Manager, Cybersecurity Risk Management

About The Position

Requirements

• 8+ years of experience in security risk, with at least 3 years in a risk management role, or similar function.
• Strong knowledge of cybersecurity frameworks, company policies, and regulatory requirements.
• Certifications such as CISSP, CISM, CRISC, or CISA highly preferred.
• Proven ability to communicate complex risk concepts to non-technical stakeholders.
• Strong expertise across cloud (AWS, Azure, GCP), on-premises, and application environments.
• Experience with tools such as Service Now, GRC tools, PowerBi, and cloud technologies.
• Strong knowledge of risk frameworks (e.g., NIST, ISO, PCI, SOX, etc.).
• Bachelor’s degree in computer science, Engineering, IT, or related field.
• Strong analytical, quantitative, and qualitative skills with a detail-oriented, critical thinking mindset.
• Strategic thinker with deep capability in applying risk principles to business environments.
• Creative problem solver with sound business judgment and a proactive approach to risk mitigation.
• Passion for accuracy and translating insights into compelling, high-quality narratives.
• Exceptional communication skills—verbal, written, and visual—with fluency in English.
• Proven ability to translate complex technical concepts into plain language for decision-makers.
• Positive influence with strong stakeholder engagement and relationship-building abilities.
• Skilled in preparing polished deliverables that support informed decision-making.
• Team player who builds trust across technical and non-technical teams.
• Has 4+ years of experience managing and training staff.
• Demonstrated ability to work independently, adapt quickly, and drive tasks forward with limited direction.
• Strong project management and delegation skills across diverse, cross-functional initiatives.
• Experience driving change to completion in dynamic, fast paced environments.
• Proven ability to identify and assess risks across business processes, operations, and technology projects.
• Deep understanding of business functions and ability to translate technical risk into business impact.
• Highly organized with the ability to manage multiple assignments in iterative environments.
• Committed to the highest standards of integrity, ethics, and professionalism.
• Produces clear, polished work products in both narrative and visual formats.

Nice To Haves

• One or more of the following certifications: CISSP, CRISC, CISA.
• 5+ years of prior experience in a related field (media, entertainment, business development or streaming services industry experience a plus).
• Familiarity with streaming and similar products/services.
• 4+ years of Big 4 experience or in a related field (media, entertainment, business development or streaming services industry experience a plus).
• Experience working in a national or global company.
• Comfortable working in a highly iterative environment, both structured and unstructured.
• Risk mitigation experience with AWS and/or other Cloud Databases such as Azure, GCP, etc.
• Metrics and visualization tools knowledge a plus (i.e. Power BI, Tableau).
• Advanced user of Microsoft Office (Excel, PowerPoint, Word) to prepare all project plans, deliverables, presentations, reports, and findings.

Responsibilities

• Develop and maintain a comprehensive cybersecurity risk management strategy aligned with business objectives.
• Lead enterprise-wide risk assessments and remediation activities.
• Collaborate with IT, legal, compliance, and business units to ensure risk mitigation strategies are embedded in operations.
• Monitor emerging threats and risk posture and activities accordingly.
• Present risk analysis, metrics, and mitigation plans to management and stakeholders.
• Identify risk and mitigating controls for risk exceptions based on adherence to relevant company policies, standards, baselines, and industry standards (e.g., GDPR, PCI, SOX).
• Mentor and develop junior risk analysts and cybersecurity professionals.
• Ensure effective identification, quantification, communication, and management of technology risk, focusing on root cause analysis and resolution recommendations.
• Develop and maintain robust relationships, become a trusted partner with technologists, assessments teams, and stakeholders to facilitate cross-functional collaboration and progress toward shared goals.
• Proactively monitor and evaluate risk exceptions and risk register processes, identify gaps, and recommend enhancements to strengthen risk posture.
• Assist InfoSec teams in developing and maturing their risk exceptions rejection and approval criteria.
• Drive adoption of enterprise-wide risk assessment methodologies, frameworks, and tools.
• Collaborate with key stakeholders to enhance risk governance and ensure compliance with internal and regulatory requirements.
• Assist with the administration and maintenance of the Service Now GRC platform.
• Display and utilize advanced understanding of relevant SDLC methodologies, practices and compliance policies/procedures to assess risk exceptions criteria.
• Utilize prior experience in multiple IT disciplines and confirmed understanding of solution architecture, complex application systems design and platform integrations and various tech stacks during assessment of risk.

Benefits

• Health insurance coverage
• Employee wellness program
• Life and disability insurance
• Retirement savings plan
• Paid holidays and sick time
• Vacation