ZipRecruiter

Log In

1

Cyber Security Risk Management Jobs in California

Analygence

Cybersecurity Assessment Lead

Coronado, CA · On-site

$117K - $159K/yr

The Cybersecurity Assessment Lead serves as the senior assessor overseeing cybersecurity assessment activities supporting Risk Management Framework (RMF) authorization processes for customer networks ...

Analygence

Cybersecurity Assessment Lead

Coronado, CA · On-site

$117K - $159K/yr

The Cybersecurity Assessment Lead serves as the senior assessor overseeing cybersecurity assessment activities supporting Risk Management Framework (RMF) authorization processes for customer networks ...

Hyundai Capital

Sr. Cybersecurity GRC Manager

Irvine, CA · On-site

$119K - $161K/yr

Strong knowledge of Information Security risk management frameworks, Governance, Risk, and ... Cybersecurity Regulation, PCI-DSS, FFIEC, SOX, and other relevant laws and regulations Strong ...

Accelint

Sr Cyber Engineer (ISSE)

San Diego, CA · On-site

They are seeking an Information Systems Security Engineer (ISSE) / Cybersecurity Engineer to support Risk Management Framework (RMF), cybersecurity engineering, and compliance activities across ...

next page

Showing results 1-20

All JobsCyber Security Risk Management JobsCyber Security Risk Management Jobs in California

Cyber Security Risk Management information

See California salary details

$56.3K

$131.2K

$183.6K

How much do cyber security risk management jobs pay per year?

As of Jun 30, 2026, the average yearly pay for cyber security risk management in California is $131,221.00, according to ZipRecruiter salary data. Most workers in this role earn between $109,500.00 and $148,000.00 per year, depending on experience, location, and employer.

What are the key skills and qualifications needed to thrive as a Cyber Security Risk Management professional, and why are they important?

To thrive in Cyber Security Risk Management, you need a solid understanding of risk assessment methodologies, information security frameworks (such as ISO 27001 or NIST), and often a relevant degree or certification like CISSP or CISM. Familiarity with security tools, vulnerability assessment platforms, and risk management software is typically required. Strong analytical thinking, attention to detail, and effective communication are crucial soft skills for identifying threats and conveying risk to stakeholders. These skills ensure that organizations can proactively manage and mitigate cyber threats, safeguarding critical assets and maintaining compliance.

What is cyber security risk management?

Cyber security risk management is the process of identifying, assessing, and prioritizing risks to an organization's information systems and data. It involves evaluating potential threats and vulnerabilities, determining the likelihood and impact of these risks, and implementing measures to mitigate or manage them. Effective risk management helps organizations protect sensitive data, ensure regulatory compliance, and minimize the impact of cyber attacks. This process is ongoing and adapts to new threats and changes in technology.

What is risk management in cyber security?

In cyber security risk management, professionals identify, assess, and prioritize potential security threats to an organization’s information systems. They implement strategies and controls to mitigate or accept risks, often using frameworks like NIST or ISO 27001, to protect data and ensure business continuity.

Is 40 too old for cyber security?

Cyber security risk management is a field open to individuals of all ages, and age is not a barrier to entering the profession. Many professionals successfully transition into cyber security later in their careers by gaining relevant certifications like CISSP or CompTIA Security+ and developing skills in areas such as threat analysis and security tools. Experience, continuous learning, and adaptability are often more important than age in this industry.

What is the difference between Cyber Security Risk Management vs Cyber Security Analyst?

AspectCyber Security Risk ManagementCyber Security Analyst
CertificationsCompTIA Security+, CISSP, CISMCompTIA Security+, CEH, CISSP (preferred)
Work EnvironmentPolicy development, risk assessment, strategic planningMonitoring security systems, incident response, vulnerability analysis
Employer & Industry UsageOrganizations focusing on risk mitigation and complianceOrganizations implementing and maintaining security measures

Cyber Security Risk Management professionals focus on identifying, assessing, and mitigating security risks at an organizational level, often involved in policy and strategy. Cyber Security Analysts primarily monitor security systems, analyze threats, and respond to incidents. While both roles require similar certifications and work within the same industry, their core responsibilities differ: risk managers develop strategies, whereas analysts execute security measures and respond to threats.

What are some typical challenges faced by professionals in Cyber Security Risk Management, and how can they be addressed?

Professionals in Cyber Security Risk Management often encounter challenges such as staying updated with rapidly evolving threats, balancing security needs with business objectives, and ensuring compliance with various regulations. Addressing these challenges requires continuous learning, effective communication with stakeholders, and the implementation of robust risk assessment frameworks. Collaboration with IT, legal, and business teams is essential to develop practical security policies that protect assets without hindering operations.

Can you make $500,000 a year in cyber security?

Cyber security risk management professionals can potentially earn $500,000 or more annually, especially at senior levels, in leadership roles, or with extensive experience and specialized certifications like CISSP or CISM. High salaries are often associated with executive positions, consulting, or working for large organizations with complex security needs.

Is security risk management a good career?

Security risk management is a valuable career in cybersecurity, focusing on identifying and mitigating potential threats to an organization’s information systems. It often requires knowledge of security frameworks, risk assessment tools, and certifications like CISSP or CISM, and offers strong job growth and demand across various industries.
What are popular job titles related to Cyber Security Risk Management jobs in California? For Cyber Security Risk Management jobs in California, the most frequently searched job titles are:
What job categories do people searching Cyber Security Risk Management jobs in California look for? The top searched job categories for Cyber Security Risk Management jobs in California are:
What cities in California are hiring for Cyber Security Risk Management jobs? Cities in California with the most Cyber Security Risk Management job openings:
Cyber Security Risk Management jobs near you
Director, Cybersecurity Governance, Risk and Compliance

Director, Cybersecurity Governance, Risk and Compliance

DIRECTV

El Segundo, CA • On-site

$118K - $159K/yr

Full-time

Posted 7 days ago

DIRECTV rating

7.2

Company rating: 7.2 out of 10

Based on 37 frontline employees who took The Breakroom Quiz

47th of 80 rated telecommunications companies

Job description

The Director, Cybersecurity Governance, Risk and Compliance (GRC) is responsible for leading DIRECTV's enterprise cybersecurity governance, risk management, compliance, policy, and security assurance programs. This role provides strategic leadership and operational oversight across cybersecurity governance functions, ensuring cybersecurity risks are effectively managed, regulatory and contractual obligations are met, and cybersecurity initiatives align with business objectives.
The Director serves as the primary leader for cybersecurity governance activities, executive cybersecurity reporting, risk management, compliance programs, security awareness initiatives, supplier security oversight, and security assurance testing programs.
This position manages a team of cybersecurity professionals and contractors and serves as a key partner to technology, business, audit, legal, procurement, privacy, and executive leadership teams.
Here's what you'll do:
Cybersecurity Governance
  • Lead the enterprise Cybersecurity Governance Program.
  • Develop and maintain cybersecurity KPIs, KRIs, scorecards, and executive reporting.
  • Prepare and facilitate monthly Cybersecurity Governance Reviews and executive presentations.
  • Track cybersecurity initiatives, remediation activities, and strategic priorities.
  • Drive accountability for cybersecurity performance across the organization.

Cyber Risk Management
  • Lead enterprise cyber risk identification, assessment, reporting, and remediation programs.
  • Maintain cybersecurity risk registers and risk treatment plans.
  • Facilitate risk reviews with business and technology stakeholders.
  • Present cybersecurity risk posture to senior leadership.

Policy, Standards and Governance
  • Own cybersecurity policies, standards, procedures, and governance frameworks.
  • Ensure alignment with industry standards and regulatory requirements.
  • Maintain governance processes supporting cybersecurity decision-making.

Compliance and Audit
  • Lead cybersecurity compliance activities supporting PCI DSS, SOX, regulatory, and contractual requirements.
  • Coordinate internal and external audits.
  • Manage remediation efforts resulting from audit findings and assessments.
  • Maintain cybersecurity control documentation and evidence repositories.

Third-Party and Supplier Security
  • Lead Supplier Information Security Requirement (SISR) governance and oversight.
  • Manage third-party cybersecurity risk assessments and monitoring.
  • Partner with Procurement, Legal, and Vendor Management organizations to ensure supplier security compliance.

Security Awareness and Training
  • Lead enterprise cybersecurity awareness, training, and phishing simulation programs.
  • Establish metrics to measure effectiveness and maturity.
  • Drive continuous improvement of employee cybersecurity culture.

Security Assurance and Testing Programs
  • Provide governance oversight of:
    • Static Application Security Testing (SAST)
    • Dynamic Application Security Testing (DAST)
    • Application Penetration Testing
    • Infrastructure Penetration Testing
    • Vulnerability Assessment Programs
  • Ensure testing results are tracked, reported, and remediated appropriately.

Leadership and People Management
  • Lead and develop cybersecurity governance personnel and contractors.
  • Manage vendor and consulting relationships supporting GRC activities.
  • Establish goals, objectives, and performance measures for the organization.
  • Build a scalable governance function supporting DIRECTV's cybersecurity strategy.

What you'll need to be successful:
Required
  • Bachelor's degree in Cybersecurity, Information Technology, Business, Engineering, or related field.
  • 5 - 7 years required, 10+ years desired progressive cybersecurity experience.
  • 5+ years of leadership experience managing cybersecurity programs and teams.
  • Deep knowledge of cybersecurity governance, risk management, compliance, and security frameworks.
  • Experience with PCI DSS, NIST Cybersecurity Framework, ISO 27001, CIS Controls, and risk management methodologies.
  • Experience presenting cybersecurity metrics and risk information to executive leadership.
  • Strong written and verbal communication skills.

Preferred
  • CISSP, CISM, CRISC, CGEIT, PCI ISA, or equivalent certifications.
  • Experience leading enterprise cybersecurity governance programs.
  • Experience in telecommunications, media, technology, or highly regulated industries.
  • Experience building cybersecurity governance organizations during periods of transformation or separation activities.

Reporting Relationship
Reports to: Senior Director, IT & Corporate Cybersecurity
Organization Scope
  • Direct leadership responsibility for Cybersecurity Governance, Risk and Compliance functions.
  • Oversight of approximately six contractor resources and future employee growth within the GRC organization.
  • Enterprise-wide responsibility for cybersecurity governance, risk management, compliance, policy, awareness, supplier security, and security assurance oversight.

May require a background check due to job duties requiring routine access to DIRECTV and DIRECTV customer's proprietary data. Qualified applicants with arrest and conviction will be considered for employment in accordance with local ordinances and state law.
This is a remote position that can be located anywhere in the contiguous United States. #LI-Remote
A career with us comes with big rewards:
DIRECTV's compensation structure is designed to be market-competitive and fully supports efforts to attract and retain employees. It is the company's policy to offer pay that is competitive with other employers in the local market. Our salary ranges are determined by role, level, and location.
The Base Salary range displayed below reflects the minimum and maximum target salary for each of DIRECTV's 4 (four) US Labor Market Zones. Within the range, individual pay is determined by work location and additional factors, including job-related skills, experience, and relevant education or training.
DIRECTV WAGE ZONES: $147,830 - $268,307
Low (N1): $147,830 - $221,645
Mid (N2): $155,610 - $233,310
High (N3): $171,171 - $256,641
Top (N4): $178,952 - $268,307
Click HERE to review information on some of the largest Designated Market Areas (DMAs). Your recruiter can share more about the specific salary range for your preferred location during the hiring process.
Please note that the salary ranges reflect base salary only and do not include bonus or benefits - when you consider all of these together, it represents a pretty impressive total compensation package.
Apply today!
Fair Chance Ordinance Notice for Los Angeles County applying for jobs at DIRECTV
Compliance Notice Regarding Use of Automated Decision-Making Tools in Hiring Process

What DIRECTV employees say

Pay

Benefits

Hours and flexibility

Workplace

Get the full story on Breakroom

Apply