ZipRecruiter

Log In

1

Cyber Risk Assessment Jobs in California (NOW HIRING)

Deloitte

Consultant - ServiceNow

Costa Mesa, CA ยท Remote

Includes design of the cyber organization, governance, and risk assessments. Qualifications Required: * Bachelor's degree in Computer Science, Information Systems, Cyber Security, Engineering ...

Newegg

Director, Risk Management

Diamond Bar, CA ยท On-site

Conduct organization-wide risk assessments; ensure mitigation strategies are embedded within ... Experience with D&O, E&O, Cyber, and international insurance programs. * Background in internal ...

Deloitte

Senior Consultant - ServiceNow

Fresno, CA ยท Remote

Includes design of the cyber organization, governance, and risk assessments. Qualifications Required: * Bachelor's degree in Computer Science, Information Systems, Cyber Security, Engineering ...

Deloitte

Consultant - ServiceNow

Fresno, CA ยท Remote

Includes design of the cyber organization, governance, and risk assessments. Qualifications Required: * Bachelor's degree in Computer Science, Information Systems, Cyber Security, Engineering ...

Deloitte

Senior Consultant - ServiceNow

San Diego, CA ยท Remote

Includes design of the cyber organization, governance, and risk assessments. Qualifications Required: * Bachelor's degree in Computer Science, Information Systems, Cyber Security, Engineering ...

Deloitte

Consultant - ServiceNow

San Diego, CA ยท Remote

Includes design of the cyber organization, governance, and risk assessments. Qualifications Required: * Bachelor's degree in Computer Science, Information Systems, Cyber Security, Engineering ...

Deloitte

Senior Consultant - ServiceNow

Inglewood, CA ยท Remote

Includes design of the cyber organization, governance, and risk assessments. Qualifications Required: * Bachelor's degree in Computer Science, Information Systems, Cyber Security, Engineering ...

Deloitte

Consultant - ServiceNow

San Francisco, CA ยท Remote

Includes design of the cyber organization, governance, and risk assessments. Qualifications Required: * Bachelor's degree in Computer Science, Information Systems, Cyber Security, Engineering ...

Deloitte

Senior Consultant - ServiceNow

Costa Mesa, CA ยท Remote

Includes design of the cyber organization, governance, and risk assessments. Qualifications Required: * Bachelor's degree in Computer Science, Information Systems, Cyber Security, Engineering ...

Deloitte

Consultant - ServiceNow

Los Angeles, CA ยท Remote

Includes design of the cyber organization, governance, and risk assessments. Qualifications Required: * Bachelor's degree in Computer Science, Information Systems, Cyber Security, Engineering ...

Deloitte

Consultant - ServiceNow

Inglewood, CA ยท Remote

Includes design of the cyber organization, governance, and risk assessments. Qualifications Required: * Bachelor's degree in Computer Science, Information Systems, Cyber Security, Engineering ...

Lockheed Martin

Cyber Sys Secur Engr Sr

Palmdale, CA ยท On-site

$85.25 - $104.75/hr

... risk analyses and security assessments, and evaluate applicability of Security Technical ... cyber tools for enterprise security, vulnerability scanning and network monitoring - Strong ...

Deloitte

Cloud Security Senior Consultant - M365

Fresno, CA ยท On-site

$58 - $79.25/hr

... of cyber risk mitigation steps. * Execute on M365 security engagements during different phases of the lifecycle - Discover, Assess, Design, Deploy/Test, Hypercare/Handover. * Implement industry ...

next page

Showing results 1-20

People also search for

All JobsCyber Risk Assessment JobsCyber Risk Assessment Jobs in California

Cyber Risk Assessment information

What is the difference between Cyber Risk Assessment vs Cyber Security Analyst?

AspectCyber Risk AssessmentCyber Security Analyst
Primary FocusIdentifying and evaluating cybersecurity risks and vulnerabilitiesMonitoring, detecting, and responding to security threats
CertificationsCompTIA Security+, CISSP, CISACompTIA Security+, CEH, CISSP
Work EnvironmentRisk management teams, consulting firms, security departmentsSecurity operations centers, IT departments, incident response teams
ResponsibilitiesRisk analysis, vulnerability assessments, complianceThreat detection, incident response, security monitoring

While both roles involve cybersecurity, Cyber Risk Assessments focus on evaluating potential risks and vulnerabilities to inform security strategies, whereas Cyber Security Analysts actively monitor and respond to ongoing security threats. Understanding these differences helps organizations assign the right roles for comprehensive cybersecurity management.

What is a cyber risk assessment?

A cyber risk assessment is a process used to identify, evaluate, and prioritize potential threats and vulnerabilities in an organization's information systems. It helps organizations understand the potential impact of cyber threats and determine the likelihood of such events occurring. By conducting a cyber risk assessment, businesses can implement appropriate security controls and strategies to mitigate risks, comply with regulatory requirements, and protect sensitive data from cyberattacks. Regular assessments are essential to adapt to evolving threats and maintain a strong cybersecurity posture.

What are some common challenges faced by professionals in Cyber Risk Assessment, and how can they be addressed?

Professionals in Cyber Risk Assessment often encounter challenges such as rapidly evolving threat landscapes, keeping up with regulatory changes, and ensuring clear communication of technical risks to non-technical stakeholders. To address these, staying current with industry trends through continuous learning, leveraging robust risk assessment frameworks, and developing strong communication skills are essential. Additionally, collaborating closely with IT, compliance, and business units helps ensure comprehensive and effective risk management.

What are the key skills and qualifications needed to thrive as a Cyber Risk Assessor, and why are they important?

To thrive as a Cyber Risk Assessor, you need a strong understanding of cybersecurity principles, risk management frameworks, and relevant regulations, often backed by a degree in information security or related certifications like CISSP or CISA. Familiarity with security assessment tools, vulnerability scanners, and risk analysis platforms is typically required. Analytical thinking, attention to detail, and effective communication are vital soft skills for accurately identifying threats and conveying risks to stakeholders. These skills and qualities are crucial for protecting organizational assets and ensuring compliance in an evolving threat landscape.
What are popular job titles related to Cyber Risk Assessment jobs in California? For Cyber Risk Assessment jobs in California, the most frequently searched job titles are:
What job categories do people searching Cyber Risk Assessment jobs in California look for? The top searched job categories for Cyber Risk Assessment jobs in California are:
What cities in California are hiring for Cyber Risk Assessment jobs? Cities in California with the most Cyber Risk Assessment job openings:
Cyber Risk Assessment jobs near you
Infographic showing various Cyber Risk Assessment job openings in California as of June 2026, with employment types broken down into 2% As Needed, 78% Full Time, 17% Part Time, 1% Temporary, and 2% Contract. Highlights an 92% Physical, 3% Hybrid, and 5% Remote job distribution.
Cybersecurity Governance, Risk & Compliance (GRC) Lead

Cybersecurity Governance, Risk & Compliance (GRC) Lead

The Clorox Company

Pleasanton, CA โ€ข On-site

Full-time

Medical, Retirement, PTO

This job post hasย expired 1 day ago.ย Applications are no longer accepted.

Job description

Clorox is the place that's committed to growth - for our people and our brands. Guided by our purpose and values, and with people at the center of everything we do, we believe every one of us can make a positive impact on consumers, communities, and teammates. Join our team. #CloroxIsThePlace
Your role at Clorox:
We are seeking a highly skilled and motivated Cybersecurity Governance, Risk & Compliance (GRC) Lead . This position reports to the Cybersecurity GRC Product Owner. The mission of this role is to support and continuously improve the company's cybersecurity program, with a focus on driving risk informed decision making across sensitive data, systems, cloud environments, and third party relationships.
In this role, the individual will work cross functionally as a trusted security advisor to identify, assess, and manage cybersecurity risks; ensure compliance with internal security policies, industry frameworks, and regulatory requirements; and guide business and technology leaders in making informed risk management decisions. The role requires a strong understanding of cybersecurity risks, technologies, and controls, as well as the ability to clearly communicate complex risk concepts to both technical and non technical stakeholders.
The ideal candidate is deadline driven, detail oriented, and an excellent communicator, with deep expertise in cybersecurity governance and risk management best practices, with a focus on including third party security risk.
In this role, you will:
Third-Party Risk Management (TPRM)
  • Lead and execute third-party cybersecurity risk assessments throughout the vendor lifecycle, including onboarding, periodic reassessment, contract renewal, and offboarding.
  • Evaluate vendor security posture using multiple inputs, including questionnaires, SOC reports, penetration test summaries, certifications, and evidence artifacts.
  • Assess critical and high-risk vendors, including SaaS, cloud service providers, data processors, and managed service providers, for alignment with company security and privacy requirements.
  • Partner with Procurement, Legal, Privacy, IT, and the business to ensure cybersecurity risks associated with third parties are identified, documented, and addressed prior to contract execution.
  • Define and enforce risk-based onboarding and reassessment requirements aligned to vendor criticality, data sensitivity, and system access.
  • Track third-party risk findings, remediation commitments, and compensating controls to closure; escalate overdue or unacceptable risks as appropriate.
  • Support contract security requirements, including review of security clauses, right-to-audit provisions, data protection obligations, and incident notification requirements.
  • Maintain visibility into third-party risk trends and exposures and report material risks to leadership.
  • Ensure third-party risk processes meet public-company audit and regulatory expectations and support internal audit and external reviews.

Cyber Risk & Compliance
  • Assess cybersecurity risks related to internal systems, cloud services, applications, and third-party vendors across technology and operational initiatives.
  • Ensure alignment with applicable cybersecurity, privacy, and compliance frameworks (e.g., NIST, ISO, SOC, SOX, GDPR, CCPA).
  • Support day-to-day operations by identifying cybersecurity compliance risks, ensuring appropriate escalation, and coordinating timely corrective actions.
  • Collaborate with technical and non-technical teams to evaluate the effectiveness of security controls, identify and categorize risks, recommend improvements, and communicate outcomes.
  • Facilitate the development, maintenance, and enforcement of cybersecurity policies and standards in collaboration with internal subject matter experts.
  • Challenge the first line of defense by validating required assessments and attestations (e.g., PCI, SOX, GDPR, CCPA) and providing compliance guidance where necessary.
  • Provide oversight of vulnerability management, risk remediation activities, and the policy exception request process.
  • Communicate emerging risks, audit findings, and control issues to key stakeholders, and support remediation planning and execution.
  • Develop metrics and reporting to provide leadership visibility into cybersecurity risk posture, compliance status, and risk trends.

AI, Cloud, and Emerging Technology Risk
  • Evaluate AI-enabled services offered by third parties for model security, training data governance, privacy implications, and exposure to model manipulation attacks.
  • Ensure cloud and AI services align with referenced security and privacy frameworks (e.g., NIST CSF/RMF, NIST AI RMF, ISO, SOC 2, GDPR, CCPA).
  • Advise on secure adoption of emerging technologies while maintaining risk, compliance, and governance standards.

Stakeholder Engagement & Leadership
  • Work closely with business, technology, and compliance counterparts to understand business objectives and ensure alignment with security policies and best practices.
  • Build strong relationships with business units to embed security-by-design into projects, architecture, infrastructure, and applications.
  • Build trusted relationships with senior leaders to accelerate adoption of cybersecurity governance and compliance initiatives.
  • Educate teams across the organization on cybersecurity risk, governance methodologies, and third-party risk responsibilities.

What we look for:
  • 6+ years of experience performing cybersecurity risk assessments and applying risk management methodologies
  • 6+ years of tracking, monitoring, and reporting cyber risk to management
  • 6+ years of cybersecurity governance, risk, and compliance experience
  • Demonstrated experience in third-party cyber risk management, including vendor risk assessments, remediation tracking, and stakeholder coordination
  • Experience managing a team of offshore managed service providers.
  • Experience managing vendor risk across SaaS, cloud, data processors, and managed service providers
  • Strong knowledge of cybersecurity controls management, controls testing, and automation
  • Hands-on experience with cybersecurity and privacy frameworks (e.g., NIST CSF/RMF, ISO 27001/27002, SOC 1/2/3, SOX, GDPR, CCPA)
  • Experience with AI/ML risk management frameworks (e.g., NIST AI RMF, ISO/IEC 42001) and understanding of AI-specific threat vectors
  • Experience drafting and maintaining cybersecurity policies and standards
  • Experience using ServiceNow Integrated Risk Management or a comparable GRC platform
  • Ability to influence without authority and communicate complex risk topics clearly to diverse audiences
  • Cyber risk or audit certifications (CISA, CISM, CRISC, CISSP) are a plus

#LI-HYBRID
Workplace type:
Hybrid- 3 days in office;2 days WFH
Our values-based culture connects to our purpose and empowers people to be their best, professionally and personally. We serve a diverse consumer base which is why we believe teams that reflect our consumers bring fresh perspectives, drive innovation, and help us stay attuned to the world around us. That's why we foster an inclusive culture where every person can feel respected, valued, and fully able to participate, and ultimately able to thrive. Learn more
[U.S.]Additional Information:
At Clorox, we champion people to be well and thrive, starting with our own people. To help make this possible, we offer comprehensive, competitive benefits that prioritize all aspects of wellbeing and provide flexibility for our teammates' unique needs. This includes robust health plans, a market-leading 401(k) program with a company match, flexible time off benefits (including half-day summer Fridays depending on location), inclusive fertility/adoption benefits, and more.
We are committed to fair and equitable pay and are transparent with current and future teammates about our full salary ranges. We use broad salary ranges that reflect the competitive market for similar jobs, provide sufficient opportunity for growth as you gain experience and expand responsibilities, while also allowing for differentiation based on performance. Based on the breadth of our ranges, most new hires will start at Clorox in the first half of the applicable range. Your starting pay will depend on job-related factors, including relevant skills, knowledge, experience and location. The applicable salary range for every role in the U.S. is based on your work location and is aligned to one of three zones according to the cost of labor in your area.
-Zone A: $106,700 - $204,900
-Zone B: $97,800 - $187,900
-Zone C: $88,900 - $170,800
All ranges are subject to change in the future. Your recruiter can share more about the specific salary range for your location during the hiring process.
This job is also eligible for participation in Clorox's incentive plans, subject to the terms of the applicable plan documents and policies.
Please apply directly to our job postings and do not submit your resume to any person via text message. Clorox does not conduct text-based interviews and encourages you to be cautious of anyone posing as a Clorox recruiter via unsolicited texts during these uncertain times.
To all recruitment agencies: Clorox (and its brand families) does not accept agency resumes. Please do not forward resumes to Clorox employees, including any members of our leadership team. Clorox is not responsible for any fees related to unsolicited resumes.

Apply