Senior Security Risk Manager

About The Position

Requirements

• 8+ years experience in security risk management, GRC, or related fields
• Bachelor’s degree in Computer Science, Information Security, or related field
• Experience with cyber threats and vulnerabilities, with hands-on expertise in one or more security domains (e.g., vulnerability management, insider risk, incident response, identity and access management, application, infrastructure, cloud, product, platform, data and AI security)
• Experience with cloud environments (AWS, Azure, GCP) and SaaS platforms
• Experience with risk management frameworks, risk quantification models (e.g., FAIR) or building custom risk scoring approaches
• Background with security risk assessments, controls, and threat analysis.
• Strong experience with GRC platforms and automation tools, preferably ServiceNow IRM.
• One or more certifications: CISSP, CRISC, CISM
• Excellent communication and stakeholder management skills

Nice To Haves

• Experience as a security risk SME or security architect
• Familiarity with cloud and SaaS environments (AWS, Azure, GCP)
• Experience managing or mentoring junior GRC professionals
• Experience building risk dashboards and metrics (e.g., Tableau, Power BI)

Responsibilities

• Lead end-to-end security risk assessments of applications, systems, and cloud and software environments, across all security domains leveraging advanced risk scoring models such as risk quantification
• Identify, assess, monitor, and report on security risks across the enterprise and within specific domains (e.g. Vulnerability Management, Third Party Risk, Product Security, Detection and Response, etc.)
• Review holistically Risk, Control, and Issue data to culminate recommendations on top security investments across the enterprise
• Analyze risk data to identify trends, root causes, and control gaps, and recommend changes to strengthen controls
• Partner with Engineering, Security, and business teams to embed risk insights into planning, prioritization, and decision-making
• Develop and maintain risk dashboards and metrics that provide leadership with actionable insights into risk exposure and trends within their portfolio
• Maintain and evolve the security control framework, ensuring risks are effectively mapped to controls, and are relevant to the business
• Provide recommendations on risk acceptance and mitigation that balances business objectives with security requirements
• Leverage modern GRC platforms and automation (e.g., ServiceNow IRM, OneTrust) to scale risk management processes
• Serve as a trusted advisor to leadership on security risk posture and decisions
• Stay ahead of emerging risks and industry trends to continuously improve risk practices

Benefits

• Bonus: Sales personnel are eligible for variable incentive pay dependent on their achievement of pre-established sales goals. Non-Sales roles are eligible for a company bonus plan, which is calculated as a percentage of eligible wages and dependent on company performance.
• Stock: This role is eligible to receive Restricted Stock Units (RSUs).
• Paid Time Off: earned time off, as well as paid company holidays based on region
• Paid Parental Leave: take up to six months off with your child after birth, adoption or foster care placement
• Full Health Benefits Plans: options for 100% employer paid and minimum employee contribution health plans from day one of employment
• Retirement Plans: select retirement and pension programs with potential for employer contributions
• Learning and Development: options for coaching, online courses and education reimbursements
• Compassionate Care Leave: paid time off following the loss of a loved one and other life-changing events