Senior Cybersecurity Risk Assessor (Risk Manager)

About The Position

Requirements

• 5+ years in cybersecurity risk management, governance, or security engineering in a complex enterprise (cloud and on‑prem environment).
• Deep familiarity with NIST CSF, NIST RMF, ISO 27001/27701, SOC 2, and related frameworks.
• Experience performing and maturing risk assessments across technology stacks and business processes.
• Strong understanding of cloud platforms (AWS, Azure, GCP), SaaS environments, and modern enterprise architectures.
• Ability to translate technical risks into business‑level insights for executive stakeholders.

Nice To Haves

• Experience assessing risk associated with AI and Machine Learning.
• CRISC certification or other relevant certification

Responsibilities

• Risk Identification & Assessment Lead the execution of cybersecurity risk assessments across products, SaaS platforms, infrastructure, cloud environments, vendors, and business processes.
• Apply NIST RMF (800‑37, 800‑30, 800‑53), ISO 27001/27701/22301, and internal Blue Yonder cybersecurity standards in all assessments.
• Maintain and enhance the enterprise risk register, ensuring all risks are documented, categorized, and monitored.
• Risk Treatment & Mitigation Develop and drive risk‑response plans, collaborating with system owners, product teams, engineering, and cloud operations.
• Validate mitigation effectiveness and track remediations through closure.
• Provide expert recommendations on security controls, configuration standards, and compensating controls.
• Risk Monitoring & Governance Build KPIs, KRIs, dashboards, and reporting mechanisms to measure risk posture and program performance.
• Present risk trends, escalations, and mitigation progress to senior leadership.
• Ensure compliance with internal policies such as Cybersecurity Policy, Access Control Policy, Acceptable Use, and Information Classification Standards.
• Cross‑Functional Leadership Partner with Threat & Vulnerability Management, Application Security, Security Architecture, and GRC teams to ensure unified risk strategy and visibility.
• Collaborate with Legal, Compliance, and Commercial teams on contract risk requirements and customer security obligations.
• Security Culture & Awareness Promote a risk‑aware culture by educating stakeholders on risk principles, threat landscapes, and security responsibilities.
• Contribute to ongoing training and awareness initiatives aligned with Blue Yonder’s enterprise security program.

Benefits

• Comprehensive Medical, Dental and Vision
• 401K with Matching
• Flexible Time Off
• Corporate Fitness Program
• A variety of voluntary benefits such as; Legal Plans, Accident and Hospital Indemnity, Pet Insurance and much more