ZipRecruiter

Log In

1

Cybersecurity Risk Management Jobs (NOW HIRING)

NRG

Cybersecurity Risk Analyst

Houston, TX · On-site

The Cybersecurity Risk Analyst supports the organization's cyber risk management program by identifying, assessing, documenting, and communicating cyber risk across systems, applications ...

NRG Energy

Cybersecurity Risk Analyst

Houston, TX · Hybrid

The Cybersecurity Risk Analyst supports the organization's cyber risk management program by identifying, assessing, documenting, and communicating cyber risk across systems, applications ...

NRG

Cybersecurity Risk Analyst

Houston, TX · Hybrid

The Cybersecurity Risk Analyst supports the organization's cyber risk management program by identifying, assessing, documenting, and communicating cyber risk across systems, applications ...

Cerus

Cybersecurity Risk & Resilience Manager

Concord, CA · Hybrid

$121.80K - $164.60K/yr

Help shape and mature Cerus' cybersecurity program, including risk management practices, governance processes, policies, standards, and roadmap priorities. * Develop and maintain a practical ...

next page

Showing results 1-20

People also search for

All JobsCybersecurity Risk Management Jobs

Cybersecurity Risk Management information

See salary details

$57K

$133K

$186K

How much do cybersecurity risk management jobs pay per year?

As of May 29, 2026, the average yearly pay for cybersecurity risk management in the United States is $132,962.00, according to ZipRecruiter salary data. Most workers in this role earn between $111,000.00 and $150,000.00 per year, depending on experience, location, and employer.

What are the key skills and qualifications needed to thrive in Cybersecurity Risk Management, and why are they important?

To thrive in Cybersecurity Risk Management, you need a solid understanding of information security principles, risk assessment methodologies, compliance standards, and typically a degree in cybersecurity or a related field. Familiarity with risk management frameworks (such as NIST or ISO 27001), security tools, and professional certifications like CISSP or CRISC is highly valued. Strong analytical thinking, effective communication, and problem-solving skills help professionals translate technical risks for non-technical stakeholders and foster collaboration. These competencies are crucial to proactively identifying threats, managing vulnerabilities, and ensuring organizational resilience in a rapidly evolving digital landscape.

What are some common challenges faced by professionals in Cybersecurity Risk Management, and how can they be addressed?

Professionals in Cybersecurity Risk Management often encounter challenges such as keeping up with rapidly evolving cyber threats, balancing security needs with business objectives, and ensuring compliance with industry regulations. Addressing these challenges requires continuous learning, effective communication with stakeholders, and close collaboration with IT, legal, and business teams. Building strong partnerships across departments and investing in ongoing training can help mitigate these obstacles and support proactive risk management.

What is cybersecurity risk management?

Cybersecurity risk management is the process of identifying, assessing, and prioritizing risks to an organization's digital assets and information systems. It involves implementing strategies and controls to minimize the impact of potential cyber threats, such as data breaches, malware, and unauthorized access. The goal is to balance security measures with business needs, ensuring sensitive information remains protected while maintaining operational efficiency. Effective risk management is ongoing, adapting to new threats and changes within the organization.

What is the difference between Cybersecurity Risk Management vs Cybersecurity Analyst?

AspectCybersecurity Risk ManagementCybersecurity Analyst
CertificationsCRISC, CISSP, CISMCompTIA Security+, CEH, CISSP
Work EnvironmentRisk assessment, policy development, strategic planningMonitoring security systems, incident response, vulnerability analysis
Employer & Industry UsageFinancial, healthcare, government, large enterprisesIT departments, cybersecurity firms, corporate security teams

Cybersecurity Risk Management focuses on identifying, assessing, and mitigating security risks at an organizational level, often involving policy creation and strategic planning. In contrast, a Cybersecurity Analyst primarily monitors security systems, responds to incidents, and analyzes vulnerabilities. Both roles require similar certifications but serve different functions within cybersecurity teams.

More about Cybersecurity Risk Management jobs
What cities are hiring for Cybersecurity Risk Management jobs? Cities with the most Cybersecurity Risk Management job openings:
What states have the most Cybersecurity Risk Management jobs? States with the most job openings for Cybersecurity Risk Management jobs include:
What job categories do people searching Cybersecurity Risk Management jobs look for? The top searched job categories for Cybersecurity Risk Management jobs are:
Cybersecurity Risk Management jobs near you
Manager, Cybersecurity Risk Management

Manager, Cybersecurity Risk Management

Bechtel

Reston, VA • On-site

Part-time

Posted 16 days ago

Bechtel rating

8.1

Company rating: 8.1 out of 10

Based on 62 frontline employees who took The Breakroom Quiz

119th of 349 rated engineering

Job description

Requisition ID: 292696
  • Relocation Authorized: None
  • Telework Type: Part-Time Telework
  • Work Location: Reston, VA

Extraordinary teams building inspiring projects:
Since 1898, we have helped customers complete more than 25,000 projects in 160 countries on all seven continents that have created jobs, grown economies, improved the resiliency of the world's infrastructure, increased access to energy, resources, and vital services, and made the world a safer, cleaner place.
Differentiated by the quality of our people and our relentless drive to deliver the most successful outcomes, we align our capabilities to our customers' objectives to create a lasting positive impact. We serve the Infrastructure; Nuclear, Security & Environmental; Energy; Mining & Metals, and the Manufacturing and Technology markets. Our services span from initial planning and investment, through start-up and operations.
Core to Bechtel is our Vision, Values and Commitments. They are what we believe, what customers can expect, and how we deliver. Learn more about our extraordinary teams building inspiring projects in our Impact Report.
Job Summary:
The Manager, Cybersecurity Risk Management focuses efforts on managing and reporting on cyber risks globally across Bechtel, playing a crucial role in assessing and managing risk, and driving mitigation plans associated with our wider cybersecurity program. The manager drives a comprehensive risk management program, while supporting peer cybersecurity teams in maturing and standardizing their programs. The manager identifies and mitigates security risks; provides subject matter expertise and technical guidance to process owners; partners with Service Owners, GBU Managers, IT Architecture, Operations and Support, and Software Development, to contribute to the reporting of a comprehensive view of the security risk posture and its impact on the business.
Major Responsibilities:
Risk Oversight
  • Develops and maintains a comprehensive cybersecurity risk management strategy, leads enterprise-wide cyber risk assessments and mitigation / remediation activities.
  • Collaborates with IT, legal, compliance, and business units to ensure risk mitigation strategies are embedded in operations.
  • Monitors emerging threats and risk posture and activities accordingly.
  • Presents risk analysis, metrics, and mitigation plans to management and stakeholders.
  • Identifies risk and mitigating controls for information security exceptions based on adherence to relevant company policies, standards, baselines, and industry standards (e.g., ISO 27001, NIST, GDPR, HIPAA, CIS, FedRAMP).
  • Mentors and develops junior risk analysts and cybersecurity professionals.
  • Assists with the administration and maintenance of the ServiceNow GRC platform.

Strategic Leadership, Business Partnership & Enablement
  • Translates risk insights into strategic decisions and enterprise-wide policies.
  • Contributes to the design of cybersecurity strategies by advising on risk reduction priorities related to exception and risk register trends.
  • Develops metrics to track exception mitigation rates, approval / review rates, aging, and SLA compliance.
  • Drives initiatives that reduce recurring exception requests through enterprise-wide solutions.

Analytics
  • Monitors the effectiveness of the information security exceptions process in accordance with agreed upon metrics and performance measures to drive continuous improvements.
  • Conducts root cause analysis on recurring issues to enhance process efficiency and reduce exception requests.
  • Collaborates with cross-functional teams to gather, interpret, and validate mitigating controls to ensure accuracy and relevance.

Education and Experience Requirements:
  • Requires bachelor's degree plus 8+ years experience in information security risk, with at least 3 years in a risk management role or similar function.

Required Knowledge and Skills:
  • Strong knowledge of cybersecurity frameworks, company policies, and regulatory requirements.
  • Strong expertise across commercial and government cloud services (AWS, Azure, GCP, OCI, etc.), on-premises and application environments.
  • Experience with tools such as ServiceNow, GRC tools, Power BI, and cloud technologies.
  • Strong knowledge of risk frameworks (e.g., ISO 27005, NIST, ISO, PCI, SOX, etc.).
  • Proven ability to translate complex technical concepts into plain language for decision-makers.
  • Skilled in preparing polished deliverables that support informed decision-making.
  • Team player who builds trust across technical and non-technical teams.
  • Demonstrated ability to work independently, adapt quickly, and drive tasks forward with limited direction.
  • Strong project management and delegation skills across diverse, cross-functional initiatives

Preferred:
  • Certifications such as CISSP, CISM, CRISC, or CISA.
  • 5+ years of prior experience in EPCM (Engineering, Procurement, Construction / Project Management). Prefer global company background and/or Fortune 500 and/or EPC industry.
  • Comfortable working in a highly iterative environment, both structured and unstructured.
  • Metrics and visualization tools knowledge a plus (i.e., ServiceNow, Power BI, Tableau,).
  • Advanced user of M365 Suite to prepare all project plans, deliverables, presentations, reports, and findings.

Total Rewards/Benefits:
For decades, Bechtel has worked to inspire the next generation of employees and beyond! Because our teams face some of the world's toughest challenges, we offer robust benefits to ensure our people thrive. Whether it is advancing careers, delivering programs to enhance our culture, or providing time to recharge, Bechtel has the benefits to build a legacy of sustainable growth. Learn more at Bechtel Total Rewards
Diverse teams build the extraordinary:
As a global company, Bechtel has long been home to a vibrant multitude of nationalities, cultures, ethnicities, and life experiences. This diversity has made us a more trusted partner, more effective problem solvers and innovators, and a more attractive destination for leading talent.
We are committed to being a company where every colleague feels that they belong-where colleagues feel part of "One Team," respected and rewarded for what they bring, supported in pursuing their goals, invested in our values and purpose, and treated equitably. Click here to learn more about the people who power our legacy.
Bechtel is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity and expression, age, national origin, disability, citizenship status (except as authorized by law), protected veteran status, genetic information, and any other characteristic protected by federal, state or local law. Applicants with a disability, who require a reasonable accommodation for any part of the application or hiring process, may e-mail their request to acesstmt@bechtel.com

What Bechtel employees say

Pay

Benefits

Hours and flexibility

Workplace

Get the full story on Breakroom

Apply