Overview
Skills
Job Details
Duration: 6+ Months
Location: SeaTac, WA
Pay Range: $80/Hr. to $90/Hr. (DOE)
Job Summary: Key Responsibilities:
The IT Cybersecurity Risk Manager is a subject matter expert in cybersecurity risk management and is responsible for the development, implementation and maintenance of a Cybersecurity Risk Management program at Alaska Airlines. As an individual contributor, this role defines long-term strategy for cybersecurity risk management exercises considerable latitude and initiative to solve complex challenges related to cyber risk management.
Develop, implement, and maintain a comprehensive cybersecurity risk management framework and program.
Identify, assess, and monitor IT and cybersecurity risks across infrastructure, applications, and third-party services.
Collaborate with IT, security, compliance, and business units to implement risk mitigation strategies.
Conduct IT risk assessments, control assessments, and scenario analysis to evaluate potential threats and vulnerabilities.
Ensure compliance with regulatory and industry standards (e.g., NIST, ISO 27001, GDPR, SOX, PCI).
Maintain the IT risk register and build reporting on key risk indicators (KRIs) and trends for leadership.
Manage the IT risk exception process by identifying, assessing, documenting, and monitoring exceptions to cybersecurity policies and standards.
Stay current on emerging IT risks and technologies.
Qualifications Required:
Bachelor's degree in Information Technology, Cybersecurity, Risk Management, or a related field or an additional two years of relevant training/experience in lieu of this degree.
5+ years of experience in IT risk management, cybersecurity, or IT audit.
Experience with risk assessment methodologies
Excellent written and verbal communication skills and stakeholder engagement skills
Detail-oriented and organized, and able to manage complex projects and multiple priorities
Preferred:
Professional certifications such as CRISC, CISM, CISSP, CISA, or CGEIT.
Experience with GRC tools.
Familiarity with cloud security and third-party risk management.
Strong understanding of IT governance, risk, and compliance (GRC) frameworks.