... management. * Experience supporting governance, risk, and compliance workflows, including risk reporting, audit data requests, controls monitoring, controls testing, compliance metrics, governance ...
... management. * Experience supporting governance, risk, and compliance workflows, including risk reporting, audit data requests, controls monitoring, controls testing, compliance metrics, governance ...
Through powerful solutions and managed services that simplify complexity, we enable our clients to ... Oversee the delivery of ServiceNow-based cyber risk solutions, ensuring alignment with best ...
Through powerful solutions and managed services that simplify complexity, we enable our clients to ... Oversee the delivery of ServiceNow-based cyber risk solutions, ensuring alignment with best ...
Advanced Cyber Threat Response & Forensics Lead/Manager
Louisville, KY · On-site
$106K - $144K/yr
Our Cyber Risk practice helps organizations with the management of information and technology risks by delivering end-to-end solutions using proven methodologies and tools in a consistent manner. Our ...
Advanced Cyber Threat Response & Forensics Lead/Manager
Louisville, KY · On-site
$106K - $144K/yr
Our Cyber Risk practice helps organizations with the management of information and technology risks by delivering end-to-end solutions using proven methodologies and tools in a consistent manner. Our ...
Risk Manager - Insurance
$110K - $145K/yr
Risk Manager - Insurance Fully Remote: applicants in Eastern or Central Time Zone Supporting ... Conduct comprehensive risk evaluations across property, casualty, liability, professional, cyber ...
Risk Manager - Insurance
$110K - $145K/yr
Risk Manager - Insurance Fully Remote: applicants in Eastern or Central Time Zone Supporting ... Conduct comprehensive risk evaluations across property, casualty, liability, professional, cyber ...
Cyber Data Protection Manager
Louisville, KY · Remote
$106K - $144K/yr
If so, consider joining Deloitte & Touche LLP's growing Cyber Risk Digital Trust & Privacy practice ... Manage and lead the proposal development process * Contribute to Deloitte's thought leadership in ...
Cyber Data Protection Manager
Louisville, KY · Remote
$106K - $144K/yr
If so, consider joining Deloitte & Touche LLP's growing Cyber Risk Digital Trust & Privacy practice ... Manage and lead the proposal development process * Contribute to Deloitte's thought leadership in ...
Familiarity with industry standards and regulatory requirements around cyber risk management (e.g., ISO 27001, IEC 62443, NIST CSF) * Limited sponsorship opportunities may be available Additional ...
Familiarity with industry standards and regulatory requirements around cyber risk management (e.g., ISO 27001, IEC 62443, NIST CSF) * Limited sponsorship opportunities may be available Additional ...
Through solutions and managed services that simplify complexity, we help clients operate with resilience, grow with confidence, and proactively manage cyber, risk, and technology programs. Recruiting ...
Through solutions and managed services that simplify complexity, we help clients operate with resilience, grow with confidence, and proactively manage cyber, risk, and technology programs. Recruiting ...
Through solutions and managed services that simplify complexity, we help clients operate with resilience, grow with confidence, and proactively manage cyber, risk, and technology programs. Recruiting ...
Through solutions and managed services that simplify complexity, we help clients operate with resilience, grow with confidence, and proactively manage cyber, risk, and technology programs. Recruiting ...
Our Cyber Risk practice helps organizations with the management of information and technology risks by delivering end-to-end solutions using proven methodologies and tools in a consistent manner. Our ...
Our Cyber Risk practice helps organizations with the management of information and technology risks by delivering end-to-end solutions using proven methodologies and tools in a consistent manner. Our ...
Business continuity management * Familiarity with industry standards and regulatory requirements around cyber risk management (e.g., ISO 27001, IEC 62443, NIST CSF) * Limited sponsorship ...
Business continuity management * Familiarity with industry standards and regulatory requirements around cyber risk management (e.g., ISO 27001, IEC 62443, NIST CSF) * Limited sponsorship ...
Risk & Compliance * Identity & Access Management * Data Protection * Cyber Design * Threat Detection * Incident Response * Security Architecture * Business Partnership Qualifications Required:
Risk & Compliance * Identity & Access Management * Data Protection * Cyber Design * Threat Detection * Incident Response * Security Architecture * Business Partnership Qualifications Required:
Risk & Compliance * Identity & Access Management * Data Protection * Cyber Design * Incident Response * Security Architecture * Business Partnership Qualifications Required: * Bachelor's degree or ...
Risk & Compliance * Identity & Access Management * Data Protection * Cyber Design * Incident Response * Security Architecture * Business Partnership Qualifications Required: * Bachelor's degree or ...
Cloud Security Senior Consultant - M365
Louisville, KY · On-site
$56.25 - $76.75/hr
Acting as a subject matter expert on cloud cyber risk for Microsoft Purview, Microsoft Intune ... Through powerful solutions and managed services that simplify complexity, we enable our clients to ...
Cloud Security Senior Consultant - M365
Louisville, KY · On-site
$56.25 - $76.75/hr
Acting as a subject matter expert on cloud cyber risk for Microsoft Purview, Microsoft Intune ... Through powerful solutions and managed services that simplify complexity, we enable our clients to ...
Transform risk data into intelligence by making AI, vendor, and cyber event information actionable ... Handson experience with enterprise risk management tools (Archer IRM preferred). * Strong technical ...
Transform risk data into intelligence by making AI, vendor, and cyber event information actionable ... Handson experience with enterprise risk management tools (Archer IRM preferred). * Strong technical ...
Through powerful solutions and managed services that simplify complexity, we enable our clients to ... Includes design of the cyber organization, governance, and risk assessments. Qualifications ...
Through powerful solutions and managed services that simplify complexity, we enable our clients to ... Includes design of the cyber organization, governance, and risk assessments. Qualifications ...
Own the third-party risk framework and partner across Procurement, Finance, Legal, Cyber, Risk, and Technology to strengthen vendor governance, manage risk, and inform long-term investment decisions.
Own the third-party risk framework and partner across Procurement, Finance, Legal, Cyber, Risk, and Technology to strengthen vendor governance, manage risk, and inform long-term investment decisions.
Cloud Security Manager - Azure Infrastructure & AI
Louisville, KY · On-site
$63 - $83.50/hr
Leading Azure cloud cyber risk engagements across governance, identity, application security ... Managing project delivery activities across onshore and offshore teams, including solution design ...
Cloud Security Manager - Azure Infrastructure & AI
Louisville, KY · On-site
$63 - $83.50/hr
Leading Azure cloud cyber risk engagements across governance, identity, application security ... Managing project delivery activities across onshore and offshore teams, including solution design ...
Cyber Data Protection/PKI Manager
Louisville, KY · On-site
$106K - $144K/yr
Work you'll do As a Manager, Strategy, Growth, and Transformation on the Cyber Strategy ... Includes design of the cyber organization, governance, and risk assessments. Qualifications ...
Cyber Data Protection/PKI Manager
Louisville, KY · On-site
$106K - $144K/yr
Work you'll do As a Manager, Strategy, Growth, and Transformation on the Cyber Strategy ... Includes design of the cyber organization, governance, and risk assessments. Qualifications ...
Cyber Manager - ServiceNow
Louisville, KY · On-site
$106K - $143K/yr
As a Cyber Manager - ServiceNow, you will lead the delivery of multi-workstream ServiceNow programs ... Risk Management workstreams in partnership with architects and product owners • Managing ...
Cyber Manager - ServiceNow
Louisville, KY · On-site
$106K - $143K/yr
As a Cyber Manager - ServiceNow, you will lead the delivery of multi-workstream ServiceNow programs ... Risk Management workstreams in partnership with architects and product owners • Managing ...
Partner with Procurement, Legal, Finance, Cyber, Risk, and Service Area owners to ensure vendor ... Ability to manage and prioritize multiple tasks in a fast-paced and dynamic environment * Strong ...
Partner with Procurement, Legal, Finance, Cyber, Risk, and Service Area owners to ensure vendor ... Ability to manage and prioritize multiple tasks in a fast-paced and dynamic environment * Strong ...
Cyber Risk Manager information
See Kentucky salary details
$44.7K - $54.1K
4% of jobs
$54.1K - $63.4K
6% of jobs
$63.4K - $72.8K
11% of jobs
$76.3K is the 25th percentile. Wages below this are outliers.
$72.8K - $82.2K
11% of jobs
The median wage is $89.6K / yr.
$82.2K - $91.5K
23% of jobs
$91.5K - $100.9K
13% of jobs
$107K is the 75th percentile. Wages above this are outliers.
$100.9K - $110.2K
12% of jobs
$110.2K - $119.6K
8% of jobs
$119.6K - $128.9K
6% of jobs
$128.9K - $138.3K
4% of jobs
$138.3K - $147.6K
2% of jobs
$44.7K
$96.9K
$147.6K
How much do cyber risk manager jobs pay per year?
How does a Cyber Risk Manager typically collaborate with other departments to strengthen an organization's cybersecurity posture?
What is the difference between Cyber Risk Manager vs Cybersecurity Analyst?
| Aspect | Cyber Risk Manager | Cybersecurity Analyst |
|---|---|---|
| Certifications | CRISC, CISSP, CISM | CompTIA Security+, CISSP, CEH |
| Work Environment | Risk assessment, policy development, strategic planning | Monitoring security systems, incident response, vulnerability testing |
| Employer & Industry Usage | Financial, healthcare, large enterprises | IT departments, security firms, corporate environments |
The Cyber Risk Manager focuses on identifying, assessing, and mitigating organizational cyber risks through strategic planning and policy development. In contrast, the Cybersecurity Analyst primarily monitors security systems, responds to incidents, and tests vulnerabilities. Both roles require certifications like CISSP, but their daily tasks and focus areas differ significantly, with the manager taking a broader, strategic approach and the analyst handling operational security tasks.
What are the key skills and qualifications needed to thrive as a Cyber Risk Manager, and why are they important?
Can you make $200,000 in cyber security?
Can you make $500,000 a year in cyber security?
What does a cyber risk manager do?
Is a CISO a stressful job?

Deloitte rating
8.0
Based on 89 frontline employees who took The Breakroom Quiz
71st of 146 rated financial services
Job description
Are you interested in improving the cyber and organizational risk profiles of leading companies? Do you want to build the data foundations that power the next generation of AI-enabled cyber defense?
If yes, then Deloitte's Cyber team could be the place for you.
We are looking for a hands-on Data Engineer to build and operate the governed data foundations powering cyber risk, compliance evidence, and agentic AI-enabled cyber workflows. You will design production-grade pipelines and services that support risk reporting, continuous controls monitoring, and AI-assisted security operations-built with strong governance, lineage, privacy-by-design, and audit-ready evidence.
This role is ideal for engineers who can bridge modern data engineering and software development with Governance, Risk, and Compliance (GRC) expectations in regulated enterprise environments.
Recruiting for this role ends on 12/31/2026.
Work you'll do
As a Senior Consultant, Strategy, Growth and Transformation on the Cyber team, you will be responsible for:
- Building scalable batch and stream processing pipelines that ingest security telemetry, control evidence, and compliance artifacts into governed data stores.
- Designing data models for risk and controls domains, including key risk indicators, issues and defects, risk acceptance, control testing outcomes, audit evidence, and policy exceptions, and enabling self-service analytics and dashboards.
- Implementing data quality checks, lineage, metadata, and access controls to support auditability, regulatory defensibility, and repeatable evidence generation.
- Developing AI-enabled capabilities that accelerate governance, risk, and compliance and cyber operations, including evidence summarization, control testing assist, policy question-and-answer, investigation copilots, ticket triage, and exception reasoning using agentic patterns, workflow orchestration, and retrieval-augmented generation.
- Engineering integrations between data platforms, governance, risk, and compliance workflows, and enterprise systems using application programming interfaces, event patterns, and connectors, with observability and runbooks for production support.
- Partnering with Cyber, Risk, Compliance, Privacy, and Legal stakeholders to translate requirements into implementable controls and developer-ready guardrails.
A successful candidate would possess these skills:
- Ability to work independently and collaborate as part of a team
- Effective written and verbal communication skills
- Meticulous attention to detail and quality of work product
- Ability to build and sustain professional relationships
- Ability to lead projects or workstreams
- Ability to manage and prioritize multiple tasks in a fast-paced and dynamic environment
- Strong interpersonal skills and professional demeanor
- Ability to meet deadlines
- Ability to provide clear guidance to others
The team
You will join a cyber engineering team focused on enabling resilient, secure, and compliant operations through modern data platforms and AI-enabled automation. The team builds repeatable assets-reference architectures, accelerators, and governance patterns-to help clients modernize and scale cyber and GRC programs.
Qualifications
Required:
- Bachelor's degree or equivalent practical experience.
- 4+ years of experience in data engineering and software development using Python and SQL.
- Experience building production data pipelines and data models for batch processing, stream processing, or both, and deploying solutions using cloud platforms, containers, infrastructure as code, application programming interfaces, and secrets management.
- Experience implementing data governance controls including data classification, personally identifiable information handling, least-privilege access, encryption, secrets management, retention, audit logging, and lineage or metadata management.
- Experience supporting governance, risk, and compliance workflows, including risk reporting, audit data requests, controls monitoring, controls testing, compliance metrics, governance, risk, and compliance tool integrations, and large language model-enabled applications using retrieval-augmented generation, vector or hybrid retrieval, tool or function calling, evaluation or monitoring, prompt-injection defenses, and secure access patterns.
- Ability to travel 0-25%, on average, based on the work you do and the clients and industries/sectors you serve.
- Limited immigration sponsorship may be available.
Preferred:
- Experience in consulting or a Big 4 environment.
- Experience with Java, Go, or JavaScript.
- Experience integrating with ServiceNow GRC, Archer, OneTrust, or BigID and building evidence pipelines mapped to control objectives.
- Experience building pipelines for security information and event management, security orchestration, automation, and response, vulnerability, identity, or cloud security posture data.
- Experience operationalizing large language model operations or machine learning operations capabilities, including evaluation, monitoring, versioning, and governance workflows.
- Security certification such as CompTIA Security+, Certified Information Security Manager, Certified Information Systems Auditor, Certified Information Systems Security Professional, or a cloud certification.
The wage range for this role takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; and other business and organizational needs. The disclosed range estimate has not been adjusted for the applicable geographic differential associated with the location at which the position may be filled. At Deloitte, it is not typical for an individual to be hired at or near the top of the range for their role and compensation decisions are dependent on the facts and circumstances of each case. A reasonable estimate of the current range is $105,400 to $207,800.
You may also be eligible to participate in a discretionary annual incentive program, subject to the rules governing the program, whereby an award, if any, depends on various factors, including, without limitation, individual and organizational performance.
Are you interested in improving the cyber and organizational risk profiles of leading companies? Do you want to build the data foundations that power the next generation of AI-enabled cyber defense?
If yes, then Deloitte's Cyber team could be the place for you.
We are looking for a hands-on Data Engineer to build and operate the governed data foundations powering cyber risk, compliance evidence, and agentic AI-enabled cyber workflows. You will design production-grade pipelines and services that support risk reporting, continuous controls monitoring, and AI-assisted security operations-built with strong governance, lineage, privacy-by-design, and audit-ready evidence.
This role is ideal for engineers who can bridge modern data engineering and software development with Governance, Risk, and Compliance (GRC) expectations in regulated enterprise environments.
Recruiting for this role ends on 12/31/2026.
Work you'll do
As a Senior Consultant, Strategy, Growth and Transformation on the Cyber team, you will be responsible for:
- Building scalable batch and stream processing pipelines that ingest security telemetry, control evidence, and compliance artifacts into governed data stores.
- Designing data models for risk and controls domains, including key risk indicators, issues and defects, risk acceptance, control testing outcomes, audit evidence, and policy exceptions, and enabling self-service analytics and dashboards.
- Implementing data quality checks, lineage, metadata, and access controls to support auditability, regulatory defensibility, and repeatable evidence generation.
- Developing AI-enabled capabilities that accelerate governance, risk, and compliance and cyber operations, including evidence summarization, control testing assist, policy question-and-answer, investigation copilots, ticket triage, and exception reasoning using agentic patterns, workflow orchestration, and retrieval-augmented generation.
- Engineering integrations between data platforms, governance, risk, and compliance workflows, and enterprise systems using application programming interfaces, event patterns, and connectors, with observability and runbooks for production support.
- Partnering with Cyber, Risk, Compliance, Privacy, and Legal stakeholders to translate requirements into implementable controls and developer-ready guardrails.
A successful candidate would possess these skills:
- Ability to work independently and collaborate as part of a team
- Effective written and verbal communication skills
- Meticulous attention to detail and quality of work product
- Ability to build and sustain professional relationships
- Ability to lead projects or workstreams
- Ability to manage and prioritize multiple tasks in a fast-paced and dynamic environment
- Strong interpersonal skills and professional demeanor
- Ability to meet deadlines
- Ability to provide clear guidance to others
The team
You will join a cyber engineering team focused on enabling resilient, secure, and compliant operations through modern data platforms and AI-enabled automation. The team builds repeatable assets-reference architectures, accelerators, and governance patterns-to help clients modernize and scale cyber and GRC programs.
Qualifications
Required:
- Bachelor's degree or equivalent practical experience.
- 4+ years of experience in data engineering and software development using Python and SQL.
- Experience building production data pipelines and data models for batch processing, stream processing, or both, and deploying solutions using cloud platforms, containers, infrastructure as code, application programming interfaces, and secrets management.
- Experience implementing data governance controls including data classification, personally identifiable information handling, least-privilege access, encryption, secrets management, retention, audit logging, and lineage or metadata management.
- Experience supporting governance, risk, and compliance workflows, including risk reporting, audit data requests, controls monitoring, controls testing, compliance metrics, governance, risk, and compliance tool integrations, and large language model-enabled applications using retrieval-augmented generation, vector or hybrid retrieval, tool or function calling, evaluation or monitoring, prompt-injection defenses, and secure access patterns.
- Ability to travel 0-25%, on average, based on the work you do and the clients and industries/sectors you serve.
- Limited immigration sponsorship may be available.
Preferred:
- Experience in consulting or a Big 4 environment.
- Experience with Java, Go, or JavaScript.
- Experience integrating with ServiceNow GRC, Archer, OneTrust, or BigID and building evidence pipelines mapped to control objectives.
- Experience building pipelines for security information and event management, security orchestration, automation, and response, vulnerability, identity, or cloud security posture data.
- Experience operationalizing large language model operations or machine learning operations capabilities, including evaluation, monitoring, versioning, and governance workflows.
- Security certification such as CompTIA Security+, Certified Information Security Manager, Certified Information Systems Auditor, Certified Information Systems Security Professional, or a cloud certification.
The wage range for this role takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; and other business and organizational needs. The disclosed range estimate has not been adjusted for the applicable geographic differential associated with the location at which the position may be filled. At Deloitte, it is not typical for an individual to be hired at or near the top of the range for their role and compensation decisions are dependent on the facts and circumstances of each case. A reasonable estimate of the current range is $105,400 to $207,800.
You may also be eligible to participate in a discretionary annual incentive program, subject to the rules governing the program, whereby an award, if any, depends on various factors, including, without limitation, individual and organizational performance.