This is a hands-on leadership role that develops and ensures that cyber risk identification, assessment, mitigation, and reporting activities are consistently executed and centrally managed within ...
This is a hands-on leadership role that develops and ensures that cyber risk identification, assessment, mitigation, and reporting activities are consistently executed and centrally managed within ...
Senior Cyber Engineer
Kittery, ME · Hybrid
$120K - $160K/yr
Researches and evaluates cyber capabilities and new security tools and products against operational ... Proficient in compliance and risk management tasks, ensuring adherence to RMF, STIGs, and DoD ...
Senior Cyber Engineer
Kittery, ME · Hybrid
$120K - $160K/yr
Researches and evaluates cyber capabilities and new security tools and products against operational ... Proficient in compliance and risk management tasks, ensuring adherence to RMF, STIGs, and DoD ...
Senior Cyber Engineer
Kittery, ME · On-site
$120K - $160K/yr
Researches and evaluates cyber capabilities and new security tools and products against operational ... Proficient in compliance and risk management tasks, ensuring adherence to RMF, STIGs, and DoD ...
Senior Cyber Engineer
Kittery, ME · On-site
$120K - $160K/yr
Researches and evaluates cyber capabilities and new security tools and products against operational ... Proficient in compliance and risk management tasks, ensuring adherence to RMF, STIGs, and DoD ...
Senior Cyber Engineer
Kittery, ME · On-site
$120K - $160K/yr
Researches and evaluates cyber capabilities and new security tools and products against operational ... Proficient in compliance and risk management tasks, ensuring adherence to RMF, STIGs, and DoD ...
Senior Cyber Engineer
Kittery, ME · On-site
$120K - $160K/yr
Researches and evaluates cyber capabilities and new security tools and products against operational ... Proficient in compliance and risk management tasks, ensuring adherence to RMF, STIGs, and DoD ...
Senior Cyber Engineer
Kittery, ME · On-site
Researches and evaluates cyber capabilities and new security tools and products against operational ... Proficient in compliance and risk management tasks, ensuring adherence to RMF, STIGs, and DoD ...
Senior Cyber Engineer
Kittery, ME · On-site
Researches and evaluates cyber capabilities and new security tools and products against operational ... Proficient in compliance and risk management tasks, ensuring adherence to RMF, STIGs, and DoD ...
Senior Cyber Engineer
Kittery, ME · On-site
Researches and evaluates cyber capabilities and new security tools and products against operational ... Proficient in compliance and risk management tasks, ensuring adherence to RMF, STIGs, and DoD ...
Senior Cyber Engineer
Kittery, ME · On-site
Researches and evaluates cyber capabilities and new security tools and products against operational ... Proficient in compliance and risk management tasks, ensuring adherence to RMF, STIGs, and DoD ...
Sr. Cybersecurity Engineer
Freeport, ME · On-site
... manage information security and compliance risk. Supports both strategic planning and operational ... Also applies these skills to the organization overall in consulting to cyber risk reduction and ...
New
Sr. Cybersecurity Engineer
Freeport, ME · On-site
... manage information security and compliance risk. Supports both strategic planning and operational ... Also applies these skills to the organization overall in consulting to cyber risk reduction and ...
New
Senior Cyber Engineer with Security Clearance
Kittery, ME · On-site
$120K - $160K/yr
Researches and evaluates cyber capabilities and new security tools and products against operational ... Proficient in compliance and risk management tasks, ensuring adherence to RMF, STIGs, and DoD ...
Senior Cyber Engineer with Security Clearance
Kittery, ME · On-site
$120K - $160K/yr
Researches and evaluates cyber capabilities and new security tools and products against operational ... Proficient in compliance and risk management tasks, ensuring adherence to RMF, STIGs, and DoD ...
Senior Cyber Engineer
Kittery, ME · On-site
... risk management, and incident response. • Skilled in designing, implementing, and managing secure infrastructure solutions, as well as conducting vulnerability assessments using tools such as ...
Senior Cyber Engineer
Kittery, ME · On-site
... risk management, and incident response. • Skilled in designing, implementing, and managing secure infrastructure solutions, as well as conducting vulnerability assessments using tools such as ...
Meet Freddie Mac's University Program: Learn about our 2027 Internship and Full-Time Opportunities
South Portland, ME · On-site
$15.50 - $21/hr
... Risk Management, Technology (including Cyber and Software Development) and more. Join us to hear directly from our University Talent Advisors about: -Who we are and how we serve our mission ...
Meet Freddie Mac's University Program: Learn about our 2027 Internship and Full-Time Opportunities
South Portland, ME · On-site
$15.50 - $21/hr
... Risk Management, Technology (including Cyber and Software Development) and more. Join us to hear directly from our University Talent Advisors about: -Who we are and how we serve our mission ...
Meet Freddie Mac's University Program: Learn about our 2027 Internship and Full-Time Opportunities
Portland, ME · On-site
$15.25 - $20.75/hr
... Risk Management, Technology (including Cyber and Software Development) and more. Join us to hear directly from our University Talent Advisors about: -Who we are and how we serve our mission ...
Meet Freddie Mac's University Program: Learn about our 2027 Internship and Full-Time Opportunities
Portland, ME · On-site
$15.25 - $20.75/hr
... Risk Management, Technology (including Cyber and Software Development) and more. Join us to hear directly from our University Talent Advisors about: -Who we are and how we serve our mission ...
Meet Freddie Mac's University Program: Learn about our 2027 Internship and Full-Time Opportunities
Biddeford, ME · On-site
$15.75 - $21.25/hr
... Risk Management, Technology (including Cyber and Software Development) and more. Join us to hear directly from our University Talent Advisors about: -Who we are and how we serve our mission ...
Meet Freddie Mac's University Program: Learn about our 2027 Internship and Full-Time Opportunities
Biddeford, ME · On-site
$15.75 - $21.25/hr
... Risk Management, Technology (including Cyber and Software Development) and more. Join us to hear directly from our University Talent Advisors about: -Who we are and how we serve our mission ...
Meet Freddie Mac's University Program: Learn about our 2027 Internship and Full-Time Opportunities
Auburn, ME · On-site
$16.25 - $21.75/hr
... Risk Management, Technology (including Cyber and Software Development) and more. Join us to hear directly from our University Talent Advisors about: -Who we are and how we serve our mission ...
Meet Freddie Mac's University Program: Learn about our 2027 Internship and Full-Time Opportunities
Auburn, ME · On-site
$16.25 - $21.75/hr
... Risk Management, Technology (including Cyber and Software Development) and more. Join us to hear directly from our University Talent Advisors about: -Who we are and how we serve our mission ...
Meet Freddie Mac's University Program: Learn about our 2027 Internship and Full-Time Opportunities
Augusta, ME · On-site
$14.75 - $20/hr
... Risk Management, Technology (including Cyber and Software Development) and more. Join us to hear directly from our University Talent Advisors about: -Who we are and how we serve our mission ...
Meet Freddie Mac's University Program: Learn about our 2027 Internship and Full-Time Opportunities
Augusta, ME · On-site
$14.75 - $20/hr
... Risk Management, Technology (including Cyber and Software Development) and more. Join us to hear directly from our University Talent Advisors about: -Who we are and how we serve our mission ...
Meet Freddie Mac's University Program: Learn about our 2027 Internship and Full-Time Opportunities
Lewiston, ME · On-site
$16 - $21.50/hr
... Risk Management, Technology (including Cyber and Software Development) and more. Join us to hear directly from our University Talent Advisors about: -Who we are and how we serve our mission ...
Meet Freddie Mac's University Program: Learn about our 2027 Internship and Full-Time Opportunities
Lewiston, ME · On-site
$16 - $21.50/hr
... Risk Management, Technology (including Cyber and Software Development) and more. Join us to hear directly from our University Talent Advisors about: -Who we are and how we serve our mission ...
Meet Freddie Mac's University Program: Learn about our 2027 Internship and Full-Time Opportunities
Bangor, ME · On-site
$15.25 - $20.50/hr
... Risk Management, Technology (including Cyber and Software Development) and more. Join us to hear directly from our University Talent Advisors about: -Who we are and how we serve our mission ...
Meet Freddie Mac's University Program: Learn about our 2027 Internship and Full-Time Opportunities
Bangor, ME · On-site
$15.25 - $20.50/hr
... Risk Management, Technology (including Cyber and Software Development) and more. Join us to hear directly from our University Talent Advisors about: -Who we are and how we serve our mission ...
Security Engineer
Kittery, ME · On-site
Cyber GRC Schedule: Full-Time Shift: Day Job Travel: Yes - 10% of the time Minimum Clearance ... Additionally, demonstrate expertise in supporting Navy Risk Management Framework (RMF) compliance ...
Security Engineer
Kittery, ME · On-site
Cyber GRC Schedule: Full-Time Shift: Day Job Travel: Yes - 10% of the time Minimum Clearance ... Additionally, demonstrate expertise in supporting Navy Risk Management Framework (RMF) compliance ...
Cyber GRC Schedule: Full-Time Shift: Day Job Travel: Yes - 10% of the time Minimum Clearance ... Additionally, demonstrate expertise in supporting Navy Risk Management Framework (RMF) compliance ...
Cyber GRC Schedule: Full-Time Shift: Day Job Travel: Yes - 10% of the time Minimum Clearance ... Additionally, demonstrate expertise in supporting Navy Risk Management Framework (RMF) compliance ...
... strengthen cyber resilience. Hundreds of thousands of IT professionals and managed service ... risk management and security operations for Barracuda customers. What you'll be working on
Quick apply
... strengthen cyber resilience. Hundreds of thousands of IT professionals and managed service ... risk management and security operations for Barracuda customers. What you'll be working on
You'll play a key role in proactive cyber defense by collaborating across InfoSec teams, enhancing ... The ability to balance security principles with business realities as part of a risk-managed ...
New
You'll play a key role in proactive cyber defense by collaborating across InfoSec teams, enhancing ... The ability to balance security principles with business realities as part of a risk-managed ...
New
Cyber Risk Manager information
See Maine salary details
$49.9K - $60.3K
4% of jobs
$60.3K - $70.7K
6% of jobs
$70.7K - $81.2K
11% of jobs
$85.1K is the 25th percentile. Wages below this are outliers.
$81.2K - $91.6K
11% of jobs
The median wage is $99.9K / yr.
$91.6K - $102K
23% of jobs
$102K - $112.4K
13% of jobs
$119.3K is the 75th percentile. Wages above this are outliers.
$112.4K - $122.9K
12% of jobs
$122.9K - $133.3K
8% of jobs
$133.3K - $143.7K
6% of jobs
$143.7K - $154.2K
4% of jobs
$154.2K - $164.6K
2% of jobs
$49.9K
$108K
$164.6K
How much do cyber risk manager jobs pay per year?
How does a Cyber Risk Manager typically collaborate with other departments to strengthen an organization's cybersecurity posture?
What is the difference between Cyber Risk Manager vs Cybersecurity Analyst?
| Aspect | Cyber Risk Manager | Cybersecurity Analyst |
|---|---|---|
| Certifications | CRISC, CISSP, CISM | CompTIA Security+, CISSP, CEH |
| Work Environment | Risk assessment, policy development, strategic planning | Monitoring security systems, incident response, vulnerability testing |
| Employer & Industry Usage | Financial, healthcare, large enterprises | IT departments, security firms, corporate environments |
The Cyber Risk Manager focuses on identifying, assessing, and mitigating organizational cyber risks through strategic planning and policy development. In contrast, the Cybersecurity Analyst primarily monitors security systems, responds to incidents, and tests vulnerabilities. Both roles require certifications like CISSP, but their daily tasks and focus areas differ significantly, with the manager taking a broader, strategic approach and the analyst handling operational security tasks.
What are the key skills and qualifications needed to thrive as a Cyber Risk Manager, and why are they important?
Can you make $200,000 in cyber security?
Can you make $500,000 a year in cyber security?
What does a cyber risk manager do?
Is a CISO a stressful job?

Full-time
Medical, Dental, Vision, Life, Retirement, PTO
Re-posted 7 days ago
CardWorks rating
9.1
Based on 8 frontline employees who took The Breakroom Quiz
1st of 20 rated payment service providers
Job description
Become an everyday champion - and build a career where your impact fuels financial progress.
What We Do
CardWorks Financial Group is a diversified financial services platform building ethical solutions across credit, lending, and the full customer lifecycle. Through our family of companies, CardWorks Financial Group tackles the complex challenges that larger financial institutions leave behind. We're embedded throughout the credit card ecosystem as a lender, servicer, and merchant acquirer.
Who We Are
- Merrick Bank: The bank that builds
- CardWorks Servicing: One partner, total performance
- Carson Smithfield: Resolution with respect
With nearly 40 years of operating history, our track record is solid: disciplined in downturns and built to accelerate in recovery. The CardWorks Financial Group companies take precise approach in complex markets, as a top three non-prime focused general purpose card issuer and a top fifteen U.S. merchant acquirer.
Our team tackles the industry's most complex credit and payment challenges. And we believe that excellent work starts with a team that feels supported, respected, and empowered to grow.
CardWorks Servicing, LLC provides end-to end operational servicing functions for credit cards, secured cards, and installment loans. We service consumer and small business loans across the credit spectrum and offers backup servicing and due diligence services to capital providers and trustees.
Founded in 1997, Merrick Bank is an FDIC-insured financial institution headquartered in South Jordan, Utah, with over $10 billion in assets. A wholly owned subsidiary of CardWorks Financial Group, Merrick Bank serves roughly five million cardmembers and more than 100,000 merchant customers, offering credit cards, recreational loans, deposit accounts, merchant services and bank sponsorships to consumers and businesses.
Carson Smithfield, LLC provides a variety of post-charge-off debt recovery services, including digital self-service, IVR, live agent, and external agency management.
Position Summary:
The Information Security Risk Management Director is responsible for leading the design, implementation, and oversight of the organization's information security risk management and vendor security assessment programs. This is a hands-on leadership role that develops and ensures that cyber risk identification, assessment, mitigation, and reporting activities are consistently executed and centrally managed within the organization's risk management framework and tools.
The Director oversees and performs information security risk assessments across internal systems, business processes, third-party vendors, and enterprise projects to ensure risks are effectively identified, rated, and managed in alignment with Enterprise Risk Management practices and regulatory frameworks such as the Cyber Risk Institute (CRI) Profile, NIST Cybersecurity Framework (CSF), and PCI DSS.
By integrating security risk management practices with business and technology initiatives, the Director drives informed decision-making, strengthens the organization's security posture, enhances compliance with policies and standards, and promotes a culture of proactive security risk management across the enterprise.
Essential Functions:
Leadership and Program Oversight
- Lead, mature, and operationalize the organization's information security risk management and vendor security assessment programs.
- Provide strategic and hands-on leadership for a small team and/or third-party resources responsible for executing assessments, managing risk registers, and maintaining program processes.
- Develop and maintain consistent methodologies, templates, and workflows for risk assessments and vendor reviews.
- Partner with Enterprise Risk Management to ensure cybersecurity risks are integrated into enterprise risk registers, prioritized appropriately, and aligned with enterprise issue management and escalation processes.
- Risk Assessment and Governance
- Oversee and perform security risk assessments for applications, infrastructure, and business processes to identify threats, vulnerabilities, control weaknesses, and business impacts.
- Mature risk scoring methodologies to prioritize risks based on likelihood and business impact.
- Identify opportunities to streamline assessment workflows, automate evidence collection, and enhance tool integration across GRC, IT, and security systems.
Vendor and Third-Party Security Risk
- Lead vendor security reviews, evaluating SOC 2 reports, ISO 27001 certifications, PCI AOCs, and penetration test results to assess vendor control maturity.
- Collaborate with Procurement, Legal, and Third-Party Risk Management (TPRM) teams to embed security requirements into contracts, onboarding, and ongoing vendor oversight.
- Track and manage vendor-related security issues, ensuring timely remediation, escalation, and closure consistent with SLAs and enterprise issue management processes.
- Develop and maintain vendor risk dashboards and KRIs to provide visibility into supply-chain risk exposure and remediation progress.
Reporting and Continuous Improvement
- Define, track, and report cybersecurity risk metrics, dashboards, and assessment outcomes for senior leadership.
- Ensure data quality, consistency, evidence integrity, and traceability across GRC platforms and supporting tools
- Drive program improvements through automation, analytics, risk trend analysis, and lessons learned from incidents, audits, and assessments.
- Promote a culture of transparency, accountability, and proactive cyber risk management throughout the organization.
Education and Experience
- 8+ years of experience in information security, security risk management, compliance, or related fields within a regulated or technology-driven environment, including 3+ years in a leadership or program management capacity.
- Demonstrated experience in assessing, mitigating, and tracking security risks across systems, infrastructure, and third-party vendors, with proven success in driving remediation and program maturity.
- Strong understanding of information security risk frameworks and methodologies, including the Cyber Risk Institute (CRI) Profile, NIST Cybersecurity Framework (CSF), CIS-CSC, and PCI DSS, with hands-on experience applying these standards to projects, systems, and infrastructure.
- Experience developing or enhancing risk management processes, including risk and control matrix development, risk scoring models, control evaluation criteria, and integrating governance workflows with enterprise risk management (ERM) practices.
Proven ability to collaborate across diverse stakeholders, including IT, Enterprise Risk Management, Legal, Compliance, business units, and external partners, to embed security requirements, align with project objectives, and inform decision-making.
- Familiarity with GRC or security compliance platforms (e.g. Archer, ServiceNow, Auditboard) and reporting mechanisms for documenting and tracking risk, remediation, and control testing results.
- Bachelor's or master's degree in information security, Information Technology, Risk Management, or a related field preferred.
- Preferred certifications: CRISC, CISM, CISSP, or CISA.
Summary of Qualifications:
- Strategic and hands-on cybersecurity risk leader with a proven ability to design, implement, and mature enterprise-wide risk management programs.
- Deep understanding of information security risk frameworks (NIST CSF, CRI Profile, PCI DSS, CIS Controls, etc.) and enterprise risk management principles, with practical experience applying them across systems, processes, and third-party vendors.
- Demonstrated success in leading and mentoring small teams, fostering capability growth, and scaling risk management functions to meet enterprise needs.
- Strong analytical and problem-solving skills, adept at evaluating threats, assessing process and control effectiveness, addressing gaps, and translating risks into business-relevant insights.
- Skilled at delivering on and coordinating multiple efforts across IT, business, compliance, and ERM teams, influencing decisions, and driving risk-informed outcomes while maintaining accountability and transparency.
- Excellent communication and interpersonal skills (via email, chat, in-person, and virtual) to engage effectively with technical teams, executives, and non-technical stakeholders.
- High level of attention to detail and organization, ensuring accurate, timely, and complete documentation and reporting.
Recognized as a trusted advisor and credible authority, capable of balancing strategic oversight with hands-on execution in a dynamic and evolving environment.
- Self-motivated and collaborative, with a strong commitment to continuous improvement, accountability, operational excellence, and promoting a culture of proactive security risk management across the organization.
Ideally, the qualified candidate will work at the following location(s): Woodbury, NY; South Jordan, UT; Horsham, PA; Pittsburgh, PA; Orlando, FL. A hybrid work model or fully remote model can be considered based on hiring manager decision and priorities of the role.
The salary range for this position, if located in NY Metro/NY State is $151,165 to $167,961. However, please note that the salary range will vary for other geographic areas.
#INDHP
Our Employee Value Proposition
- Competitive Pay, including a Bonus Target or Variable Pay Incentive Program
- Benefits Package -Medical, Dental, and Vision (plus much more)
- 401(k) Plan with Company Match
- Short- & Long-Term Disability
- Wellness Programs
- Group Life and AD&D Insurance
- Paid Vacation, Sick Days and bank Holidays
- Employee Engagement Activities including Employee Appreciation Day, DEI Employee Resource Groups, Corporate Social Responsibility, Service Recognition
We offer a total rewards package comprised of a competitive base rate of pay, variable pay incentive programs based on the role, and a comprehensive benefit suite. Offered rates of pay are determined based on job-related knowledge, relevant experience, skills, certifications, and geographic location.
We are proud to be an equal opportunity employer. All qualified applicants will receive consideration without regard to age, race, color, sex, or gender identity/expression (including pregnancy, childbirth, transgender status, or sexual orientation), religion or creed, ancestry, citizenship, national origin, disability, military or veteran status, marital status, genetic information, or any other characteristic protected by applicable law.
We do not tolerate discrimination, harassment, or retaliation. Employment decisions are based solely on qualifications, merit, and business needs. Everyone is welcome here, and we hire based on your ability to do the job, not any protected characteristics.
If you need help or reasonable accommodation during the application or hiring process, please let your TA Partner know.
What CardWorks employees say
Pay
Benefits
Hours and flexibility
Workplace
Get the full story on Breakroom