Cybersecurity Risk and Data Protection Manager

CONA Services•Charlotte, NC

1d•Hybrid

About The Position

The Manager, Cybersecurity Risk Management – Data Protection is responsible for leading the identification, assessment, and management of cybersecurity risks that could impact the confidentiality, integrity, and availability of the company’s data and critical business operations. This role serves as a key driver of the organization’s cybersecurity risk management program, ensuring risks are understood, prioritized, and addressed in alignment with business objectives and risk tolerance. This position partners closely with IT, Legal, Compliance, Internal Audit, and business leaders to translate cybersecurity and data protection risks into clear business impact, support informed decision-making, and strengthen governance and assurance across the enterprise. The Manager is accountable for maintaining risk assessments, supporting regulatory and audit requirements, overseeing control effectiveness related to data protection, and driving continuous improvement of cybersecurity risk practices across corporate and operational environments. Rather than acting as a hands-on technical operator, this role functions as a manager of risk and process, providing oversight, coordination, and guidance to ensure cybersecurity risks—particularly those related to sensitive data, third parties, and manufacturing and distribution operations—are effectively managed and communicated.

Requirements

Strong risk assessment and analytical skills, with the ability to identify, prioritize, and document cybersecurity and data protection risks.
Demonstrated problem solving and critical thinking skills to evaluate complex risk scenarios and recommend practical, risk based solutions.
Ability to translate technical cybersecurity risks into business impact, enabling informed decision making by leadership and stakeholders.
Experience with strategy development and program execution, including defining objectives, tracking progress, and driving continuous improvement.
Effective time management and organizational skills, with the ability to manage multiple priorities and deadlines concurrently.
Strong written and verbal communication skills, including the ability to prepare executive level reporting and facilitate cross functional discussions.
Proven ability to work cross functionally with IT, Legal, Compliance, Audit, and business teams to align on risk treatment and accountability.
Experience supporting or leading governance, risk, and compliance (GRC) activities, including risk registers, control documentation, and audit support.
Ability to influence without direct authority, drive consensus, and remove barriers to risk remediation.
Familiarity with data protection, third party risk, and operational risk considerations in large or distributed enterprise environments.
Experience in cybersecurity risk management, governance, or compliance within a medium to large enterprise environment.
Demonstrated ability to assess, document, and communicate cybersecurity and data protection risks in business terms.
Working knowledge of cybersecurity and risk management frameworks (e.g., NIST CSF, NIST RMF).
Bachelor's degree (4 years)
Knowledge acquired through 5 to up to 7 years of work experience

Nice To Haves

Bachelor’s degree (B.S.) in Cybersecurity, Information Security, Information Technology, Computer Science, Information Systems, Risk Management, or a closely related field.
Experience supporting data protection, third party risk, or compliance initiatives in manufacturing, distribution, or operational environments.
Familiarity with regulatory, audit, and assurance activities (e.g., SOX, PCI, internal audit support).
Experience maintaining cybersecurity risk assessments, risk registers, control documentation, and executive level risk reporting.
One or more professional certifications preferred: CRISC, CISM, CISA, CISSP.

Responsibilities

Lead the cybersecurity risk management program for data protection by identifying, assessing, prioritizing, and documenting risks that could impact sensitive data, business operations, and regulatory obligations.
Develop and maintain enterprise cybersecurity risk artifacts, including risk assessments, risk registers, and risk treatment plans, ensuring alignment with organizational risk tolerance and business objectives.
Partner cross functionally with IT, Legal, Compliance, Internal Audit, and business stakeholders to ensure cybersecurity and data protection risks are understood, owned, and appropriately managed.
Support governance, audit, and assurance activities by overseeing control documentation, evidence collection, and remediation tracking related to cybersecurity and data protection risks.
Translate cybersecurity risk into business impact through clear, executive level reporting, dashboards, and presentations to enable informed decision making by leadership.
Drive continuous improvement of cybersecurity risk practices, including alignment with industry frameworks (e.g., NIST CSF) and evolving regulatory, operational, and threat landscapes.
Provide guidance and oversight to ensure consistent application of risk management processes across corporate, operational, and third party environments.