ZipRecruiter

Log In

1

Cyber Risk Manager Jobs in Seattle, WA (NOW HIRING)

Munich Re

The JD reads Cyber and Tech Risk UW SR

Seattle, WA · On-site +1

$112K - $132K/yr

Our cyber offerings are supported by proactive risk management services and data driven insights designed to strengthen operational resilience and reduce loss-putting prevention at the center of ...

Deloitte

Cyber Data Protection Manager

Seattle, WA · Remote

$126K - $170K/yr

If so, consider joining Deloitte & Touche LLP's growing Cyber Risk Digital Trust & Privacy practice ... Manage and lead the proposal development process * Contribute to Deloitte's thought leadership in ...

Deloitte

Senior Manager - Cloud Architect

Seattle, WA · On-site

$74.50 - $99/hr

Leading cloud cyber risk engagements across assessment, design, implementation, and post ... Ability to manage and prioritize multiple tasks in a fast-paced and dynamic environment * Strong ...

Deloitte

Senior Consultant - Cloud Architect

Seattle, WA · On-site

$74 - $94.25/hr

Cloud Architect -Manager Join Deloitte's Cloud Cyber Risk practice and help organizations secure cloud transformation at scale. As a Senior Consultant, Strategy, Growth, and Transformation, you will ...

Deloitte

Consultant - Cloud Architect

Seattle, WA · On-site

$74.50 - $99/hr

This role offers the opportunity to contribute to cyber engagements, work directly with clients, and help organizations manage cyber risk while enabling innovation. Recruiting for this role ends on ...

Deloitte

Consultant - Cloud Architect

Seattle, WA · On-site

$66.50 - $90.75/hr

This role offers the opportunity to lead portions of client engagements, deliver cloud security solutions, and help organizations manage cyber risk while enabling innovation. Recruiting for this role ...

next page

Showing results 1-20

All JobsCyber Risk Manager JobsCyber Risk Manager Jobs in Seattle, WA

Cyber Risk Manager information

See Seattle, WA salary details

$58.6K

$127K

$193.5K

How much do cyber risk manager jobs pay per year?

As of Jun 19, 2026, the average yearly pay for cyber risk manager in Seattle, WA is $126,952.00, according to ZipRecruiter salary data. Most workers in this role earn between $102,400.00 and $146,800.00 per year, depending on experience, location, and employer.

How does a Cyber Risk Manager typically collaborate with other departments to strengthen an organization's cybersecurity posture?

A Cyber Risk Manager frequently works with IT, legal, compliance, and business units to identify, assess, and mitigate cyber risks across the organization. This collaboration involves leading risk assessments, facilitating security awareness training, and ensuring that cybersecurity policies align with business objectives. Regular cross-department meetings and incident response simulations are common, fostering a shared responsibility for cyber resilience. Effective communication and relationship-building skills are essential in this role to bridge technical and non-technical teams.

What is the difference between Cyber Risk Manager vs Cybersecurity Analyst?

AspectCyber Risk ManagerCybersecurity Analyst
CertificationsCRISC, CISSP, CISMCompTIA Security+, CISSP, CEH
Work EnvironmentRisk assessment, policy development, strategic planningMonitoring security systems, incident response, vulnerability testing
Employer & Industry UsageFinancial, healthcare, large enterprisesIT departments, security firms, corporate environments

The Cyber Risk Manager focuses on identifying, assessing, and mitigating organizational cyber risks through strategic planning and policy development. In contrast, the Cybersecurity Analyst primarily monitors security systems, responds to incidents, and tests vulnerabilities. Both roles require certifications like CISSP, but their daily tasks and focus areas differ significantly, with the manager taking a broader, strategic approach and the analyst handling operational security tasks.

What are the key skills and qualifications needed to thrive as a Cyber Risk Manager, and why are they important?

To thrive as a Cyber Risk Manager, you need a solid background in information security, risk assessment, and compliance, often supported by a degree in cybersecurity or a related field. Familiarity with risk management frameworks (such as NIST or ISO 27001), GRC tools, and relevant certifications like CISSP or CISM is typically required. Excellent analytical thinking, communication, and leadership skills set top performers apart in this role. These skills are crucial for identifying risks, implementing effective controls, and ensuring the organization’s digital assets remain secure and compliant.

Can you make $500,000 a year in cyber security?

Cyber Risk Managers and senior cybersecurity professionals can potentially earn $500,000 or more annually, especially with extensive experience, advanced certifications like CISSP or CISM, and leadership roles such as Chief Information Security Officer (CISO). High salaries are often associated with large organizations, specialized skills, and strategic responsibilities in cybersecurity management. However, such compensation levels are typically reached after many years of experience and proven expertise in the field.

Is CISO a high paying job?

A Chief Information Security Officer (CISO) is typically a high-paying executive role in cybersecurity, with salaries often exceeding six figures depending on the organization size and industry. CISOs usually have extensive experience, leadership skills, and certifications like CISSP or CISM, which contribute to their compensation. The role involves strategic oversight of an organization's security posture and risk management.

What does a cyber risk manager do?

A cyber risk manager assesses and mitigates cybersecurity threats to an organization’s information systems. They identify vulnerabilities, develop risk management strategies, and implement security controls, often using tools like risk assessment frameworks and security software. The role requires strong analytical skills and relevant certifications such as CISSP or CISM.

What is the 80 20 rule in cyber security?

The 80/20 rule in cybersecurity suggests that approximately 80% of security issues are caused by 20% of vulnerabilities or threats. Cyber Risk Managers focus on identifying and mitigating these critical vulnerabilities to improve overall security posture efficiently.
What are popular job titles related to Cyber Risk Manager jobs in Seattle, WA? For Cyber Risk Manager jobs in Seattle, WA, the most frequently searched job titles are:
What job categories do people searching Cyber Risk Manager jobs in Seattle, WA look for? The top searched job categories for Cyber Risk Manager jobs in Seattle, WA are:
Cyber Risk Manager jobs near you
Infographic showing various Cyber Risk Manager job openings in Seattle, WA as of June 2026, with employment types broken down into 81% Full Time, 17% Part Time, and 2% Contract. Highlights an 90% Physical, 4% Hybrid, and 6% Remote job distribution, with an average salary of $126,952 per year, or $61 per hour.
Principal, GRC Automation and Cyber Risk

Principal, GRC Automation and Cyber Risk

F5, Inc.

Seattle, WA • On-site

Full-time

Posted 11 days ago

Job description

At F5, we strive to bring a better digital world to life. Our teams empower organizations across the globe to create, secure, and run applications that enhance how we experience our evolving digital world. We are passionate about cybersecurity, from protecting consumers from fraud to enabling companies to focus on innovation.
Everything we do centers around people. That means we obsess over how to make the lives of our customers, and their customers, better. And it means we prioritize a diverse F5 community where each individual can thrive.
The Principal, GRC Automation & Cyber Risk Quantification is a senior engineering and strategic leadership role responsible for designing, implementing, and scaling automated, data-driven cyber risk and GRC capabilities across the enterprise. This role blends deep cyber risk management expertise with hands-on software engineering, GRC platform architecture, workflow automation, API development and systems integration, and emerging AI-enabled and Agentic capabilities to modernize how the organization manages risk, compliance, and governance at scale.
Reporting to the VP, Cyber Governance, Risk & Compliance, this role serves as a force multiplier for the GRC organization, translating complex regulatory and risk frameworks into automated controls, continuous monitoring workflows, decision-ready dashboards, and audit-ready evidence. The principal is expected to write, review, and own production-quality code and partner closely with ERM, Engineering, IT, Legal, Privacy, Internal Audit, and Digital teams to embed risk intelligence directly into business and technology processes.
Key Objectives
  • Shift GRC from manual, point-in-time assessments to continuous, automated, and risk-informed execution by leveraging purpose-built engineering solutions, Python-based tooling, and Agentic workflows.
  • Enable executive and board-ready cyber risk insights grounded in quantitative and business-relevant data, supported by automated data pipelines and integrations.
  • Standardize and automate control mapping, testing, evidence collection, and risk reporting across frameworks and regulators through scalable API-driven architectures.
  • Act as the technical and architectural authority for ServiceNow IRM and adjacent GRC automation capabilities, including custom-developed integrations and Agentic automation agents.

Primary Responsibilities
1. GRC Automation & Platform Architecture
  • Design, build, and evolve end-to-end GRC automation across risk, compliance, policy, and issue management domains - including writing and maintaining Python-based automation scripts, services, and tools.
  • Integrate GRC workflows with source systems (cloud platforms, vulnerability tools, IAM, SDLC, third-party systems) via RESTful APIs, webhooks, and event-driven integration patterns to reduce manual effort and improve data quality.
  • Architect and maintain a systems integration layer connecting GRC platforms to enterprise data sources, enabling real-time risk signal ingestion and automated control validation.
2. Cyber Risk Quantification & Decision Enablement
  • Partner with Cyber Risk leadership to operationalize quantitative and scenario-based risk analysis (e.g., FAIR-aligned methods).
  • Engineer automated pipelines for ingesting threat, vulnerability, asset, and business context data to support risk-based prioritization, leveraging Python data processing libraries (e.g., pandas, NumPy) integration APIs, and Agentic work flows.
  • Enable financially grounded cyber risk outputs that inform:
    • Risk acceptance and investment decisions
    • Executive and board-level reporting
    • Program prioritization and roadmap planning
3. Compliance Automation & Continuous Monitoring
  • Translate regulatory and framework requirements into automated, testable, and traceable controls, implementing these as code-driven workflows and API-integrated monitoring checks.
  • Implement continuous control monitoring and evidence refresh to support ISO, SOX, SOC, and regulatory audits, using automated evidence collection scripts and scheduled integrations.
  • Reduce audit fatigue by standardizing artifacts, workflows, and control narratives across compliance programs.
  • Partner with Internal Audit and external auditors to improve transparency, timeliness, and defensibility of GRC outputs.
4. AI-Enabled GRC & Agentic Development
  • Design, build, and deploy Agentic automation solutions - autonomous AI-driven agents capable of reasoning across GRC data, identifying risks, triggering workflows, and recommending actions with minimal human intervention.
  • Identify and pilot AI-assisted capabilities to accelerate GRC outcomes, such as:
    • Control mapping and gap analysis
    • Risk scenario generation and prioritization
    • Policy-to-control alignment and impact analysis
    • Agentic issue triage, intelligent remediation recommendations, and autonomous evidence collection
  • Develop and integrate LLM-based or agent-framework tooling (e.g., LangChain, AutoGen, or comparable frameworks) into GRC workflows.
  • Ensure all AI-enabled and Agentic GRC use cases align with internal security, privacy, and governance standards.
5. API and Systems Integration
  • Design, develop, and maintain RESTful and GraphQL APIs that expose GRC data and capabilities to downstream consumers including dashboards, reporting tools, and integrated enterprise systems.
  • Own the end-to-end systems integration architecture connecting GRC platforms to security tools, cloud environments, HR systems, asset management, and third-party risk platforms.
  • Establish and enforce API governance standards, including versioning, authentication, documentation (OpenAPI/Swagger), and rate management.
  • Build and maintain integration middleware, ETL pipelines, and event-driven connectors to ensure consistent, reliable data flows across GRC systems.
6. Stakeholder Partnership & Influence
  • Serve as a trusted advisor to security, IT, engineering, and business leaders on risk-based automation, control design, and engineering best practices for GRC tooling.
  • Influence teams to embed GRC requirements directly into SDLC, cloud, procurement, and third-party workflows.
  • Translate technical implementations - including architecture diagrams, API designs, and automation logic - into clear, executive-ready narratives for leadership consumption.

Knowledge, Skills & Abilities
Knowledge
  • Deep understanding of cyber risk management and GRC frameworks (NIST CSF, NIST 800-53/171, ISO 27001, SOC 2, SOX).
  • Strong grasp of enterprise risk management (ERM) concepts and alignment.
  • Working knowledge of quantitative cyber risk analysis (FAIR or similar approaches).
  • Familiarity with audit, regulatory, and certification processes.
  • Understanding of software engineering principles, API design patterns, and systems integration methodologies.
  • Knowledge of Agentic AI frameworks and multi-agent system design principles.
Skills
  • Expertise designing and automating workflows within ServiceNow IRM or comparable GRC platforms.
  • Proficient Python developer - able to write clean, maintainable, production-ready code for automation scripts, data pipelines, API clients, and Agentic workflows.
  • Experienced in API development and integration - designing and consuming REST APIs, managing authentication (OAuth, API keys), and building integration layers.
  • Demonstrated systems integration experience - connecting heterogeneous enterprise systems through APIs, webhooks, message queues, or ETL frameworks.
  • Hands-on experience with Agentic development - building autonomous AI agents using frameworks.
  • Ability to translate abstract frameworks into practical, automated, and scalable implementations.
  • Strong systems thinking, connecting people, process, technology, and data.
  • Excellent written and verbal communication skills, including executive-level storytelling.
Abilities
  • Operate comfortably at both strategic and hands-on engineering levels.
  • Influence without authority in a highly matrixed environment.
  • Drive change from legacy/manual processes to modern, code-driven automated execution.
  • Independently scope, build, and ship engineering solutions with minimal oversight.

Qualifications
Required
  • Bachelor's degree in Cybersecurity, Information Systems, Computer Science, Engineering, Risk Management, or related field.
  • 10+ years of experience across cybersecurity, risk management, GRC, or security architecture roles - with at least 3-5 years in a hands-on engineering or software development capacity.
  • Demonstrated Python programming proficiency applied to automation, data processing, tooling, or security use cases.
  • Proven API development and integration experience, including designing, building, and consuming APIs in enterprise environments.
  • Demonstrated systems integration experience, connecting GRC, security, cloud, or enterprise systems at scale.
  • Demonstrated experience automating or scaling GRC, risk, or compliance programs using enterprise platforms.
  • Strong experience partnering with cross-functional technical and business teams.
Preferred
  • Master's degree in a related field.
  • Experience with FAIR or quantitative risk methods.
  • Hands-on experience with Agentic AI development - building and deploying autonomous agents for task automation, decision support, or workflow orchestration.
  • Familiarity with LLM orchestration frameworks (LangChain, LangGraph, AutoGen, CrewAI, or similar).
  • Experience with Python data and automation libraries (pandas, NumPy, FastAPI, Celery, Airflow, etc.).
  • Experience with API gateway tooling, integration platforms (e.g., MuleSoft, Boomi, Workato), or message broker systems (Kafka, RabbitMQ).
  • Hands-on experience with AI, data analytics, or workflow automation applied to GRC use cases.
  • Professional certifications (CISSP, CISM, CRISC, Open FAIR).

Why This Role Matters
This role is foundational to advancing the organization's GRC maturity by reducing friction, increasing signal, and enabling leadership to make faster, better-informed risk decisions. It is a highly visible engineering leadership position with direct impact on executive confidence, audit outcomes, and enterprise risk posture. The ideal candidate is equally comfortable writing Python code and building Agentic workflows as they are presenting risk insights to a board of directors - a rare blend of engineering depth and strategic influence that will define the next generation of GRC capability.
The Job Description is intended to be a general representation of the responsibilities and requirements of the job. However, the description may not be all-inclusive, and responsibilities and requirements are subject to change.
The annual base pay for this position is: $167,200.00 - $250,800.00
F5 maintains broad salary ranges for its roles in order to account for variations in knowledge, skills, experience, geographic locations, and market conditions, as well as to reflect F5's differing products, industries, and lines of business. The pay range referenced is as of the time of the job posting and is subject to change.
You may also be offered incentive compensation, bonus, restricted stock units, and benefits. More details about F5's benefits can be found at the following link: https://www.f5.com/company/careers/benefits. F5 reserves the right to change or terminate any benefit plan without notice.
Please note that F5 only contacts candidates through F5 email address (ending with @f5.com) or auto email notification from Workday (ending with f5.com or @myworkday.com)
Equal Employment Opportunity
It is the policy of F5 to provide equal employment opportunities to all employees and employment applicants without regard to unlawful considerations of race, religion, color, national origin, sex, sexual orientation, gender identity or expression, age, sensory, physical, or mental disability, marital status, veteran or military status, genetic information, or any other classification protected by applicable local, state, or federal laws. This policy applies to all aspects of employment, including, but not limited to, hiring, job assignment, compensation, promotion, benefits, training, discipline, and termination. F5 offers a variety of reasonable accommodations for candidates. Requesting an accommodation is completely voluntary. F5 will assess the need for accommodations in the application process separately from those that may be needed to perform the job. Request by contacting accommodations@f5.com.

Apply