1

Cyber Security Risk Management Jobs in Washington

The role involves managing Third-Party Risk Management (TPRM) operations and supporting the broader ... cybersecurity risk assessments to determine cyber clearance eligibility before contract execution ...

Risk Manager

Rockville, MD · On-site

$155K - $165K/yr

... cybersecurity tasks such as information security policy development and implementation; security compliance monitoring; security audit management; risk assessment; system authorization; security ...

Apply Early

... cybersecurity tasks such as information security policy development and implementation; security compliance monitoring; security audit management; risk assessment; system authorization; security ...

... cybersecurity tasks such as information security policy development and implementation; security compliance monitoring; security audit management; risk assessment; system authorization; security ...

... cybersecurity tasks such as information security policy development and implementation; security compliance monitoring; security audit management; risk assessment; system authorization; security ...

If you are an experienced researcher with an interest in risk management and cybersecurity, we want to hear from you! As a Senior Cyber Risk Engineer, you will work directly with government, industry ...

next page

Showing results 1-20

Cyber Security Risk Management information

See Washington salary details

$64.6K

$150.6K

$210.7K

How much do cyber security risk management jobs pay per year?

As of Jul 3, 2026, the average yearly pay for cyber security risk management in Washington is $150,592.00, according to ZipRecruiter salary data. Most workers in this role earn between $125,700.00 and $169,900.00 per year, depending on experience, location, and employer.

What are the key skills and qualifications needed to thrive as a Cyber Security Risk Management professional, and why are they important?

To thrive in Cyber Security Risk Management, you need a solid understanding of risk assessment methodologies, information security frameworks (such as ISO 27001 or NIST), and often a relevant degree or certification like CISSP or CISM. Familiarity with security tools, vulnerability assessment platforms, and risk management software is typically required. Strong analytical thinking, attention to detail, and effective communication are crucial soft skills for identifying threats and conveying risk to stakeholders. These skills ensure that organizations can proactively manage and mitigate cyber threats, safeguarding critical assets and maintaining compliance.

What is cyber security risk management?

Cyber security risk management is the process of identifying, assessing, and prioritizing risks to an organization's information systems and data. It involves evaluating potential threats and vulnerabilities, determining the likelihood and impact of these risks, and implementing measures to mitigate or manage them. Effective risk management helps organizations protect sensitive data, ensure regulatory compliance, and minimize the impact of cyber attacks. This process is ongoing and adapts to new threats and changes in technology.

What is the difference between Cyber Security Risk Management vs Cyber Security Analyst?

AspectCyber Security Risk ManagementCyber Security Analyst
CertificationsCompTIA Security+, CISSP, CISMCompTIA Security+, CEH, CISSP (preferred)
Work EnvironmentPolicy development, risk assessment, strategic planningMonitoring security systems, incident response, vulnerability analysis
Employer & Industry UsageOrganizations focusing on risk mitigation and complianceOrganizations implementing and maintaining security measures

Cyber Security Risk Management professionals focus on identifying, assessing, and mitigating security risks at an organizational level, often involved in policy and strategy. Cyber Security Analysts primarily monitor security systems, analyze threats, and respond to incidents. While both roles require similar certifications and work within the same industry, their core responsibilities differ: risk managers develop strategies, whereas analysts execute security measures and respond to threats.

What does a cyber risk manager do?

A cyber risk manager assesses and prioritizes cybersecurity threats to an organization, develops strategies to mitigate risks, and implements security policies. They often use tools like risk assessment frameworks and require certifications such as CISSP or CISM to effectively manage security risks in a dynamic environment.

What are some typical challenges faced by professionals in Cyber Security Risk Management, and how can they be addressed?

Professionals in Cyber Security Risk Management often encounter challenges such as staying updated with rapidly evolving threats, balancing security needs with business objectives, and ensuring compliance with various regulations. Addressing these challenges requires continuous learning, effective communication with stakeholders, and the implementation of robust risk assessment frameworks. Collaboration with IT, legal, and business teams is essential to develop practical security policies that protect assets without hindering operations.

Can you make $500,000 a year in cyber security?

Cyber security risk management professionals can potentially earn $500,000 or more annually, especially at senior levels, in leadership roles, or with extensive experience and specialized certifications like CISSP or CISM. High salaries are often associated with executive positions, consulting, or working for large organizations with complex security needs.

Can I make $200,000 a year in cyber security?

Cyber Security Risk Management professionals can potentially earn $200,000 or more annually, especially with extensive experience, advanced certifications like CISSP or CISM, and roles in high-demand sectors or leadership positions. Salaries vary based on location, company size, and individual expertise, but high-level cybersecurity roles often reach or exceed this income level.

Is security risk management a good career?

Security risk management is a valuable career in cybersecurity, focusing on identifying and mitigating potential threats to an organization’s information systems. It often requires knowledge of security frameworks, risk assessment tools, and certifications like CISSP or CISM, and offers strong job growth and demand across various industries.
What are popular job titles related to Cyber Security Risk Management jobs in Washington? For Cyber Security Risk Management jobs in Washington, the most frequently searched job titles are:
What job categories do people searching Cyber Security Risk Management jobs in Washington look for? The top searched job categories for Cyber Security Risk Management jobs in Washington are:
What cities in Washington are hiring for Cyber Security Risk Management jobs? Cities in Washington with the most Cyber Security Risk Management job openings:
Infographic showing various Cyber Security Risk Management job openings in Washington as of June 2026, with employment types broken down into 81% Full Time, 15% Part Time, 1% Temporary, and 3% Contract. Highlights an 92% Physical, 3% Hybrid, and 5% Remote job distribution, with an average salary of $150,592 per year, or $72.4 per hour.
Cybersecurity Risk Analyst

Cybersecurity Risk Analyst

ECLARO

Manassas, VA • On-site

Full-time

Posted 3 days ago


Job description

Job Summary:
ECLARO is a leading technology solutions provider seeking a Cybersecurity Risk Analyst for their client in Manassas, VA. The role involves managing Third-Party Risk Management (TPRM) operations and supporting the broader Cyber Governance & Risk initiatives, requiring strong analytical skills and the ability to translate technical risk data into business intelligence.
Responsibilities:
• Other related duties may be assigned.
• Third-Party Risk Management (TPRM) Operations:
• Evaluate new and prospective vendors through structured cybersecurity risk assessments to determine cyber clearance eligibility before contract execution or system access.
• Serve as the primary SME and platform administrator for TPRM solution (SAFe), maintaining data integrity, configuring risk workflows, and driving continuous platform optimization.
• Maintain and continuously update the enterprise vendor inventory, tracking risk tier classification, assessment status, contract dates, and lifecycle position for all third parties.
• Execute structured vendor onboarding workflows, including security due diligence, contractual security requirements review, and formal risk acceptance documentation.
• Monitor and triage automated vendor security alerts generated through SAFe; analyze alert severity and communicate actionable risk intelligence to appropriate business and security stakeholders on time.
• Manage vendor offboarding procedures, ensuring complete termination of data and system access, contractual closure, and record retention compliance.
• Conduct periodic reassessments and ongoing monitoring of in-scope vendors according to risk tiering methodology and assessment calendar.
• Develop and maintain Power BI dashboards and reports presenting vendor risk metrics, assessment completion rates, open risks, and trend analysis for leadership and risk committees.
• Cyber Governance, Risk & Insider Threat:
• Support Insider Threat program by monitoring behavioral risk indicators, documenting escalation procedures, and maintaining governance records.
• Assist in the preparation of cybersecurity governance artifacts, including risk registers, policy documents, control metrics, and compliance reports aligned to NIST CSF and applicable regulatory frameworks.
• Generate periodic cyber risk reports for IT leadership, audit, and regulatory audiences, summarizing risk posture, open findings, control gaps, and remediation status.
• Build and maintain Power BI dashboards to visualize governance and risk metrics, control effectiveness trends, and risk KPIs across the organization.
• Participate in risk assessment activities and support internal control evaluations relevant to IT environments.
• Cybersecurity Awareness Training & Metrics Reporting:
• Design and develop custom cybersecurity awareness training content tailored to the specific business operations and risk profiles of individual departments (e.g., Operations, Finance, Customer Engagement, Engineering).
• Assisting in collaborating with department leads to schedule, deploy, and track training completion across the organization.
• Assist in administering phishing simulation campaigns; analyze results and produce actionable reports identifying at-risk user populations and trending behaviors.
• Build and maintain Power BI dashboards tracking cybersecurity awareness KPIs, including training completion rates, phishing click-through rates, repeat offender trends, and department-level performance over time.
• Assist in preparing and presenting monthly and quarterly Cyber Awareness Reports for leadership, translating program metrics into clear risk narratives and recommended actions.
• Stay current with evolving social engineering tactics, threat actor techniques, and regulatory guidance (e.g., CISA advisories) to keep training content timely and impactful.
• Evaluate training platform effectiveness and recommend enhancements or alternative tools to improve learner engagement and retention.
• Disaster Recovery (DR) Coordination & Reporting:
• Coordinate and facilitate Disaster Recovery testing exercises for core business applications in collaboration with technical SMEs across IT Operations.
• Develop DR test plans, scoping documents, timelines, and stakeholder communication plans in coordination with system owners and application custodians.
• Document test execution results, capture gaps or failures, and produce comprehensive post-exercise reports for IT leadership and executive stakeholders.
• Track remediation of identified DR gaps to closure; maintain updated DR runbooks, test records, and lessons-learned logs.
• Assist in the broader Business Continuity Planning (BCP) process as it pertains to cybersecurity resilience and recovery readiness.
• SharePoint Intranet & Stakeholder Dashboard Publishing:
• Design, build, and maintain dedicated SharePoint sites and pages serving as the centralized hub for cybersecurity communications, dashboards, and reporting artifacts.
• Embed and publish Power BI reports directly into SharePoint pages, ensuring stakeholders can access live, role-appropriate dashboards without requiring Power BI licensing or direct platform access.
• Develop audience-specific SharePoint pages tailored to the information needs of distinct stakeholder groups, including IT leadership, department managers, executive sponsors, audit / compliance teams, and general staff, applying role-based access controls and page permissions accordingly.
• Maintain separate SharePoint views for TPRM metrics, cyber awareness training completion and phishing stats, governance and risk posture indicators, and DR testing results, ensuring content remains current and accurate.
• Collaborating with department heads and business units leads to understanding their reporting consumption preferences and translating those needs into intuitive, self-service SharePoint dashboard pages.
• Establish and enforce a publishing cadence (monthly, quarterly) for dashboard refreshes and narrative updates aligned to governance reporting calendar.
• Apply SharePoint governance best practices, including naming conventions, version control, content lifecycle management, and access review procedures.
• Coordinate with IT infrastructure and Microsoft 365 administrators as needed for site provisioning, permissions architecture, and integration with Power BI Service workspaces.
• Internal:
• Communicate within the assigned department and with other departments to ensure understanding and achievement of department and organization goals and standards; provide the highest level of service to internal customers; exchange information and ideas for improvements in the department and organization; coordinate customer service activities, plans, and requirements; and improve the knowledge base of company policies, procedures, and programs.
• Participate in staff meetings to develop and implement present and plans; monitor and revise strategies and programs; confer on mutual issues; exchange information; and share in the determination and formulation of policies and procedures.
• External:
• Provide the highest level of quality customer service to external customers through various forms of communication as well as proactive and professional relationships with customers, the business community, and the general public.
Qualifications:
Required:
• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, Risk Management, or a closely related field.
• Equivalent combination of education and demonstrated professional experience will be considered.
• Minimum 3-5 years of progressive experience in cybersecurity, IT risk management, or a related GRC discipline.
• Demonstrated experience operating or administering a formal TPRM program or third-party risk platform.
• Proven ability to build Power BI reports and dashboards that translate security data into executive-ready metrics.
• Experience developing and delivering cybersecurity awareness training and reporting program metrics.
• Familiarity with Disaster Recovery planning, tabletop exercises, or DR test coordination.
• Power BI Report & Dashboard Development
• Vendor Risk Assessment & Lifecycle Management
• TPRM Platform Administration (SAFe or Equivalent)
• GRC Documentation & Control Mapping
• Security Questionnaire Evaluation (SIG, Custom)
• Phishing Simulation Analysis & Reporting
• Cyber Awareness Metrics Tracking & Presentation
• DR Test Planning, Facilitation & Post-Exercise Reporting
• Insider Threat Monitoring Support
• Advanced Microsoft Excel (Pivot Tables, Data Models)
• Executive-Ready PowerPoint Presentations
• SharePoint Site Management
• Clear written & verbal communication at all org levels.
• Executive-Level Risk Storytelling & Data Narration
• Cross-Functional Stakeholder Engagement
• Analytical Thinking & Risk Prioritization
• Project Coordination & Deadline Management
• Detail Orientation & Documentation Discipline
• Ability to manage multiple concurrent workstreams.
• Vendor Relationship Professionalism
• Collaborative team player with independent initiative.
• Adaptability in a fast-paced utility environment.
• Continuous learning mindset in evolving threat landscape.
• SharePoint site design and intranet page development.
Preferred:
• Experience in a regulated industry (electric utility, energy, financial services, or healthcare).
• Hands-on experience with the SAFe TPRM platform or comparable solutions (One Trust, Process Unity, Prevalent, BitSight, Security Scorecard).
• Working knowledge of NIST CSF (v2.0), NIST SP 800-161 (C-SCRM), or ISO / IEC 27036 supply chain risk standards.
• Familiarity with Insider Threat frameworks and behavioral analytics monitoring.
• Experience with Business Continuity Management frameworks (ISO 22301).
• Background in Learning Management System (LMS) administration and instructional design principles for security awareness content.
• Advanced Power BI skills: DAX measures, row-level security, scheduled refresh, paginated reports.
• One or more of the following certifications: PL-300: Microsoft Power BI Data Analyst, CTPRP: Certified Third Party Risk Professional, Security+: CompTIA Security+
Company:
ECLARO is an award-winning Talent Solutions firm headquartered in New York City and operating in the U.S., Canada and the Philippines. Founded in 1999, the company is headquartered in New York, NY, US, , with a team of 1001-5000 employees. The company is currently Late Stage.