IO Datasphere, Inc. has been providing project management, software development and IT staff augmentation services to our clients in the Midwest and throughout the U.S. since 1996. We are an approved vendor on contract to provide software development and IT staff augmentation services for the States of Illinois, Michigan, Minnesota, Iowa, and Wisconsin. We also provide these services to businesses, as well as local and county governments, in the Midwest and nationwide.

Our client is looking for an IT Security, Compliance, & Risk Coordinator to serve as the lead facilitator for agency cybersecurity compliance, audit readiness, and risk oversight ensuring alignment with IT policies and standards, PCI DSS, and industry recognized frameworks. This role helps to guide agency IT security policy and procedure development, oversee audit responses, coordinates IT solution security review intake processes, manages the agency IT vulnerability management program, triages IT security exception requests and initiates review workflows, and maintains systems documentation such as risk registers and security review assessments.

Tasks

• Develop, implement, maintain, and monitor adherence to IT security or compliance policies and procedures, including data protection regulations or internal security policies, ensuring alignment with industry standards and regulatory requirements.
• Conduct regular scans and coordinate risk assessments to identify potential security threats and vulnerabilities within IT systems, including those related to use of cloud-hosted solutions, AI use cases, and emerging technology integrations.
• Develop and implement risk mitigation strategies while collaborating with partner agencies or managed service providers and internal technical teams to identify and address identified vulnerabilities, security, and compliance gaps.
• Maintain a risk register and ensure that all identified risks are documented, assessed, and addressed promptly.
• Assist in the development and maintenance of IT incident response plans and procedures. Test and evaluate existing IT incident response plans for effectiveness.
• Educate IT staff, and non-IT staff as appropriate, on IT incident response procedures providing clear actionable steps to assist staff in a timely resolution.
• Participate in incident response activities, including investigation, documentation, and notification or status updates of ongoing security incidents.
• Analyze incident trends to recommend improvements to security controls and processes.
• Utilize enterprise and agency resources for security monitoring and reporting of risk levels, network activity, email threat detection (e.g., spam, malware, phishing).
• Produce executive-level risk and security reports for IT leadership and other key stakeholders.
• Lead agency-wide cybersecurity education and compliance initiatives, ensuring awareness and adherence to PCI DSS, NIST-based, and state-level standards.
• Develop and deliver cybersecurity awareness programs to educate employees about security best practices and emerging threats.
• Regularly create engaging training materials and conduct workshops to promote a security-conscious culture.
• Regularly champion, provide guidance, and promote awareness on cybersecurity, data governance, and responsible technology use across the organization.
• Coordinate and prepare audit responses for oversight bodies
• Plan and execute IT audits to evaluate the effectiveness of security controls and compliance with policies.
• Prepare detailed audit reports outlining findings, recommendations, and corrective actions.

Knowledge, Skills and Abilities Required:

• Excellent communication and analytical skills, with ability to translate complex IT security related topics for diverse often non-technical audiences.
• Demonstrated ability to develop and deliver effective training programs.

NOTE: Candidates MUST be WI residents or willing to relocate to WI prior to starting the role at their own expense. This is a hybrid position, so on-site work is required some days (likely 2-3 days) based on project and operational demands. Remote work is allowed and encouraged when possible. Public parking options are available nearby, public transportation is a half-block away, bike racks are available just outside of our doors. Commuting expenses are not covered by the Agency .

Location: Madison, WI (Hybrid)

Contract: 1+ years

Skills Required:

• 5+ years - Experience in cybersecurity compliance, audit coordination, or related IT risk management roles.
• 5+ years - Experience managing IT security review processes, IT security exception workflows, and developing security policies or procedures
• 5+ years - Experience coordinating vulnerability management programs and application security lifecycle oversight.
• 5+ years - Experience creating and automating reports from industry standard IT security tools (e.g., Splunk, IronPort, Tenable, Cloudflare).
• Experience coordinating vulnerability management programs and application security lifecycle oversight
• Proven ability to coordinate complex risk assessments and compliance activities
• Strong knowledge of IT Security Incident Response planning and preparation
• Strong knowledge of PCI DSS standards and SAQ preparation.
• Strong knowledge of NIST-based frameworks and government security standards
• Strong knowledge of both direct and indirect AI-related risks (i.e., AI as a default )
• Strong understanding of data governance and privacy protection practices.
• Experience collaborating with cross-functional IT teams and program area staff, external auditors, and regulatory agencies.

Skills Desired A plus to have:

• Prior experience in public-sector compliance or multi-agency single tenant environments.
• Industry certifications such as Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), or Certified in Risk and Information Systems Control (CRISC), or Security+

*** Rate depends on experience

*** Local candidates preferred, not mandatory

*** Candidates authorized to work in the US are encouraged to apply. We can accept H1b, , TN, and other valid work visas for IT. However, we cannot accept OPT or CPT visas at this time.

*** Companies submitting candidates should only submit direct W2 employees for this position.

Please submit your resume by using the "URL" below