Required Education
• Bachelor''s degree with 10+ years of experience in this capacity
Required Certification
• CISSP, CISA, CISM, CRISC
Required Skills
• 8+ years in cyber risk, IT risk, or information security risk (consulting or Big 4 experience preferred)
• Strong communication and presentation skills with ability to engage senior leadership
• Ability to translate technical concepts into business risk language
• Experience managing risk registers and tracking remediation activities
• Technical understanding of systems, controls, and risk scenarios
• Proactive, organized, and able to anticipate stakeholder needs
• Experience contributing to risk program design or process improvement
Nice-to-Have Skills:
• Qualitative risk analysis methodologies in cybersecurity or IT environments
• FAIR (Factor Analysis of Information Risk)
• ISO 27001, NIST, or similar frameworks
• ServiceNow IRM or similar GRC platforms
Job Description
• Facilitate risk acceptance and awareness discussions with senior leadership; translate technical risks into business terms
• Develop executive-ready presentations and proactively anticipate leadership questions and data needs
• Maintain and track the cyber risk register, including follow-up on remediation actions and acceptance decisions
• Perform qualitative risk analysis (likelihood and impact) using scenario-based models
• Evaluate control effectiveness and compensating controls; provide risk-based recommendations
• Support and contribute to the design and improvement of the cyber risk management program and associated processes
Never miss an opportunity! Create an alert based on the job you applied for.
