Job Description:
• Lead and evolve the IT security risk management program in alignment with organizational goals, risk appetite, and risk tolerance
• Partner with executive leadership to shape risk strategy and drive enterprise-wide adoption
• Serve as a key advisor on risk posture, translating technical findings into strategic business decisions
• Identify, assess, and quantify technology risks by evaluating cybersecurity threats, operational vulnerabilities, and emerging technology risks using qualitative and quantitative methodologies
• Conduct risk assessments using established frameworks, including NIST CSF and CIS Controls v8
• Translate technical findings into clear, actionable business risk and support risk-based decision making
• Manage and maintain the enterprise IT risk register, including risk ownership, scoring, and lifecycle tracking
• Design and implement IT security risk mitigation strategies and controls aligned with industry standards
• Lead the risk exception management process, including evaluation, documentation, and risk acceptance decisions
• Provide risk-informed guidance for complex technology initiatives, including emerging areas such as artificial intelligence and machine learning
• Integrate IT security risk management practices into business and technology processes
• Define and evolve risk metrics, key risk indicators (KRIs), and risk appetite thresholds
• Develop dashboards and reporting that translate risk data into actionable insights for executive and board-level audiences
• Communicate complex risk concepts clearly to both technical and non-technical stakeholders
• Drive adoption of IT security risk platforms and workflow automation to improve efficiency and scalability
• Identify and implement automation opportunities across risk management workflows
• Continuously enhance risk methodologies, tools, and processes
• Stay current on the evolving threat landscape, emerging technologies, and industry practices
• Mentor and guide junior team members in direct or matrixed reporting relationships
Requirements:
• 5+ years of IT risk management experience, with a focus on risk assessment, quantification, and risk register ownership (not primarily compliance or audit)
• 3+ years mentoring or leading team members
• Demonstrated experience mentoring analysts while owning and delivering discrete risk workstreams or program components
• Experience conducting risk assessments aligned to NIST CSF, CIS Controls v8, or similar frameworks
• Experience managing an IT risk register, risk exception processes, and residual risk documentation
• Experience developing risk metrics, dashboards, and executive reporting
• Experience with GRC platforms and workflow automation in a risk context
• Experience managing risks related to emerging technologies, including artificial intelligence
• Bachelor's degree in a relevant discipline required; Master’s degree preferred
• Preferred certifications: CRISC (ISACA), CISSP (ISC²), CISM (ISACA), CompTIA Security+, CompTIA CySA +, CompTIA CASP+, CGEIT (ISACA)
Benefits:
• Health insurance
• 401(k) retirement benefit
• Paid time off
• Parental leave
• Tuition assistance
• Entertainment and retail discounts
• Employee Stock Purchase Plan
• Well-being incentives
• Certain paid holidays