Enterprise Cybersecurity and IT Risk Management Operations Lead
About The Position
Direct the daily operations of the cybersecurity and IT risk management team, overseeing core workflows including user exception management, product risk assessment execution, security findings tracking, vulnerability risk coordination, AI use case risk review support, and enterprise risk register maintenance. Manage operational intake, triage, assignment, tracking, reporting, and escalation processes to ensure cybersecurity risk workflows are executed consistently, efficiently, and in alignment with established enterprise risk governance standards. Maintain a hands-on approach to daily execution, collaborating with technical teams, control owners, product owners, business stakeholders, and security operations teams to support timely risk treatment, accurate risk records, and actionable operational reporting. Report to and partner with the Enterprise IT and Cybersecurity Risk Evolution Lead to provide operational insights, workflow metrics, exception trends, findings data, vulnerability themes, and risk register inputs that inform enterprise risk strategy, governance improvements, executive reporting, and maturity roadmap priorities. Due to the nature of work performed within this facility, U.S. citizenship is required.
Requirements
- 8+ years of experience working in cybersecurity IT risk leadership
- Experience managing day-to-day cybersecurity and IT risk operations, including enterprise risk register maintenance, security findings tracking, user exception workflows, and operational risk intake
- Experience coordinating product risk assessment workflows and supporting AI use case risk reviews in alignment with established enterprise risk governance standards
- Experience managing the operational lifecycle of security findings, including intake, assignment, tracking, aging, reporting, and escalation, while remediation remains owned by accountable control, system, technology, product, or business owners
- Experience coordinating vulnerability risk tracking and reporting in partnership with technology and security operations teams responsible for remediation
- Experience generating operational risk reports, workflow metrics, compliance inputs, exception trends, findings status, and control-related data for technical teams, business stakeholders, and risk governance forums
- Ability to monitor operational cybersecurity controls and workflow adherence to identify process gaps, data quality issues, and opportunities for improvement
- Ability to prioritize daily functional tasks, manage team workflows, resolve operational blockers, and collaborate with peer leaders to maintain cybersecurity and IT risk management discipline across multiple enterprise programs
- HS diploma or GED
- U.S. citizenship is required.
Nice To Haves
- 7+ years of experience in people management, directing daily team operations, managing workload distribution, and developing talent in a fast-paced environment
- Experience with tracking risk data and managing workflows in enterprise GRC tools, such as Archer and ServiceNow
- Experience identifying operational trends, data quality issues, workflow bottlenecks, and recurring exception patterns to support risk governance and process improvement
- Knowledge of security controls and alignment to key regulations, such as NIST SP 800-53, NIST SP 800-171, FedRAMP, CMMC, or SOC 2 Type II
- Ability to triage complex operational problems, determine level of effort, secure resources, and drive tasks to closure with minimal supervision
- Bachelor’s degree
- Cyber risk certifications, including CISSP, Certified Governance Risk and Compliance (CGRC), or Certified in Risk and Information Systems Control (CRISC) certification
Responsibilities
- Direct the daily operations of the cybersecurity and IT risk management team.
- Oversee core workflows including user exception management, product risk assessment execution, security findings tracking, vulnerability risk coordination, AI use case risk review support, and enterprise risk register maintenance.
- Manage operational intake, triage, assignment, tracking, reporting, and escalation processes to ensure cybersecurity risk workflows are executed consistently, efficiently, and in alignment with established enterprise risk governance standards.
- Maintain a hands-on approach to daily execution, collaborating with technical teams, control owners, product owners, business stakeholders, and security operations teams to support timely risk treatment, accurate risk records, and actionable operational reporting.
- Report to and partner with the Enterprise IT and Cybersecurity Risk Evolution Lead to provide operational insights, workflow metrics, exception trends, findings data, vulnerability themes, and risk register inputs that inform enterprise risk strategy, governance improvements, executive reporting, and maturity roadmap priorities.
- Monitor operational cybersecurity controls and workflow adherence to identify process gaps, data quality issues, and opportunities for improvement.
- Prioritize daily functional tasks, manage team workflows, resolve operational blockers, and collaborate with peer leaders to maintain cybersecurity and IT risk management discipline across multiple enterprise programs.
Benefits
- health, life, disability, financial, and retirement benefits
- paid leave
- professional development
- tuition assistance
- work-life programs
- dependent care
- recognition awards program
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Senior
Education Level
High school or GED
