Greetings.
Job Title: Senior Cybersecurity Risk Manager/Program Manager
Location: Brooklyn, NY (Hybrid - 3 days onsite)
Duration: 12 Months
This is a Functional role.
We are seeking a highly experienced Senior Cybersecurity Risk Manager/Program Manager with 10+ years of expertise in Enterprise Risk Management (ERM), Cybersecurity Risk Management, and Governance, Risk, and Compliance (GRC). This role is responsible for designing, implementing, and optimizing cybersecurity risk programs, regulatory compliance frameworks, and enterprise risk governance models. The ideal candidate will collaborate closely with C-suite executives, business units, and technical teams to align cybersecurity risk management with business objectives and regulatory requirements.
The ideal candidate will have strong program management expertise, strategic leadership skills, and hands-on experience in developing risk and compliance frameworks that enhance cybersecurity resilience while driving business continuity.
Key Responsibilities:
Enterprise Risk Management & Cybersecurity Risk Management:
Design, develop, and execute enterprise-wide cybersecurity risk management programs, integrating risk management into business continuity planning and digital transformation initiatives.
Implement and oversee cyber risk quantification methodologies (FAIR, NIST RMF, ISO 27005) to assess and prioritize cybersecurity threats and vulnerabilities.
Develop and maintain risk management frameworks, risk registers, and key risk indicators (KRIs) to support informed decision-making.
Conduct cyber risk assessments, threat modeling, and risk treatment planning, ensuring effective mitigation strategies.
Establish a risk governance model, embedding cybersecurity risk management within enterprise risk management (ERM) practices.
Collaborate with CISOs, CIOs, and CROs to align cybersecurity risk with broader business risk strategies and resilience initiatives.
Governance, Risk, and Compliance (GRC) Program Development:
Build and mature cybersecurity GRC programs aligned with industry standards and regulatory requirements, including NIST 800-53, ISO 27001, CIS Controls, SOC 2, GDPR, CCPA, HIPAA, PCI DSS, and SOX.
Develop and enforce security policies, risk management standards, and control frameworks to drive enterprise-wide cybersecurity compliance.
Establish and oversee security governance models, integrating risk ownership across departments.
Evaluate and implement GRC tools (Archer, ServiceNow GRC, OneTrust) to automate risk tracking, policy enforcement, and compliance management.
Lead internal and external audits, regulatory assessments, and third-party risk evaluations to ensure compliance with cybersecurity regulations.
Deliver compliance reporting and risk dashboards for executive leadership and board presentations.
Third-Party Risk Management (TPRM) & Vendor Security:
Develop and manage a comprehensive TPRM program to assess, monitor, and mitigate cybersecurity risks associated with third-party vendors and supply chain partners.
Conduct vendor security risk assessments, contract reviews, and SLA compliance evaluations to ensure adherence to security requirements.
Collaborate with legal, procurement, and IT security teams to enforce contractual security obligations.
Implement a third-party risk monitoring framework, incorporating continuous risk assessments and automated compliance validation.
Strategic Cybersecurity & Risk Leadership:
Serve as a trusted advisor to executive leadership, translating complex cybersecurity risks into business-centric insights.
Lead enterprise-wide security risk mitigation strategies, ensuring alignment with digital transformation, cloud security, and zero-trust initiatives.
Provide C-suite risk briefings, strategic cybersecurity recommendations, and business-aligned risk reduction strategies.
Partner with IT, security, and compliance teams to embed cybersecurity risk management into daily business operations.
Enhance enterprise risk governance, ensuring cybersecurity is a fundamental consideration in strategic business decisions.
Program Management & Risk Culture Development:
Lead large-scale cybersecurity risk management and GRC initiatives, ensuring the successful execution of program milestones, budgets, and timelines.
Develop enterprise-wide security awareness and risk training programs to foster a security-first culture.
Establish key performance indicators (KPIs) and key risk indicators (KRIs) to measure program effectiveness and enhance the organization's security posture.
Deliver executive-level risk dashboards, board reports, and insights on cybersecurity risk trends and mitigation efforts.
Qualifications & Skills:
Required:
10+ years of experience in cybersecurity risk management, governance, compliance, and program leadership.
Proven expertise in building and managing ERM, cybersecurity risk, and GRC programs from inception to maturity.
Strong knowledge of cyber risk quantification methodologies (FAIR, NIST RMF, ISO 27005, COSO ERM) and regulatory frameworks.
Extensive program management experience, including oversight of multi-million-dollar cybersecurity risk and GRC programs.
In-depth expertise in third-party risk management (TPRM), vendor security risk assessments, and supply chain risk governance.
Hands-on experience with GRC platforms (Archer, ServiceNow GRC, OneTrust) and risk management tools.
Excellent leadership and stakeholder engagement skills, with the ability to effectively communicate cybersecurity risk to executives, board members, and technical teams.
Strong understanding of cloud security risks (AWS, Azure, GCP) and zero-trust security principles.
Preferred:
Certifications: CISSP, CISM, CRISC, CGEIT, CISA, CCSK, GSTRT, CGRC, CCISO, GSLC.
Experience in highly regulated industries (finance, healthcare, government, critical infrastructure).
Knowledge of AI-driven risk management, automation, and emerging cybersecurity trends.
Experience in developing risk-driven cybersecurity strategies aligned with business resilience and continuity goals.
Why Join Us?
Shape the future of enterprise cybersecurity risk management, working alongside executive leadership.
Lead high-impact cybersecurity risk and compliance programs in a dynamic business environment.
Competitive compensation, flexible remote/hybrid work options.
Apply today to take on a leadership role in cybersecurity risk and compliance at the enterprise level.