1

Cyber Risk Manager Jobs in Philadelphia, PA (NOW HIRING)

Within TRM, the global Identity, Directory & Access Management (IDAM) organization ensures that the right people have the right access to the right information. The Cyber Risk Analyst is responsible ...

Job Title Cyber Risk Controls Officer About Your Role You will be responsible for strengthening ... Work closely with risk assessment owners, application owners, and control stakeholders to manage ...

The Zoetis Tech & Digital (ZTD) Global Technology Risk Management (TRM) Organizationis responsible ... Experience: * 5+ years of hands-on experience in vulnerability management, cyber risk, or related ...

Risk Manager

Media, PA

$75K - $98K/yr

The Risk Manager ensures compliance with applicable federal, Commonwealth of Pennsylvania, and ... compensation, cyber, and other applicable coverages. Serve as liaison with insurance carriers ...

Risk Manager

Media, PA · On-site

$75K - $98K/yr

The Risk Manager ensures compliance with applicable federal, Commonwealth of Pennsylvania, and ... cyber, and other applicable coverages. * Serve as liaison with insurance carriers, brokers, and ...

... risk or their cyber insurancepolicy services * Workwith clients both internally and externally to ... management, patch management, user access controls, endpoint security and incident response

Cyber Data Protection Manager

Philadelphia, PA · Remote

$112K - $151K/yr

If so, consider joining Deloitte & Touche LLP's growing Cyber Risk Digital Trust & Privacy practice ... Manage and lead the proposal development process * Contribute to Deloitte's thought leadership in ...

next page

Showing results 1-20

Cyber Risk Manager information

See Philadelphia, PA salary details

$49.2K

$106.6K

$162.5K

How much do cyber risk manager jobs pay per year?

As of Jul 14, 2026, the average yearly pay for cyber risk manager in Philadelphia, PA is $106,617.00, according to ZipRecruiter salary data. Most workers in this role earn between $86,000.00 and $123,300.00 per year, depending on experience, location, and employer.

How does a Cyber Risk Manager typically collaborate with other departments to strengthen an organization's cybersecurity posture?

A Cyber Risk Manager frequently works with IT, legal, compliance, and business units to identify, assess, and mitigate cyber risks across the organization. This collaboration involves leading risk assessments, facilitating security awareness training, and ensuring that cybersecurity policies align with business objectives. Regular cross-department meetings and incident response simulations are common, fostering a shared responsibility for cyber resilience. Effective communication and relationship-building skills are essential in this role to bridge technical and non-technical teams.

What is the difference between Cyber Risk Manager vs Cybersecurity Analyst?

AspectCyber Risk ManagerCybersecurity Analyst
CertificationsCRISC, CISSP, CISMCompTIA Security+, CISSP, CEH
Work EnvironmentRisk assessment, policy development, strategic planningMonitoring security systems, incident response, vulnerability testing
Employer & Industry UsageFinancial, healthcare, large enterprisesIT departments, security firms, corporate environments

The Cyber Risk Manager focuses on identifying, assessing, and mitigating organizational cyber risks through strategic planning and policy development. In contrast, the Cybersecurity Analyst primarily monitors security systems, responds to incidents, and tests vulnerabilities. Both roles require certifications like CISSP, but their daily tasks and focus areas differ significantly, with the manager taking a broader, strategic approach and the analyst handling operational security tasks.

What are the key skills and qualifications needed to thrive as a Cyber Risk Manager, and why are they important?

To thrive as a Cyber Risk Manager, you need a solid background in information security, risk assessment, and compliance, often supported by a degree in cybersecurity or a related field. Familiarity with risk management frameworks (such as NIST or ISO 27001), GRC tools, and relevant certifications like CISSP or CISM is typically required. Excellent analytical thinking, communication, and leadership skills set top performers apart in this role. These skills are crucial for identifying risks, implementing effective controls, and ensuring the organization’s digital assets remain secure and compliant.

Can you make $200,000 in cyber security?

Cyber Risk Managers and senior cybersecurity professionals can earn $200,000 or more annually, especially with extensive experience, advanced certifications like CISSP or CISM, and in high-demand industries or locations. Salary levels depend on factors such as expertise, certifications, industry, and geographic region, with leadership roles and specialized skills commanding higher compensation.

Can you make $500,000 a year in cyber security?

Cyber Risk Managers and senior cybersecurity professionals can potentially earn $500,000 or more annually, especially with extensive experience, advanced certifications like CISSP or CISM, and leadership roles such as Chief Information Security Officer. High salaries are often associated with large organizations, specialized skills, and strategic responsibilities in cybersecurity management.

What does a cyber risk manager do?

A cyber risk manager assesses and mitigates cybersecurity threats to an organization’s information systems. They develop risk management strategies, implement security policies, and often use tools like risk assessment frameworks and security audits to protect digital assets. Certification such as CISSP or CISM can enhance their effectiveness in this role.

Is a CISO a stressful job?

A Chief Information Security Officer (CISO) role is often considered high-stress due to the responsibility for an organization's cybersecurity strategy, risk management, and incident response. The job requires managing complex threats, compliance requirements, and often involves long hours, especially during security breaches or audits.
What are popular job titles related to Cyber Risk Manager jobs in Philadelphia, PA? For Cyber Risk Manager jobs in Philadelphia, PA, the most frequently searched job titles are:
What job categories do people searching Cyber Risk Manager jobs in Philadelphia, PA look for? The top searched job categories for Cyber Risk Manager jobs in Philadelphia, PA are:
What cities near Philadelphia, PA are hiring for Cyber Risk Manager jobs? Cities near Philadelphia, PA with the most Cyber Risk Manager job openings:
Infographic showing various Cyber Risk Manager job openings in Philadelphia, PA as of July 2026, with employment types broken down into 87% Full Time, and 13% Contract. Highlights an 100% In-person job distribution, with an average salary of $106,617 per year, or $51.3 per hour.
Cyber Risk Analyst

Cyber Risk Analyst

Zoetis, Inc.

Malvern, PA • On-site

Full-time

Posted 19 days ago


Zoetis rating

7.8

Company rating: 7.8 out of 10

Based on 75 frontline employees who took The Breakroom Quiz

44th of 74 rated pharmaceutical


Job description

POSITION SUMMARY
Zoetis, Inc. is the world's largest producer of medicine and vaccinations for pets and livestock. The Zoetis Tech & Digital (ZTD) Global Technology Risk Management (TRM) Organization is responsible for protecting Zoetis' information resources. Within TRM, the global Identity, Directory & Access Management (IDAM) organization ensures that the right people have the right access to the right information.
The Cyber Risk Analyst is responsible for overseeing the organization's vulnerability management program, focusing on IT infrastructure, endpoints, networks, and cloud environments. This role ensures proactive identification, analysis, prioritization, and remediation of technical vulnerabilities while embedding risk management practices to minimize security threats and support compliance objectives. Additionally, the Cyber Risk Analyst will help track enterprise security risk by monitoring risk metrics, maintaining risk registers, and providing regular updates to leadership, enabling informed decision-making and a holistic understanding of the organization's security posture.
POSITION RESPONSIBILITIES
  • Own the enterprise cybersecurity risk register, taxonomy, and exception workflows with clear escalation thresholds.
  • Define and track KRIs/KPIs (e.g., residual risk, SLA compliance, control effectiveness); deliver executive dashboards and briefings.
  • Ensure asset and telemetry data quality and coverage; standardize with a Common Information Model (CIM).
  • Drive prioritized remediation roadmaps; enforce SLAs with automated reminders and escalations; verify fixes via retest.
  • Integrate post-incident lessons into the risk register and backlog; validate controls through purple-team exercises.
  • Include third-party/vendor and application security findings for a holistic enterprise risk view.
  • Map risks to policies and regulatory frameworks (NIST, ISO 27001, PCI-DSS, HIPAA); support audits and evidence collection.
  • Continuously improve VM processes, tooling, and control designs; measure the efficacy of controls and exceptions.
  • Be hands-on: query/validate data, build metrics/dashboards, and translate technical issues into clear risk treatment plans.
  • Engage stakeholders to drive decisions and timelines; tie outcomes to OKRs focused on risk reduction and faster decision cycles.

EDUCATION AND EXPERIENCE
Education:
  • Bachelor's degree in computer sciences, Information Security, Information Systems, Engineering, Sciences or relevant professional experience.

Experience:
  • 5+ years of hands-on experience in vulnerability management, cyber risk, or related roles within enterprise IT environments.

TECHNICAL SKILLS REQUIREMENTS
  • Proficiency with vulnerability scanning and security testing tools (e.g., Tenable, Qualys, Rapid7, Falcon Spotlight, AppScan) and using results to improve security operations.
  • Experience across infrastructure systems, endpoints, network devices, and cloud platforms (AWS, Azure, Microsoft 365/O365).
  • Ability to interpret, prioritize, and report technical risk from vulnerability data using analytics and data visualization tools (e.g., Power BI, Tableau).
  • Working knowledge and practical application of security frameworks and compliance requirements (e.g., NIST, PCI-DSS, HIPAA, ISO 27001).
  • Experience coordinating remediation across technical and business teams, managing SLAs, and improving remediation processes.
  • Understanding of vulnerability assessments, security policy development, enterprise security strategy, architecture concepts, and governance practices.
  • Broad understanding of security technologies, core security principles, control frameworks, and risk considerations for both on-prem and cloud solutions; familiarity with threat modeling concepts.
  • Ability to research vulnerabilities and exploit techniques and translate findings into operational improvements.
  • Hands-on capability to troubleshoot complex issues and implement solutions in enterprise environments.
  • Strong project management skills with ability to manage multiple priorities in fast-paced operational environments.
  • Strong written/verbal communication skills; ability to present clearly, negotiate effectively, and influence stakeholders across levels; able to work independently and in teams.
  • High standards of ethics, professionalism, and integrity.
  • Experience in regulated industries (e.g., pharmaceuticals) is desirable.
  • Ability to articulate business-focused security outcomes that guide service direction and improve security posture.

PHYSICAL POSITION REQUIREMENTS
  • Primarily office-based work involving sitting, computer use, and meetings.
  • Ability to work flexible hours as needed to coordinate with global teams and support audit readiness activities.
  • Occasional travel may be required for audits, regulatory meetings, or integration activities.
  • No unusual physical demands or attendance requirements expected.

Travel Requirements: 5%-10%
Full time
Regular
Colleague
Any unsolicited resumes sent to Zoetis from a third party, such as an Agency recruiter, including unsolicited resumes sent to a Zoetis mailing address, fax machine or email address, directly to Zoetis employees, or to Zoetis resume database will be considered Zoetis property. Zoetis will NOT pay a fee for any placement resulting from the receipt of an unsolicited resume.
Zoetis will consider any candidate for whom an Agency has submitted an unsolicited resume to have been referred by the Agency free of any charges or fees. This includes any Agency that is an approved/engaged vendor but does not have the appropriate approvals to be engaged on a search.
Notice: Zoetis Recruiters will contact candidates via email from an address ending in @zoetis.com and may also initially connect with candidates through LinkedIn, including LinkedIn InMail. Zoetis does not use Gmail, Outlook, Yahoo, or other web-based/generic email domains to communicate about job opportunities, interviews, or offers of employment. If you receive a recruitment-related email message claiming to be from Zoetis that does not come from @zoetis.com, please treat it as suspicious. For your security, do not reply, click links, open attachments, share personal or financial information, or send money in response to unexpected or questionable recruitment communications.
Zoetis is committed to equal opportunity in the terms and conditions of employment for all employees and job applicants without regard to race, color, religion, sex, sexual orientation, age, gender identity or gender expression, national origin, disability or veteran status or any other protected classification. Disabled individuals are given an equal opportunity to use our online application system. We offer reasonable accommodations as an alternative if requested by an individual with a disability. Please contact Zoetis Colleague Services at zoetiscolleagueservices@zoetis.com to request an accommodation. Zoetis also complies with all applicable national, state and local laws governing nondiscrimination in employment as well as employment eligibility verification requirements of the Immigration and Nationality Act. All applicants must possess or obtain authorization to work in the US for Zoetis. Zoetis retains sole and exclusive discretion to pursue sponsorship for the acquisition or maintenance of nonimmigrant status and employment eligibility, considering factors such as availability of qualified US workers. Individuals requiring sponsorship must disclose this fact. Please note that Zoetis seeks information related to job applications from candidates for jobs in the U.S. solely via the following: (1) our company website at www.Zoetis.com/careers site, or (2) via email to/from addresses using only the Zoetis domain of "@zoetis.com". In addition, Zoetis does not use Google Hangout for any recruitment related activities. Any solicitation or request for information related to job applications with Zoetis via any other means and/or utilizing email addresses with any other domain should be disregarded. In addition, Zoetis will never ask candidates to make any type of personal financial investment related to gaining employment with Zoetis.

What Zoetis employees say

Pay

Benefits

Hours and flexibility

Workplace

Get the full story on Breakroom