ZipRecruiter

Log In

1

Cyber Security Risk Management Jobs (NOW HIRING)

NRG

Cybersecurity Risk Analyst

Houston, TX · On-site

The Cybersecurity Risk Analyst supports the organization's cyber risk management program by identifying, assessing, documenting, and communicating cyber risk across systems, applications ...

NRG Energy

Cybersecurity Risk Analyst

Houston, TX · Hybrid

The Cybersecurity Risk Analyst supports the organization's cyber risk management program by identifying, assessing, documenting, and communicating cyber risk across systems, applications ...

NRG

Cybersecurity Risk Analyst

Houston, TX · Hybrid

The Cybersecurity Risk Analyst supports the organization's cyber risk management program by identifying, assessing, documenting, and communicating cyber risk across systems, applications ...

Cerus

Cybersecurity Risk & Resilience Manager

Concord, CA · Hybrid

$121.80K - $164.60K/yr

Help shape and mature Cerus' cybersecurity program, including risk management practices, governance processes, policies, standards, and roadmap priorities. * Develop and maintain a practical ...

next page

Showing results 1-20

People also search for

All JobsCyber Security Risk Management Jobs

Cyber Security Risk Management information

See salary details

$57K

$133K

$186K

How much do cyber security risk management jobs pay per year?

As of May 29, 2026, the average yearly pay for cyber security risk management in the United States is $132,962.00, according to ZipRecruiter salary data. Most workers in this role earn between $111,000.00 and $150,000.00 per year, depending on experience, location, and employer.

What are the key skills and qualifications needed to thrive as a Cyber Security Risk Management professional, and why are they important?

To thrive in Cyber Security Risk Management, you need a solid understanding of risk assessment methodologies, information security frameworks (such as ISO 27001 or NIST), and often a relevant degree or certification like CISSP or CISM. Familiarity with security tools, vulnerability assessment platforms, and risk management software is typically required. Strong analytical thinking, attention to detail, and effective communication are crucial soft skills for identifying threats and conveying risk to stakeholders. These skills ensure that organizations can proactively manage and mitigate cyber threats, safeguarding critical assets and maintaining compliance.

What are some typical challenges faced by professionals in Cyber Security Risk Management, and how can they be addressed?

Professionals in Cyber Security Risk Management often encounter challenges such as staying updated with rapidly evolving threats, balancing security needs with business objectives, and ensuring compliance with various regulations. Addressing these challenges requires continuous learning, effective communication with stakeholders, and the implementation of robust risk assessment frameworks. Collaboration with IT, legal, and business teams is essential to develop practical security policies that protect assets without hindering operations.

What is cyber security risk management?

Cyber security risk management is the process of identifying, assessing, and prioritizing risks to an organization's information systems and data. It involves evaluating potential threats and vulnerabilities, determining the likelihood and impact of these risks, and implementing measures to mitigate or manage them. Effective risk management helps organizations protect sensitive data, ensure regulatory compliance, and minimize the impact of cyber attacks. This process is ongoing and adapts to new threats and changes in technology.

Can you make $500,000 a year in cyber security?

Cyber security risk management professionals can potentially earn $500,000 or more annually, especially at senior levels, in leadership roles, or with specialized skills such as threat intelligence or security architecture. Achieving this income typically requires extensive experience, advanced certifications like CISSP or CISM, and working in high-demand industries or organizations with complex security needs.

What is the difference between Cyber Security Risk Management vs Cyber Security Analyst?

AspectCyber Security Risk ManagementCyber Security Analyst
CertificationsCompTIA Security+, CISSP, CISMCompTIA Security+, CEH, CISSP (preferred)
Work EnvironmentPolicy development, risk assessment, strategic planningMonitoring security systems, incident response, vulnerability analysis
Employer & Industry UsageOrganizations focusing on risk mitigation and complianceOrganizations implementing and maintaining security measures

Cyber Security Risk Management professionals focus on identifying, assessing, and mitigating security risks at an organizational level, often involved in policy and strategy. Cyber Security Analysts primarily monitor security systems, analyze threats, and respond to incidents. While both roles require similar certifications and work within the same industry, their core responsibilities differ: risk managers develop strategies, whereas analysts execute security measures and respond to threats.

More about Cyber Security Risk Management jobs
What cities are hiring for Cyber Security Risk Management jobs? Cities with the most Cyber Security Risk Management job openings:
What states have the most Cyber Security Risk Management jobs? States with the most job openings for Cyber Security Risk Management jobs include:
What job categories do people searching Cyber Security Risk Management jobs look for? The top searched job categories for Cyber Security Risk Management jobs are:
Cyber Security Risk Management jobs near you
Infographic showing various Cyber Security Risk Management job openings in the United States as of May 2026, with employment types broken down into 59% Full Time, 35% Part Time, and 6% Contract. Highlights an 67% Physical, and 33% Hybrid job distribution, with an average salary of $132,962 per year, or $63.9 per hour.
Manager, Cybersecurity Risk Management

Manager, Cybersecurity Risk Management

Bechtel

Reston, VA • On-site

Part-time

Posted 15 days ago

Bechtel rating

8.1

Company rating: 8.1 out of 10

Based on 62 frontline employees who took The Breakroom Quiz

119th of 349 rated engineering

Job description

Requisition ID: 292696
  • Relocation Authorized: None
  • Telework Type: Part-Time Telework
  • Work Location: Reston, VA

Extraordinary teams building inspiring projects:
Since 1898, we have helped customers complete more than 25,000 projects in 160 countries on all seven continents that have created jobs, grown economies, improved the resiliency of the world's infrastructure, increased access to energy, resources, and vital services, and made the world a safer, cleaner place.
Differentiated by the quality of our people and our relentless drive to deliver the most successful outcomes, we align our capabilities to our customers' objectives to create a lasting positive impact. We serve the Infrastructure; Nuclear, Security & Environmental; Energy; Mining & Metals, and the Manufacturing and Technology markets. Our services span from initial planning and investment, through start-up and operations.
Core to Bechtel is our Vision, Values and Commitments. They are what we believe, what customers can expect, and how we deliver. Learn more about our extraordinary teams building inspiring projects in our Impact Report.
Job Summary:
The Manager, Cybersecurity Risk Management focuses efforts on managing and reporting on cyber risks globally across Bechtel, playing a crucial role in assessing and managing risk, and driving mitigation plans associated with our wider cybersecurity program. The manager drives a comprehensive risk management program, while supporting peer cybersecurity teams in maturing and standardizing their programs. The manager identifies and mitigates security risks; provides subject matter expertise and technical guidance to process owners; partners with Service Owners, GBU Managers, IT Architecture, Operations and Support, and Software Development, to contribute to the reporting of a comprehensive view of the security risk posture and its impact on the business.
Major Responsibilities:
Risk Oversight
  • Develops and maintains a comprehensive cybersecurity risk management strategy, leads enterprise-wide cyber risk assessments and mitigation / remediation activities.
  • Collaborates with IT, legal, compliance, and business units to ensure risk mitigation strategies are embedded in operations.
  • Monitors emerging threats and risk posture and activities accordingly.
  • Presents risk analysis, metrics, and mitigation plans to management and stakeholders.
  • Identifies risk and mitigating controls for information security exceptions based on adherence to relevant company policies, standards, baselines, and industry standards (e.g., ISO 27001, NIST, GDPR, HIPAA, CIS, FedRAMP).
  • Mentors and develops junior risk analysts and cybersecurity professionals.
  • Assists with the administration and maintenance of the ServiceNow GRC platform.

Strategic Leadership, Business Partnership & Enablement
  • Translates risk insights into strategic decisions and enterprise-wide policies.
  • Contributes to the design of cybersecurity strategies by advising on risk reduction priorities related to exception and risk register trends.
  • Develops metrics to track exception mitigation rates, approval / review rates, aging, and SLA compliance.
  • Drives initiatives that reduce recurring exception requests through enterprise-wide solutions.

Analytics
  • Monitors the effectiveness of the information security exceptions process in accordance with agreed upon metrics and performance measures to drive continuous improvements.
  • Conducts root cause analysis on recurring issues to enhance process efficiency and reduce exception requests.
  • Collaborates with cross-functional teams to gather, interpret, and validate mitigating controls to ensure accuracy and relevance.

Education and Experience Requirements:
  • Requires bachelor's degree plus 8+ years experience in information security risk, with at least 3 years in a risk management role or similar function.

Required Knowledge and Skills:
  • Strong knowledge of cybersecurity frameworks, company policies, and regulatory requirements.
  • Strong expertise across commercial and government cloud services (AWS, Azure, GCP, OCI, etc.), on-premises and application environments.
  • Experience with tools such as ServiceNow, GRC tools, Power BI, and cloud technologies.
  • Strong knowledge of risk frameworks (e.g., ISO 27005, NIST, ISO, PCI, SOX, etc.).
  • Proven ability to translate complex technical concepts into plain language for decision-makers.
  • Skilled in preparing polished deliverables that support informed decision-making.
  • Team player who builds trust across technical and non-technical teams.
  • Demonstrated ability to work independently, adapt quickly, and drive tasks forward with limited direction.
  • Strong project management and delegation skills across diverse, cross-functional initiatives

Preferred:
  • Certifications such as CISSP, CISM, CRISC, or CISA.
  • 5+ years of prior experience in EPCM (Engineering, Procurement, Construction / Project Management). Prefer global company background and/or Fortune 500 and/or EPC industry.
  • Comfortable working in a highly iterative environment, both structured and unstructured.
  • Metrics and visualization tools knowledge a plus (i.e., ServiceNow, Power BI, Tableau,).
  • Advanced user of M365 Suite to prepare all project plans, deliverables, presentations, reports, and findings.

Total Rewards/Benefits:
For decades, Bechtel has worked to inspire the next generation of employees and beyond! Because our teams face some of the world's toughest challenges, we offer robust benefits to ensure our people thrive. Whether it is advancing careers, delivering programs to enhance our culture, or providing time to recharge, Bechtel has the benefits to build a legacy of sustainable growth. Learn more at Bechtel Total Rewards
Diverse teams build the extraordinary:
As a global company, Bechtel has long been home to a vibrant multitude of nationalities, cultures, ethnicities, and life experiences. This diversity has made us a more trusted partner, more effective problem solvers and innovators, and a more attractive destination for leading talent.
We are committed to being a company where every colleague feels that they belong-where colleagues feel part of "One Team," respected and rewarded for what they bring, supported in pursuing their goals, invested in our values and purpose, and treated equitably. Click here to learn more about the people who power our legacy.
Bechtel is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity and expression, age, national origin, disability, citizenship status (except as authorized by law), protected veteran status, genetic information, and any other characteristic protected by federal, state or local law. Applicants with a disability, who require a reasonable accommodation for any part of the application or hiring process, may e-mail their request to acesstmt@bechtel.com

What Bechtel employees say

Pay

Benefits

Hours and flexibility

Workplace

Get the full story on Breakroom

Apply