Cybersecurity Risk Manager

a { text-decoration: none; color: #464feb; } tr th, tr td { border: 1px solid #e6e6e6; } tr th { background-color: #f5f5f5; } Cybersecurity Risk Manager Overview We are looking for a Cybersecurity Risk Manager to lead and strengthen our enterprise risk program. This role focuses on identifying, assessing, and managing cyber risks across internal systems, business processes, and third-party ecosystems. The ideal candidate is hands-on, structured, and comfortable working with both technical teams and business stakeholders. Key Responsibilities Risk Assessments Conduct end-to-end cybersecurity risk assessments across applications, infrastructure, and business processes Identify vulnerabilities, threats, and control gaps, and translate findings into actionable remediation plans Work with engineering and business teams to validate risks and track mitigation progress Threat Modeling Lead threat modeling exercises for new and existing systems Identify attack vectors, trust boundaries, and potential impact scenarios Partner with engineering teams to embed secure design practices early in the development lifecycle Third-Party Cyber Risk Assess and monitor cybersecurity risks associated with vendors and external partners Review security questionnaires, audit reports, and contractual security requirements Collaborate with procurement and legal teams to ensure risk is properly managed and documented GRC and Risk Governance Support and maintain governance, risk, and compliance processes aligned with regulatory and internal requirements Ensure policies, standards, and control frameworks are effectively implemented and followed Contribute to audits, regulatory reviews, and control testing activities Risk Register Management Maintain and continuously update the enterprise cybersecurity risk register Ensure risks are clearly documented, categorized, and prioritized based on impact and likelihood Track remediation actions and ensure accountability across stakeholders Reporting and Communication Develop clear, concise risk reports for technical teams and senior leadership Translate complex technical risks into business language and impact Provide regular updates on risk posture, trends, and remediation status Required Qualifications Solid experience in cybersecurity risk management, GRC, or related functions Hands-on experience conducting risk assessments and threat modeling Experience managing third-party or vendor cyber risk programs Strong understanding of security frameworks such as

NIST, ISO

27001, or similar Ability to maintain structured risk registers and track remediation efforts Strong communication skills with the ability to engage both technical and non-technical stakeholders Preferred Qualifications Strong risk qualification and prioritization skills, with the ability to distinguish real risk from noise Experience in regulated environments such as finance, healthcare, or large enterprises Familiarity with audit processes and control validation Experience working with cross-functional teams across legal, compliance, and technology Certifications such as CISSP, CISM, CRISC, or similar