ZipRecruiter

Log In

1

Cyber Risk Manager Jobs in Houston, TX (NOW HIRING)

NRG

Cybersecurity Risk Analyst

Houston, TX · On-site

The Cybersecurity Risk Analyst supports the organization's cyber risk management program by identifying, assessing, documenting, and communicating cyber risk across systems, applications ...

NRG Energy

Cybersecurity Risk Analyst

Houston, TX · Hybrid

The Cybersecurity Risk Analyst supports the organization's cyber risk management program by identifying, assessing, documenting, and communicating cyber risk across systems, applications ...

NRG

Cybersecurity Risk Analyst

Houston, TX · Hybrid

The Cybersecurity Risk Analyst supports the organization's cyber risk management program by identifying, assessing, documenting, and communicating cyber risk across systems, applications ...

Deloitte

Senior Manager - ServiceNow

Houston, TX

Through powerful solutions and managed services that simplify complexity, we enable our clients to ... Oversee the delivery of ServiceNow-based cyber risk solutions, ensuring alignment with best ...

QUALYS

Director of Strategic Alliances

Houston, TX

Cyber risk management and cyber insurance carriers, brokers, and underwriting platforms * Cloud hyperscalers (AWS, Azure, GCP) and cloud marketplace channels * Global Systems Integrators (GSIs ...

New

Deloitte

Cyber Data Protection Manager

Houston, TX · Remote

$106K - $143K/yr

If so, consider joining Deloitte & Touche LLP's growing Cyber Risk Digital Trust & Privacy practice ... Manage and lead the proposal development process * Contribute to Deloitte's thought leadership in ...

Deloitte

Senior Manager - Cloud Architect

Houston, TX

$62.50 - $83/hr

Leading cloud cyber risk engagements across assessment, design, implementation, and post ... Ability to manage and prioritize multiple tasks in a fast-paced and dynamic environment * Strong ...

QUALYS

ETM Sales Specialist

Houston, TX · Hybrid

Our Enterprise TruRisk Management platform empowers organizations to measure, communicate, and eliminate cyber risk with precision. Trusted by thousands of global organizations, Qualys delivers ...

next page

Showing results 1-20

All JobsCyber Risk JobsCyber Risk Manager JobsCyber Risk Manager Jobs in Houston, TX

Cyber Risk Manager information

See Houston, TX salary details

$49.2K

$106.5K

$162.3K

How much do cyber risk manager jobs pay per year?

As of Jun 17, 2026, the average yearly pay for cyber risk manager in Houston, TX is $106,533.00, according to ZipRecruiter salary data. Most workers in this role earn between $85,900.00 and $123,200.00 per year, depending on experience, location, and employer.

How does a Cyber Risk Manager typically collaborate with other departments to strengthen an organization's cybersecurity posture?

A Cyber Risk Manager frequently works with IT, legal, compliance, and business units to identify, assess, and mitigate cyber risks across the organization. This collaboration involves leading risk assessments, facilitating security awareness training, and ensuring that cybersecurity policies align with business objectives. Regular cross-department meetings and incident response simulations are common, fostering a shared responsibility for cyber resilience. Effective communication and relationship-building skills are essential in this role to bridge technical and non-technical teams.

What is the difference between Cyber Risk Manager vs Cybersecurity Analyst?

AspectCyber Risk ManagerCybersecurity Analyst
CertificationsCRISC, CISSP, CISMCompTIA Security+, CISSP, CEH
Work EnvironmentRisk assessment, policy development, strategic planningMonitoring security systems, incident response, vulnerability testing
Employer & Industry UsageFinancial, healthcare, large enterprisesIT departments, security firms, corporate environments

The Cyber Risk Manager focuses on identifying, assessing, and mitigating organizational cyber risks through strategic planning and policy development. In contrast, the Cybersecurity Analyst primarily monitors security systems, responds to incidents, and tests vulnerabilities. Both roles require certifications like CISSP, but their daily tasks and focus areas differ significantly, with the manager taking a broader, strategic approach and the analyst handling operational security tasks.

What are the key skills and qualifications needed to thrive as a Cyber Risk Manager, and why are they important?

To thrive as a Cyber Risk Manager, you need a solid background in information security, risk assessment, and compliance, often supported by a degree in cybersecurity or a related field. Familiarity with risk management frameworks (such as NIST or ISO 27001), GRC tools, and relevant certifications like CISSP or CISM is typically required. Excellent analytical thinking, communication, and leadership skills set top performers apart in this role. These skills are crucial for identifying risks, implementing effective controls, and ensuring the organization’s digital assets remain secure and compliant.

Can you make $500,000 a year in cyber security?

Cyber Risk Managers and senior cybersecurity professionals can potentially earn $500,000 or more annually, especially with extensive experience, advanced certifications like CISSP or CISM, and leadership roles such as Chief Information Security Officer (CISO). High salaries are often associated with large organizations, specialized skills, and strategic responsibilities in cybersecurity management. However, such compensation levels are typically reached after many years of experience and proven expertise in the field.

Is CISO a high paying job?

A Chief Information Security Officer (CISO) is typically a high-paying executive role in cybersecurity, with salaries often exceeding six figures depending on the organization size and industry. CISOs usually have extensive experience, leadership skills, and certifications like CISSP or CISM, which contribute to their compensation. The role involves strategic oversight of an organization's security posture and risk management.

What does a cyber risk manager do?

A cyber risk manager assesses and mitigates cybersecurity threats to an organization’s information systems. They identify vulnerabilities, develop risk management strategies, and implement security controls, often using tools like risk assessment frameworks and security software. The role requires strong analytical skills and relevant certifications such as CISSP or CISM.

What is the 80 20 rule in cyber security?

The 80/20 rule in cybersecurity suggests that approximately 80% of security issues are caused by 20% of vulnerabilities or threats. Cyber Risk Managers focus on identifying and mitigating these critical vulnerabilities to improve overall security posture efficiently.
What are popular job titles related to Cyber Risk Manager jobs in Houston, TX? For Cyber Risk Manager jobs in Houston, TX, the most frequently searched job titles are:
What job categories do people searching Cyber Risk Manager jobs in Houston, TX look for? The top searched job categories for Cyber Risk Manager jobs in Houston, TX are:
What cities near Houston, TX are hiring for Cyber Risk Manager jobs? Cities near Houston, TX with the most Cyber Risk Manager job openings:
Cyber Risk Manager jobs near you
Infographic showing various Cyber Risk Manager job openings in Houston, TX as of June 2026, with employment types broken down into 84% Full Time, 15% Part Time, and 1% Contract. Highlights an 92% Physical, 2% Hybrid, and 6% Remote job distribution, with an average salary of $106,533 per year, or $51.2 per hour.
Cybersecurity Risk Analyst

Cybersecurity Risk Analyst

NRG

Houston, TX • On-site

Full-time

Posted 19 days ago

Job description

As an NRG employee, we encourage you to take charge of your career and development journey. We invite you to explore exciting opportunities across our businesses. You'll find that our dynamic work environment provides variety and challenge. Your growth is key to our ongoing success-take the lead in shaping your career development, goals and future!
JOB SUMMARY:
The Cybersecurity Risk Analyst supports the organization's cyber risk management program by identifying, assessing, documenting, and communicating cyber risk across systems, applications, technologies, and business initiatives. This role partners with Technology, Business, Enterprise Risk and other stakeholders to enable risk-informed decisions and practical risk treatment outcomes.
The role is focused on internal cybersecurity risk assessments evaluating threats, vulnerabilities, control gaps, and business impact while helping stakeholders align on risk acceptance decisions consistent with organizational risk tolerance. Work is guided by the NIST CSF 2.0, with expected familiarity with FAIR and professional AI tools, as well as awareness of emerging technology risks and evolving cyber threats. This role is distinct from team responsibilities centered on third-party risk, vendor contracts, security surveys, or regulatory compliance.
Essential Duties and Responsibilities:
Cybersecurity Risk Assessment
  • Conduct cybersecurity risk assessments for systems, applications, infrastructure, technologies, projects, and business initiatives.
  • Identify, assess, analyze, and document cybersecurity threats, vulnerabilities, control gaps, exploitability considerations, and potential business impacts.
  • Evaluate inherent and residual cyber risk and develop clear, supportable risk statements, ratings, and recommendations.
  • Apply established cybersecurity risk assessment methodologies, frameworks, and reference materials, including FAIR and other relevant cyber risk analysis approaches.
  • Support practical and well-informed cyber risk treatment recommendations, including mitigation, remediation, transfer, avoidance, and acceptance.
  • Assist in identifying and documenting reasonable cyber risk acceptance positions aligned with business objectives, governance expectations, and organizational risk tolerance.

Stakeholder Engagement and Risk Facilitation
  • Partner with stakeholders across Technology, Cybersecurity, Business, and Enterprise Risk to gather information and support effective cyber risk assessments.
  • Facilitate meetings, workshops, and working sessions to bring the right stakeholders together for risk identification, analysis, treatment, and acceptance discussions.
  • Build alignment across teams and help translate technical cybersecurity issues into clear business risk implications and decision points.
  • Coordinate with team members responsible for adjacent activities, including third-party risk management, compliance support, contract review, security surveys, and regulatory matters, while maintaining primary focus on internal cyber risk assessment and analysis.

Vulnerability and Threat-Informed Risk Analysis
  • Work closely with vulnerability management and other cybersecurity teams to understand vulnerability exposure, remediation priorities, compensating controls, and the impact of technical findings on cyber risk.
  • Analyze vulnerability data, remediation status, exploitability, and exposure trends to inform cyber risk assessments and recommendations.
  • Maintain awareness of emerging cyber threats, attack techniques, threat actor activity, and technology developments that may affect the organization's risk posture.

Metrics, Reporting, and Program Support
  • Collect, organize, analyze, and report cybersecurity risk metrics, trends, and themes to support leadership reporting and program oversight.
  • Prepare clear and concise risk assessment documentation, reports, summaries, and presentations for technical and non-technical stakeholders.
  • Support the continuous improvement of cybersecurity risk assessment processes, templates, standards, and reporting practices.
  • Use approved AI-enabled tools responsibly to support cyber risk research, analysis, documentation, and operational efficiency in accordance with company requirements.
  • Incorporate considerations related to artificial intelligence, generative AI, and other emerging technology risks into cybersecurity risk assessments, as applicable.

Working Conditions:
  • Hybrid.
  • Travel minimally.

Minimum Requirements:
  • A bachelor's degree in Cybersecurity, Information Technology, Information Systems, Risk Management, Business, or a related field is preferred but not required.
  • A minimum of five years of experience in cybersecurity, information security, cyber risk, technology risk, vulnerability management, IT audit, or a related discipline is essential.
  • Demonstrated experience performing cybersecurity or technology risk assessments is required.
  • Familiarity with the NIST Cybersecurity Framework (CSF) 2.0 is required.
  • Familiarity with FAIR and other recognized cybersecurity risk assessment methodologies, models, or reference resources are required.
  • Experience with vulnerability management concepts, processes, and reporting, including the ability to interpret vulnerability data in a risk context, is required.
  • Proficiency in Microsoft Office products, including Word, Excel, PowerPoint, and SharePoint, is expected.
  • Ability to effectively apply approved AI technologies such as CoPilot in a professional environment is expected.

Additional Knowledge, Skills and Abilities:
Technical & Domain Expertise:
  • Strong understanding of cybersecurity risk principles, threats, vulnerabilities, control environments, and risk treatment concepts.
  • Working knowledge of cybersecurity frameworks and references, including NIST CSF 2.0, and familiarity with related standards such as NIST 800-53, CIS Controls, ISO 27001, or COBIT.
  • Familiarity with cyber risk analysis methods such as FAIR; familiarity with quantitative risk analysis concepts, including Monte Carlo simulation, is preferred but not required.
  • Knowledge of vulnerability management practices and the ability to connect technical findings to broader business and cyber risk considerations.
  • Awareness of artificial intelligence, generative AI, and emerging technology risks, and the ability to incorporate those considerations into cyber risk assessments.
  • Experience in energy, utilities, critical infrastructure, or other highly regulated industries is preferred.
  • Knowledge of operational technology, industrial control systems, or energy generation and retail environments is preferred.

Skills & Competencies:
  • Strong analytical, critical thinking, and problem-solving capabilities.
  • Effective stakeholder engagement and facilitation skills, with the ability to bring teams together and drive productive risk discussions.
  • Ability to gather, interpret, and present risk metrics and related data in a meaningful and actionable manner.
  • Strong written and verbal communication skills, including the ability to prepare professional documentation and communicate effectively with both technical and non-technical audiences.
  • Ability to translate complex cybersecurity issues into clear, concise, and business-relevant risk information.
  • Strong organizational skills and the ability to manage multiple priorities while delivering high-quality work within established deadlines.
  • Demonstrated ability to work collaboratively across Cybersecurity, Technology, Business, and Enterprise Risk teams.

Physical Requirements:
  • From time to it may be required to move light computer equipment such as laptops.

NRG Energy is committed to a drug and alcohol-free workplace. To the extent permitted by law and any applicable collective bargaining agreement, employees are subject to periodic random drug testing, and post-accident and reasonable suspicion drug and alcohol testing. EOE AA M/F/Vet/Disability. Level, Title and/or Salary may be adjusted based on the applicant's experience or skills.
Official description on file with Talent.
NRG logo

About NRG

Sourced by ZipRecruiter

At NRG, we're bringing the power of energy to people and organizations by putting customers at the center of everything we do. We generate electricity and provide energy solutions and natural gas to millions of customers through our diverse portfolio of retail brands. A Fortune 500 company, operating in the United States and Canada, NRG delivers innovative solutions while advocating for competitive energy markets and customer choice, working towards a sustainable energy future. More information is available at www.nrg.com. Connect with NRG on Facebook, LinkedIn and follow us on Twitter @nrgenergy.

Industry

Oil and coal products manufacturing

Company size

5,001 - 10,000 Employees

Headquarters location

Houston, TX, US

View All NRG Jobs

Apply