Manager, Cybersecurity Risk

About The Position

Requirements

• 5+ years relevant experience and a Bachelor's degree OR Any equivalent combination of education and experience.
• 7+ years in technology risk, cybersecurity, or IT audit; 4+ years directly focused on third-party/vendor risk.
• Advanced knowledge of third-party risk assessment frameworks, including Shared Assessments SIG, ISO 27001/27002, SOC 2 Type II attestations, and vendor security control validation methodologies.
• Demonstrated experience with vendor technology and security due diligence, criticality segmentation and exit-strategy planning.
• Deep understanding of continuous attack-surface monitoring tools, vendor security rating platforms, and automated evidence collection for third-party attestation tracking.
• Knowledge of current and emerging third-party risks (e.g., supply chain attacks, fourth-party risks, AI/ML vendor risks); vendor cybersecurity threats and vulnerabilities; industry standard control frameworks (e.g., NIST Cybersecurity Framework, ISO 27000 series); and prominent data privacy and security regulations globally.
• Strong work ethic with proven ability to learn quickly, prioritize work, and manage complex deliverables to completion under established deadlines.
• Superb consultative, adjudicative, investigative, and influencing skills, including business acumen, stakeholder empathy, and conflict resolution.
• Exceptional verbal and written communication and analysis skills, including experience developing high-quality written analysis, strategy, or standards documents.
• Unquestionable professional and ethical integrity, ideally demonstrated through experience with projects of a sensitive, privileged, or confidential nature.
• Ability to approach and understand problems from a statistical or quantitative perspective and draw meaningful, accurate conclusions.

Nice To Haves

• Degree in a relevant discipline, such as cybersecurity, business, engineering, risk management, or computer science.

Responsibilities

• Leverage specialized security governance and risk expertise to identify and address complex security risks, recommending best practices and determining new approaches that have an impact on broader security operations, while aligning strategies with business priorities.
• Partner across teams and key stakeholders to drive security risk and governance initiatives, leading and solutioning complex projects and programs to strengthen overall security posture.
• Apply advanced analytical skills and sound judgment to assess and mitigate security risks, considering diverse perspectives and innovative solutions.
• Directly contribute to improvements within the security domain and occasionally beyond, ensuring decisions lead to meaningful enhancements in risk mitigation strategies and overall security practices.
• Leverage relationships across teams, both within and outside of security, to influence initiatives and integrate feedback into security governance processes and risk management practices.
• Develop and articulate clear plans and priorities for the team, guiding them to achieve security risk and governance objectives while fostering a collaborative and high-performance environment.
• Lead by example, providing mentorship and support to ensure the team successfully executes on initiatives and goals.
• Provide independent second-line oversight and effective challenge across the third-party lifecycle: planning, due diligence, contracting, onboarding, ongoing monitoring, change management, and exit.
• Review and challenge technology/security due diligence activities, vendor risk tiering/criticality, concentration risk, and fourth-party/chain risk determinations.
• Recognized as a third-party risk governance and compliance expert, independently addressing complex vendor concentration risks, criticality segmentation challenges, and providing strategic direction on third-party risk mitigation strategies across the technology and security domains.
• Validate KRIs/KPIs and continuous-monitoring approaches; synthesize monthly/quarterly trends and themes.
• Lead targeted deep-dive and thematic reviews of high-risk or material vendors; document clear risk statements, opinions, and recommendations.
• Validate issue remediation and risk acceptances; escalate where residual risk exceeds appetite and track closure to completion.
• Prepare committee-ready reporting and dashboards; brief senior technology, security, and risk leaders on posture, emerging risks, and systemic themes related to third-party risk.
• Contribute to annual risk assessment, maturity assessments, and policy/standard maintenance for third-party technology and security.
• Partner with first-line stakeholders while preserving independence; provide consultative guidance that enables prudent, risk-informed decisions.

Benefits

• Flexible work environment
• Employee shares options
• Health and life insurance
• Annual performance bonus
• Equity
• Medical, dental, vision, and other benefits