1

Cyber Security Risk Management Jobs (NOW HIRING)

As Alcoa's Cybersecurity Risk Management program continues to mature, the Analyst plays a critical role in shaping and enhancing program capabilities. About the Role: * Contribute to the development ...

As Alcoa's Cybersecurity Risk Management program continues to mature, the Analyst plays a critical role in shaping and enhancing program capabilities. About the Role: * Contribute to the development ...

next page

Showing results 1-20

Cyber Security Risk Management information

See salary details

$57K

$133K

$186K

How much do cyber security risk management jobs pay per year?

As of Jul 12, 2026, the average yearly pay for cyber security risk management in the United States is $132,962.00, according to ZipRecruiter salary data. Most workers in this role earn between $111,000.00 and $150,000.00 per year, depending on experience, location, and employer.

What are the key skills and qualifications needed to thrive as a Cyber Security Risk Management professional, and why are they important?

To thrive in Cyber Security Risk Management, you need a solid understanding of risk assessment methodologies, information security frameworks (such as ISO 27001 or NIST), and often a relevant degree or certification like CISSP or CISM. Familiarity with security tools, vulnerability assessment platforms, and risk management software is typically required. Strong analytical thinking, attention to detail, and effective communication are crucial soft skills for identifying threats and conveying risk to stakeholders. These skills ensure that organizations can proactively manage and mitigate cyber threats, safeguarding critical assets and maintaining compliance.

What is cyber security risk management?

Cyber security risk management is the process of identifying, assessing, and prioritizing risks to an organization's information systems and data. It involves evaluating potential threats and vulnerabilities, determining the likelihood and impact of these risks, and implementing measures to mitigate or manage them. Effective risk management helps organizations protect sensitive data, ensure regulatory compliance, and minimize the impact of cyber attacks. This process is ongoing and adapts to new threats and changes in technology.

What is the difference between Cyber Security Risk Management vs Cyber Security Analyst?

AspectCyber Security Risk ManagementCyber Security Analyst
CertificationsCompTIA Security+, CISSP, CISMCompTIA Security+, CEH, CISSP (preferred)
Work EnvironmentPolicy development, risk assessment, strategic planningMonitoring security systems, incident response, vulnerability analysis
Employer & Industry UsageOrganizations focusing on risk mitigation and complianceOrganizations implementing and maintaining security measures

Cyber Security Risk Management professionals focus on identifying, assessing, and mitigating security risks at an organizational level, often involved in policy and strategy. Cyber Security Analysts primarily monitor security systems, analyze threats, and respond to incidents. While both roles require similar certifications and work within the same industry, their core responsibilities differ: risk managers develop strategies, whereas analysts execute security measures and respond to threats.

What does a cyber risk manager do?

A cyber risk manager assesses and prioritizes cybersecurity threats to an organization, develops strategies to mitigate risks, and implements security policies. They often use tools like risk assessment frameworks and require certifications such as CISSP or CISM to effectively manage security risks in a dynamic environment.

What are some typical challenges faced by professionals in Cyber Security Risk Management, and how can they be addressed?

Professionals in Cyber Security Risk Management often encounter challenges such as staying updated with rapidly evolving threats, balancing security needs with business objectives, and ensuring compliance with various regulations. Addressing these challenges requires continuous learning, effective communication with stakeholders, and the implementation of robust risk assessment frameworks. Collaboration with IT, legal, and business teams is essential to develop practical security policies that protect assets without hindering operations.

Can you make $500,000 a year in cyber security?

Cyber security risk management professionals can potentially earn $500,000 or more annually, especially at senior levels, in leadership roles, or with extensive experience and specialized certifications like CISSP or CISM. High salaries are often associated with executive positions, consulting, or working for large organizations with complex security needs.

Can I make $200,000 a year in cyber security?

Cyber Security Risk Management professionals can potentially earn $200,000 or more annually, especially with extensive experience, advanced certifications like CISSP or CISM, and roles in high-demand sectors or leadership positions. Salaries vary based on location, company size, and individual expertise, but high-level cybersecurity roles often reach or exceed this income level.

Is security risk management a good career?

Security risk management is a valuable career in cybersecurity, focusing on identifying and mitigating potential threats to an organization’s information systems. It often requires knowledge of security frameworks, risk assessment tools, and certifications like CISSP or CISM, and offers strong job growth and demand across various industries.
More about Cyber Security Risk Management jobs
What cities are hiring for Cyber Security Risk Management jobs? Cities with the most Cyber Security Risk Management job openings:
What states have the most Cyber Security Risk Management jobs? States with the most job openings for Cyber Security Risk Management jobs include:
What job categories do people searching Cyber Security Risk Management jobs look for? The top searched job categories for Cyber Security Risk Management jobs are:
Infographic showing various Cyber Security Risk Management job openings in the United States as of July 2026, with employment types broken down into 3% Locum Tenens, 1% Internship, 92% Full Time, 2% Part Time, and 2% Contract. Highlights an 92% Physical, 2% Hybrid, and 6% Remote job distribution, with an average salary of $132,962 per year, or $63.9 per hour.

Specialist, Cybersecurity - Risk Management

Saudi Basic Industries Corp.

Houston, TX • On-site

Other

Posted 11 days ago


Job description

Specialist, Cybersecurity - Risk Management
Finance
Posting Start Date: 6/29/26
Posting End Date: 7/28/26
Job Summary
The Cybersecurity Risk Management Specialist is responsible for governing changes that could introduce cybersecurity risk into the environment, via IT and OT changes. They operationally govern the environment, following the enterprise's cybersecurity policies and standards, via defining and enforcing operational processes for cybersecurity risk assessment and remediation covering the organization's IT and OT environment. They establish operational risk management processes and operational playbooks, aligned to corporate cybersecurity policy and agreed upon risk management frameworks and enterprise risk management guidelines, to ensure secure IT and OT changes, while providing enterprise-wide cybersecurity risk visibility.
They serve as the focal point and technical consultant to the business units and IT and OT project team and management to assess and identify cybersecurity risks related to environment changes. They establish risk remediation approaches based upon corporate policies and standards, steering and facilitating implementation of any needed cybersecurity controls with the appropriate control owners.
They are responsible for planning, managing, and coordinating various cybersecurity risk management activities, focused on identifying, assessing, and mitigating unacceptable risks while enabling the underlying business goals and objectives. They also oversee and manage all 3rd-party risk management and act as a gatekeeper for enabling integrations with 3rd-party partners, suppliers, and vendors, overseeing TPRM assessments and specifying controls needed to protect the organization's data and connectivity with 3rd-parties.
Job Responsibilities

  • Maintain enterprise risk management operational frameworks and risk scoring criteria in accordance with company cybersecurity policies, standards, and frameworks and enterprise risk management guidelines.
  • Perform cybersecurity risk assessments for all qualifying IT and OT environment changes.
  • Coordinate with the cybersecurity architecture senior specialist to validate risk assessment findings, and to request guidance when pre-approved risk mitigation strategies are not available for identified risks.
  • Establish and track risk remediation plans for all identified risks.
  • Coordinate with the cybersecurity assurance specialist to ensure ongoing verification of mitigated risks are effective over time.
  • Implement, manage, and maintain risk-related workflows, including coordination with the appropriate risk owners and authority functions to obtain approval for risk exceptions and policy deviations.
  • Act as a gatekeeper between Implementation Phase and production go-live (Manage & Measure phase) to ensure all identified risks have been addressed via closure of risk remediation plans.
  • Ensure all 3rd-party / external partner, vendor, and supplier interactions have undergone an appropriate risk assessment to verify the safety, security, and risk mitigation of all 3rd-party integrations and interactions.
  • Maintain a register of approved 3rd-parties, including the controls required to ensure safe and secure interactions, and the approved use case(s) of each 3rd-party
  • Establish and maintain a 3rd-party re-verification program to verify that usage, risks, and risk mitigations are updated as needed, if any 3rd-party relationships change over time
  • Coordinate with the cybersecurity Assurance team to ensure on-going operational validation of 3rd-party integrations and interactions
  • Review all third-party contracts for IT / OT services and solutions to ensure all required risk-mitigating controls and clauses are included and enforced contractually.
  • Oversight and management of the enterprise cybersecurity risk register to facilitate the monitoring and reporting of risks.
  • - Management of the operational risk assessment methodology covering the organization's IT , OT, and 3rd-party integration components related to secure, compliant and resilient operations.
  • Oversight of the managed services providers performing risk assessments to ensure they are following the methodology in compliance with company policies, standards, processes, and expectations.
  • Provide evidence to Assurance function, Legal, approved stakeholders, and contribute to internal and external audits and assessments as needed in regard to cybersecurity risks.
  • - Ensure feedback from cybersecurity Assurance role and similar stakeholders are used to improve risk assessment methodologies and processes
  • Identifies gaps and needs in regard to risk assessment, working with the cybersecurity architect role to ensure needs are incorporated into the cybersecurity strategy and roadmap.
  • Manages control implementations and improvement projects in the area of risk management, following the organization's project management and project execution processes.
  • Drives operational risk assessment maturity and process improvements and automation for processes and controls in-scope of role.
Job Requirements
  • BS or MA in computer science, information security, cybersecurity or a related field
  • Cybersecurity certification in risk assessment (or appropriate on-the job experience)
  • 5+ years of experience in a cybersecurity, enterprise (ERM), or IT risk management role
  • 5+ years of experience with regulatory compliance, risk management frameworks and information security management frameworks (e.g. ISO, NIST, etc)
  • Strong understanding of Zero Trust principals
  • Cybersecurity principles and practices, including IT and OT cybersecurity risk assessment, cybersecurity risk mitigation, and third-party risk assessment.
  • Cybersecurity frameworks and standards, such as the NIST CSF, Secure Controls Framework, ISO/IEC 27001, and OT cybersecurity standards (62443, ...).
  • Strong background in conducting Business Impact Analysis (BIA) to evaluate the potential impact of cybersecurity risk on critical business processes and functions.
  • Third Party and Vendor Risk
  • Regulatory and Compliance alignment
  • Strong communication skills
  • Planning and organizing
  • Personal Leadership
  • Analytical and Risk Based decision making.