audit processes, standards, and procedures. Strong knowledge of testing methods and metrics. Highest ethical standards and commitment to confidentiality and regulatory requirements. Self‑starter with initiative and accountability. Excellent project management skills with ability to set clear timelines and manage change. Ability to prioritize multiple projects, follow through on issues promptly. Strong interpersonal skills and ability to collaborate with diverse stakeholders. Excellent conflict resolution and communication skills. Highly organized, proactive, resourceful, and attentive to detail. Strong understanding of contracting processes and procedures. Ability to maintain a high level of confidentiality. Desired Qualifications
Excellent understanding of NIST security guidelines (SP 800‑53 Rev 5) and the NIST RMF (SP 800‑37 Rev.). Proven ability to develop and implement change‑management strategies. Exceptional verbal and written communication skills. Resilience and composure in fast‑paced, high‑pressure environments. Positive, collaborative risk‑management approach. Application Instructions
This position will remain open until a suitable candidate is found. If interested, please submit an application as soon as possible. The Exchange reserves the right to close recruitment at any time. Salary Information
Full salary range: $109,719.00 to $164,579.00 annually. Midpoint: $137,149.00. Hiring range: $126,177.00 to $137,149.00 annually. Compensation will be based on experience, qualifications, internal equity, and market. Benefits
Employees receive medical (including vision), dental, and basic life insurance; flexible spending accounts; disability insurance; and access to public‑employee benefits, including retirement and deferred compensation through the Washington Public Employees’ Retirement System. Additional benefits include a workplace wellness program, dependent‑care assistance, auto, home, and renter insurance (through payroll deduction), and employee assistance programs. Working Conditions
Core business hours: 8:00 a.m. to 5:00 p.m., Monday through Friday. Remote and in‑person collaboration required. Hybrid schedule possible; flexible in‑office availability needed. Travel limited, but occasional meetings or training may require travel and irregular hours. Standard office furniture and equipment will be used; remote work requires a safe, ergonomic workspace. Special Requirements
A criminal background screen will be conducted for final candidates and every five years for those handling highly sensitive data. Screens must meet Exchange eligibility standards. Other Information
This description outlines the general nature of work performed; it is not exhaustive. Management may alter this description at any time without notice. This is not an employment agreement or contract. Equal Opportunity Employer
The Washington Health Benefit Exchange is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, age, marital status, sex, sexual orientation, gender identity, national origin, disability, or protected veteran status. We participate in E‑Verify.
#J-18808-Ljbffr
Washington Health Benefit Exchange is a public‑private partnership that operates WashingtonHealthplanfinder, the eligibility and enrollment portal used by one in four Washington residents to obtain health and dental coverage. Our mission is to radically improve how Washington residents secure health insurance through innovative and practical solutions, an easy‑to‑use customer experience, and our core values of integrity, respect, equity, and transparency. Equity Statement
Equity is fundamental to the mission of the Washington Health Benefit Exchange. The process of advancing toward equity and becoming anti‑racist is disruptive and demands vigilance to dismantle deeply entrenched systems of privilege and oppression. While systemic racism is a root cause of many societal inequities, we must also use an intersectional approach to address all forms of bias and oppression, which interact with and often exacerbate racial inequities. To be successful, we must recognize the socioeconomic drivers of health and focus on people and places where needs are greatest. As we listen to community, we must hold ourselves accountable to responding to recommendations to remedy inequitable policies, systems, or practices within the Exchange’s area of influence. Our goal is that all Washingtonians have full and equal access to opportunities, power and resources to achieve their full potential. Position Summary
The IT Security Risk and Compliance Manager will manage, oversee, and coordinate the work of team members and activities in IT security compliance, risk management, and other duties as defined by the Chief Information Security Officer (CISO). The manager is responsible for developing the strategic direction for regulatory compliance and managing the risk of WAHBE data and information systems, continuously assessing security controls, creating and implementing IT security policy, procedures, and standards, and ensuring agency compliance with federal and state regulations. Duties
Provide supervision, guidance, and oversight of the WAHBE IT Security Risk and Compliance Team. Develop, maintain, and implement cybersecurity compliance deliverables, ensuring they meet CMS, IRS, and WAHBE requirements. Conduct comprehensive cybersecurity risk assessments to identify and evaluate potential threats and vulnerabilities. Perform thorough risk analysis, evaluating security controls and vulnerabilities. Ensure security controls align with WAHBE IT Security standards and compliance with CMS and IRS regulations. Develop and implement an information security risk management framework, including gap analysis, remediation timelines, and regular reviews. Develop risk management metrics and reports to communicate remediation efforts and risk treatment progress. Coordinate risk mitigation plans for federal reporting and ensure remediation activities are completed and effective. Collaborate with Compliance Officer, Information Security Manager, Cloud/Infrastructure Manager, Product Owner, Tech Ops, and other IT stakeholders. Manage CMS and IRS security audits and safeguard reviews. Manage third‑party security risk assessments and coordinate remediation plans. Maintain and update WAHBE Information Security policies and procedures. Review laws, regulations, and agreements to ensure security and privacy language is authorized. Foster innovation and manage risks during major transformations. Provide briefings and updates to CISO and engage with Enterprise Risk and Compliance Committee. Communicate obstacles that hinder compliance deliverables to CISO promptly. Collaborate with external partners to meet WAHBE policy, state, and federal regulations. Serve as liaison for audits, assessments, and reviews. Recruit, hire, lead, mentor, and retain talented risk and compliance staff. Qualifications – Required
Bachelor’s degree in engineering or technology‑related major and ten years of experience, including at least five years in staff management. Five years of experience leading and managing staff or contractors within IT risk and compliance domains. Excellent understanding of CMS standards such as MARS‑E 2.2 and ARC‑AMPE; and IRS standards such as Publication 1075. Excellent understanding of audit processes, standards, and procedures. Strong knowledge of testing methods and metrics. Highest ethical standards and commitment to confidentiality and regulatory requirements. Self‑starter with initiative and accountability. Excellent project management skills with ability to set clear timelines and manage change. Ability to prioritize multiple projects, follow through on issues promptly. Strong interpersonal skills and ability to collaborate with diverse stakeholders. Excellent conflict resolution and communication skills. Highly organized, proactive, resourceful, and attentive to detail. Strong understanding of contracting processes and procedures. Ability to maintain a high level of confidentiality. Desired Qualifications
Excellent understanding of NIST security guidelines (SP 800‑53 Rev 5) and the NIST RMF (SP 800‑37 Rev.). Proven ability to develop and implement change‑management strategies. Exceptional verbal and written communication skills. Resilience and composure in fast‑paced, high‑pressure environments. Positive, collaborative risk‑management approach. Application Instructions
This position will remain open until a suitable candidate is found. If interested, please submit an application as soon as possible. The Exchange reserves the right to close recruitment at any time. Salary Information
Full salary range: $109,719.00 to $164,579.00 annually. Midpoint: $137,149.00. Hiring range: $126,177.00 to $137,149.00 annually. Compensation will be based on experience, qualifications, internal equity, and market. Benefits
Employees receive medical (including vision), dental, and basic life insurance; flexible spending accounts; disability insurance; and access to public‑employee benefits, including retirement and deferred compensation through the Washington Public Employees’ Retirement System. Additional benefits include a workplace wellness program, dependent‑care assistance, auto, home, and renter insurance (through payroll deduction), and employee assistance programs. Working Conditions
Core business hours: 8:00 a.m. to 5:00 p.m., Monday through Friday. Remote and in‑person collaboration required. Hybrid schedule possible; flexible in‑office availability needed. Travel limited, but occasional meetings or training may require travel and irregular hours. Standard office furniture and equipment will be used; remote work requires a safe, ergonomic workspace. Special Requirements
A criminal background screen will be conducted for final candidates and every five years for those handling highly sensitive data. Screens must meet Exchange eligibility standards. Other Information
This description outlines the general nature of work performed; it is not exhaustive. Management may alter this description at any time without notice. This is not an employment agreement or contract. Equal Opportunity Employer
The Washington Health Benefit Exchange is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, age, marital status, sex, sexual orientation, gender identity, national origin, disability, or protected veteran status. We participate in E‑Verify.
#J-18808-Ljbffr