1

Cyber Risk Management Jobs in Washington (NOW HIRING)

... cyber risk to Capital One. What You Bring: * Demonstrated cross-functional leadership and influencing skills to drive strategic impact and change management across diverse stakeholder groups ...

... cyber risk to Capital One. What You Bring: * Demonstrated cross-functional leadership and influencing skills to drive strategic impact and change management across diverse stakeholder groups ...

next page

Showing results 1-20

Cyber Risk Management information

See Washington salary details

$16

$34

$83

How much do cyber risk management jobs pay per hour?

As of Jul 11, 2026, the average hourly pay for cyber risk management in Washington is $34.36, according to ZipRecruiter salary data. Most workers in this role earn between $22.07 and $43.85 per hour, depending on experience, location, and employer.

What is a Cyber Risk Management job?

A Cyber Risk Management job involves identifying, assessing, and mitigating cybersecurity risks that could impact an organization. Professionals in this field develop risk management frameworks, implement security controls, and ensure compliance with industry regulations. They work closely with IT and business teams to minimize cyber threats, such as data breaches and ransomware attacks. Their goal is to protect sensitive information and maintain business continuity.

Is SOC an entry level job?

A Security Operations Center (SOC) analyst role can be entry-level, especially for positions focused on monitoring security alerts and basic incident response. However, more advanced SOC roles typically require prior experience, certifications like CompTIA Security+ or CISSP, and knowledge of security tools such as SIEM systems. Entry-level positions often serve as a starting point for careers in cybersecurity and risk management.

What are the key skills and qualifications needed to thrive in the Cyber Risk Management position, and why are they important?

To thrive in Cyber Risk Management, you need a strong understanding of information security principles, risk assessment methodologies, and regulatory compliance, often supported by a degree in cybersecurity, information technology, or a related field. Familiarity with tools such as risk management software, vulnerability assessment platforms, and certifications like CISSP, CISM, or CRISC is highly valued. Excellent analytical thinking, communication, and problem-solving skills help professionals effectively advise stakeholders and coordinate incident response efforts. These skills are crucial for identifying, evaluating, and mitigating cyber risks to safeguard organizational assets and ensure business continuity.

Can you make $500,000 a year in cyber security?

Cyber Risk Management professionals can potentially earn $500,000 or more annually, especially at senior levels or in executive roles such as Chief Information Security Officer (CISO). Achieving this salary typically requires extensive experience, advanced certifications like CISSP or CISM, and leadership responsibilities in large organizations or high-demand industries. Salary varies based on location, company size, and individual expertise.

Can you make $200,000 in cyber security?

Cyber Risk Management professionals can potentially earn $200,000 or more annually, especially with extensive experience, advanced certifications like CISSP or CISM, and working in high-demand industries or senior roles. Salary varies based on location, company size, and individual expertise, with senior positions often offering higher compensation.

What are some common challenges faced in a Cyber Risk Management role, and how are they typically addressed?

Professionals in Cyber Risk Management often encounter challenges such as keeping up with rapidly evolving cyber threats, ensuring compliance with complex regulations, and balancing security needs with business objectives. Addressing these issues requires continuous learning, leveraging up-to-date threat intelligence, and collaborating closely with IT, legal, and management teams to develop effective risk mitigation strategies. Many organizations encourage ongoing training and participation in industry events to stay current, while fostering a culture of open communication to quickly identify and address vulnerabilities. Embracing a proactive and adaptable approach ensures that cyber risks are managed effectively while supporting the organization’s goals.

What does a cyber risk manager do?

A cyber risk manager assesses and mitigates cybersecurity threats to an organization by identifying vulnerabilities, developing risk management strategies, and implementing security controls. They often use tools like risk assessment frameworks and require knowledge of cybersecurity principles, compliance standards, and risk analysis techniques. Their role helps protect sensitive data and ensure business continuity.
What are popular job titles related to Cyber Risk Management jobs in Washington? For Cyber Risk Management jobs in Washington, the most frequently searched job titles are:
What job categories do people searching Cyber Risk Management jobs in Washington look for? The top searched job categories for Cyber Risk Management jobs in Washington are:
What cities in Washington are hiring for Cyber Risk Management jobs? Cities in Washington with the most Cyber Risk Management job openings:
Infographic showing various Cyber Risk Management job openings in Washington as of July 2026, with employment types broken down into 2% Locum Tenens, 1% Internship, 87% Full Time, 8% Part Time, and 2% Contract. Highlights an 89% Physical, 5% Hybrid, and 6% Remote job distribution, with an average salary of $71,466 per year, or $34.4 per hour.

Security Analyst/Senior Security Analyst (Technical cyber risk management) - ITDSGGR (Contractual)

Imf

Washington, DC • Hybrid

$113K - $146K/yr

Full-time

Posted 16 days ago


Job description

Work for the IMF. Work for the World.

This position is being readvertised. Previous Candidates need not reapply.

Organizational Background

The Information Technology Department (ITD) at the IMF is more than just a support function; it is a critical catalyst for change. We champion the seamless integration ofcutting-edgetechnology solutions, ensuring the IMF's mission is propelled by innovation and efficiency.

Within the IT department, the Information Security and Governance (ISG) division and other first-line cybersecurity teams stand asguardiansof integrity and a beacon of trust. We are not just about managing risks; we are about envisioning, enabling, and implementing a secure future for global economic stability. Our teams are dedicated to:

  • Crafting and executing a forward-thinking and resilient Cybersecurity Strategy.

  • Enacting inclusive governance that balances security needs with operational fluidity.

  • Developing policies and standards that stay ahead of thethreatlandscape.

  • Ensuring compliance, resilience, and agility in our cybersecurity posture.

  • Engaging in relentless evaluation, management, and tracking of cybersecurity and digital risks linked to theutilizationof the IMF's information assets, ensuring a secure operational framework.

  • Continuously enriching our annual information security culture, awareness, and education initiative, fostering a security-conscious environment across the organization.

  • Administering a compliance management program dedicated tomaintainingfirm adherence to the IMF's information security policies and standards.

  • Preserving a solid enterprise security reference architecture that acts as a safeguard for the IMF's information assets against pertinent threats.

  • Engineering, implementing, and sustaining secure and resilient technological solutions, spanning both on-premises and cloud infrastructures, to support the IMF's mission.

  • Overseeing cyber threatintelligence,incident management, digital forensics, and investigations, alongside championing innovation in cybersecurity practices to achieve operational excellence and deliver value promptly.

As we expand our efforts to serve the IMF's staff and its members more effectively, we invite seasoned cybersecurity professionals to our elite cybersecurity teams. We are looking for individuals with the requisite skills andexpertiseto address the current and forthcoming cybersecurity and business challenges faced by the IMF.

Job Summary

The Information Technology Department (ITD)'s Information Security and Governance (ISG) division of the International Monetary Fund (IMF) is seeking to fill4Security Analyst/Senior Security Analyst (Technical cyber risk management)positions.

Under the general supervision of an information security risk manager, theSecurity Analyst/SeniorSecurity Analyst (Technical cyber risk management)will provideexpertisewith security risk management and assessment of:

  • Azure cloud services (including but not limited to capabilities for IAM, Network Security, Policy Management, Key Management, etc.)

  • IT Products, platforms, and services (cloud and non-cloud)

  • Solutions with complex hybrid architectures

  • Identity and Access Management Governance

The candidate willbe requiredto work with project teams, service providers, and business unitsinternalandexternalto the Fund's IT function. The candidate is expected to bring pragmatic cloud security and risk management experience, allowing the Fund to meet its present and emergent business needs. The candidate is expected to advise and influence technology and business personnelregardingthe value and methods of safeguarding information, applications, systems, infrastructure, and activities to help ensure that technologies function optimally; work practices are optimized so that the information risks are managed.

Minimum Qualifications

Education

Bachelor's degree in information security, computer science, engineering, mathematics, business, or related field of study plus a minimum of 10years of relevant experience workingas atechnicalinformationsecurityrisk manager orinformationsecurity architect;

OR

Advanced degree in Information Security, computer science, engineering, mathematics, business, or related field of study plus a minimum of4years of relevant experience working as atechnicalinformationsecurityrisk manager orinformationsecurityarchitect.

Certifications: (Minimum plus at least 2 preferred)

CISSP or CISM (minimumrequired)

CCSP (preferred)

Microsoft Certified: Cybersecurity Architect Expert (preferred)

Other Microsoft cloud security related certifications at the Expert level (preferred)

GIAC certifications (preferred)

Offensive security related certifications (preferred)

Experience must include:

Priorworkin a technical cybersecurity risk management function at organizations with security related regulatory requirements.

Practical use of risk management concepts and principles - including assessment, prioritization, delivery of treatment plans, tracking and reporting, and metrics (accreditation and certification). Experience with NIST-SP800-30, ISO 27001/2, ISO 27005, COBIT.

Embedding security into processes such as SDLC, Project Lifecycle, ITIL, etc.

Demonstrated cybersecurityexpertisewith infrastructure, applications, and database system technologies.

Basic IT consultancy skills. Ability to consult and deliver on the security hardening of application and infrastructure components, including tools, and techniques to ensure the security of application, database, and infrastructure components.

Pragmatic security expert with an inherent ability to balance security demands with business reality. Ability to quickly grasp hownew technologieswork and how security controls should be applied to achieve business goals.

Familiarity with a broad range of security technologies supplemented by in-depth knowledge in specific areas of relevance.

Ability to quickly grasp hownew technologieswork and how they might be applied to achieve business goals.

Knowledge of security solutions, latest threats, and countermeasures.

Required Soft Skills

Analytical skills that enable synthesis of inputs from many sources and allow for strategic thinking and tactical implementation.

Spoken and written communications that are compelling, convincing, and reassuring, and skills to articulate complex technical ideas to non-technical stakeholders.

Ability to think laterally and to have input to / propose detailed, complex solutions to technical issues.

Interpersonal skills that create openness and trust among colleagues.

Ability to work well under pressure and to meet tight deadlines. Demonstratesa high levelof motivation, confidence, integrity, and responsibility.

Ability to be organized,responsiveand to be able to effectively multi-task with a focus on driving results.

Demonstrate excellent interpersonal and relationship management skills. This includes the ability to work independently, effectively in a team/task force as a team member or leader, and with senior staff and managers.

Ability to work well under pressure and to meet tight deadlines, whilstdemonstratinga high levelof motivation, confidence, integrity, and responsibility.

Excellent relationship management skills. Facilitation and conflict management skills that enable effective working relationships.

Major Duties and Responsibilities

Specific responsibilities include:

Senior individual contributor for information security risk management projects. Sample projects/programs could include but are not limited to:

  • Control design and assessment for high-demand technical areas such as ERP, IT Service Management, Identity and Access Management, IT Resiliency, Cloud, etc.

  • Compliance framework mapping and implementation,

  • Risk remediation management,

  • Information Security risk reporting and monitoring

  • Creation of road maps to mature or advance Information Security Strategies/Programs/Controls

  • Design and enablement of cyber controls functions and processes

  • Direct experience as a power user of Cybersecurity GRC/ solutions, tools, and technologies, specifically ServiceNow and Archer

  • Projects or roles requiring coordination across lines of defense working with technical, business, compliance, risk, and audit teams to deliver solutions.

Delivery of information security risk assessments for large-scale IT implementation projects including consulting with security architecture function for threat modeling,appropriate tieringof N tier products/platforms, design of infrastructure security controls to protect system components.

Practical use of risk management concepts and principles - including assessment, prioritization, delivery of treatment plans, tracking and reporting. Experience with NIST-SP800-30, ISO 27001/2, ISO 27005, COBIT.

Consult and review the implementation of authentication, authorization (fine grained and coarse grained), and cryptography (PKI, SSL, Kerberos, crypto algorithms) mechanisms within applications.

Consult with security assurance function on the delivery of technical security standards, configuration baselines and related procedures for the hardening of both cloud and non-cloud application and infrastructure components, tools, and techniques to ensure the security of application and infrastructure components such as LINUX/Windows servers, Web servers (IIS, Apache, tomcat), app servers, Databases (Oracle and MS SQL), endpoints (MAC, Windows, Apple IOS, etc.), and Web Application Firewalls.

Collaborate with other security functions e.g., security architecture, security assurance, offensive security team (red/purple team), application security penetration testing team, to review and applyappropriate risklevels to the output of the assessments performed by the functions.

Maintain impartiality around IT systems to produce unbiased reports on information security risk.

Works closely with IT project teams to develop implementation plans for new security-related products and services.

Conducts quality assurance reviews of security requirements for the implementation ofidentifiedsolutions.

Define/enhance process and procedures for using external security service providers including scoping, management of services, remediation tracking, and exception management.

Effectively communicates requirements and trains staff and managers in IT divisions toidentifyand manage risks throughout the project lifecycle.

Where applicable, manages the engagement process of external risk assessment providers and acts as a liaison with internal IT project teams and business units.

As an advocate of information security,worksclosely and proactively with IT project team leaders, service providers, and business units to provide security-related technical solutions.Identifiesopportunities to improve business practices or IT security-related processes.

Other ad hoc responsibilities may include:

  • Analyzes, recommends, and implements process improvements within the context of information security.

  • Support governance activities for Identity and Access Management, whererequested.

This is a one-year contractual appointment. Contractual appointments at the IMF are renewable for up to four years of cumulative contractual service, pending incumbent's performance, budget availability, and continuous business need.

Department:

ITDSG Information Technology Department Information Security & Governance

Hiring For:

A11, A12

The IMF is guided by the principle that the employment, classification, promotion, and assignment of staff shall be made without discrimination against any person. We welcome requests for reasonable accommodations for disabilities during the selection process. Information on how to request accommodations will be provided during the application process.