Cybersecurity Risk Manager

Cybersecurity Risk Manager

Overview

We are looking for a Cybersecurity Risk Manager to lead and strengthen our enterprise risk program. This role focuses on identifying, assessing, and managing cyber risks across internal systems, business processes, and third-party ecosystems. The ideal candidate is hands-on, structured, and comfortable working with both technical teams and business stakeholders.

Key Responsibilities

Risk Assessments

Conduct end-to-end cybersecurity risk assessments across applications, infrastructure, and business processes

Identify vulnerabilities, threats, and control gaps, and translate findings into actionable remediation plans

Work with engineering and business teams to validate risks and track mitigation progress

Threat Modeling

Lead threat modeling exercises for new and existing systems

Identify attack vectors, trust boundaries, and potential impact scenarios

Partner with engineering teams to embed secure design practices early in the development lifecycle

Third-Party Cyber Risk

Assess and monitor cybersecurity risks associated with vendors and external partners

Review security questionnaires, audit reports, and contractual security requirements

Collaborate with procurement and legal teams to ensure risk is properly managed and documented

GRC and Risk Governance

Support and maintain governance, risk, and compliance processes aligned with regulatory and internal requirements

Ensure policies, standards, and control frameworks are effectively implemented and followed

Contribute to audits, regulatory reviews, and control testing activities

Risk Register Management

Maintain and continuously update the enterprise cybersecurity risk register

Ensure risks are clearly documented, categorized, and prioritized based on impact and likelihood

Track remediation actions and ensure accountability across stakeholders

Reporting and Communication

Develop clear, concise risk reports for technical teams and senior leadership

Translate complex technical risks into business language and impact

Provide regular updates on risk posture, trends, and remediation status

Required Qualifications

Solid experience in cybersecurity risk management, GRC, or related functions

Hands-on experience conducting risk assessments and threat modeling

Experience managing third-party or vendor cyber risk programs

Strong understanding of security frameworks such as NIST, ISO 27001, or similar

Ability to maintain structured risk registers and track remediation efforts

Strong communication skills with the ability to engage both technical and non-technical stakeholders

Preferred Qualifications

Strong risk qualification and prioritization skills, with the ability to distinguish real risk from noise

Experience in regulated environments such as finance, healthcare, or large enterprises

Familiarity with audit processes and control validation

Experience working with cross-functional teams across legal, compliance, and technology

Certifications such as CISSP, CISM, CRISC, or similar