ZipRecruiter

Log In

1

Cybersecurity Risk Management Jobs in Colorado (NOW HIRING)

Odyssey

System Cybersecurity

Colorado Springs, CO · On-site

$55 - $67.75/hr

... 53, Risk Management Framework as incorporated and directed in DoD and Air Force/Space Force cybersecurity policy, specifically DoDI 8500.01, Cybersecurity , AFI 33-200, Air Force Cybersecurity ...

VDart

Cybersecurity Manager

Denver, CO

$114K - $154K/yr

Financial compliance Role summary Leadership role responsible for cybersecurity program execution, compliance operations (ISO 27001, SOC 2), and risk management within Core Technology. This role will ...

New

True Anomaly

Enterprise Risk Analyst

Denver, CO · On-site

Monitor vendor risk signals including cybersecurity advisories, regulatory actions, and contractual compliance status, escalating material changes to the Enterprise Risk Manager. * Support contract ...

next page

Showing results 1-20

All JobsCybersecurity Risk Management JobsCybersecurity Risk Management Jobs in Colorado

Cybersecurity Risk Management information

See Colorado salary details

$59.9K

$139.8K

$195.6K

How much do cybersecurity risk management jobs pay per year?

As of Jun 19, 2026, the average yearly pay for cybersecurity risk management in Colorado is $139,812.00, according to ZipRecruiter salary data. Most workers in this role earn between $116,700.00 and $157,700.00 per year, depending on experience, location, and employer.

What is the role of a risk manager in cybersecurity?

A cybersecurity risk manager identifies, assesses, and prioritizes security risks to an organization’s information systems. They develop strategies to mitigate threats, implement security controls, and ensure compliance with industry standards, often using tools like risk assessment frameworks and security audits. Their role is essential in protecting digital assets and supporting overall cybersecurity posture.

Is security risk management a good career?

Security risk management is a valuable career in cybersecurity, focusing on identifying and mitigating threats to organizational assets. It often requires knowledge of security frameworks, risk assessment tools, and certifications like CISSP or CISM. The field offers strong job growth, competitive salaries, and opportunities across various industries.

What are some common challenges faced by professionals in Cybersecurity Risk Management, and how can they be addressed?

Professionals in Cybersecurity Risk Management often encounter challenges such as keeping up with rapidly evolving cyber threats, balancing security needs with business objectives, and ensuring compliance with industry regulations. Addressing these challenges requires continuous learning, effective communication with stakeholders, and close collaboration with IT, legal, and business teams. Building strong partnerships across departments and investing in ongoing training can help mitigate these obstacles and support proactive risk management.

What is the difference between Cybersecurity Risk Management vs Cybersecurity Analyst?

AspectCybersecurity Risk ManagementCybersecurity Analyst
CertificationsCRISC, CISSP, CISMCompTIA Security+, CEH, CISSP
Work EnvironmentRisk assessment, policy development, strategic planningMonitoring security systems, incident response, vulnerability analysis
Employer & Industry UsageFinancial, healthcare, government, large enterprisesIT departments, cybersecurity firms, corporate security teams

Cybersecurity Risk Management focuses on identifying, assessing, and mitigating security risks at an organizational level, often involving policy creation and strategic planning. In contrast, a Cybersecurity Analyst primarily monitors security systems, responds to incidents, and analyzes vulnerabilities. Both roles require similar certifications but serve different functions within cybersecurity teams.

What are the key skills and qualifications needed to thrive in Cybersecurity Risk Management, and why are they important?

To thrive in Cybersecurity Risk Management, you need a solid understanding of information security principles, risk assessment methodologies, compliance standards, and typically a degree in cybersecurity or a related field. Familiarity with risk management frameworks (such as NIST or ISO 27001), security tools, and professional certifications like CISSP or CRISC is highly valued. Strong analytical thinking, effective communication, and problem-solving skills help professionals translate technical risks for non-technical stakeholders and foster collaboration. These competencies are crucial to proactively identifying threats, managing vulnerabilities, and ensuring organizational resilience in a rapidly evolving digital landscape.

What is cybersecurity risk management?

Cybersecurity risk management is the process of identifying, assessing, and prioritizing risks to an organization's digital assets and information systems. It involves implementing strategies and controls to minimize the impact of potential cyber threats, such as data breaches, malware, and unauthorized access. The goal is to balance security measures with business needs, ensuring sensitive information remains protected while maintaining operational efficiency. Effective risk management is ongoing, adapting to new threats and changes within the organization.

What is risk management in cyber security?

In cybersecurity risk management, professionals identify, assess, and prioritize potential security threats to an organization’s information systems. They implement strategies and controls to mitigate or accept risks, often using frameworks like NIST or ISO 27001, and may hold certifications such as CISSP or CISM to ensure effective risk handling.

Can you make $500,000 a year in cyber security?

Cybersecurity risk management professionals can potentially earn $500,000 or more annually, especially at senior levels, in leadership roles, or with extensive experience and specialized certifications like CISSP or CISM. High salaries are often associated with executive positions, consulting, or working in large organizations with complex security needs.
What are popular job titles related to Cybersecurity Risk Management jobs in Colorado? For Cybersecurity Risk Management jobs in Colorado, the most frequently searched job titles are:
What job categories do people searching Cybersecurity Risk Management jobs in Colorado look for? The top searched job categories for Cybersecurity Risk Management jobs in Colorado are:
What cities in Colorado are hiring for Cybersecurity Risk Management jobs? Cities in Colorado with the most Cybersecurity Risk Management job openings:
Cybersecurity Risk Management jobs near you
Infographic showing various Cybersecurity Risk Management job openings in Colorado as of June 2026, with employment types broken down into 99% Full Time, and 1% Contract. Highlights an 92% Physical, 2% Hybrid, and 6% Remote job distribution, with an average salary of $139,812 per year, or $67.2 per hour.
Director of Cybersecurity Governance, Risk, and Compliance

Director of Cybersecurity Governance, Risk, and Compliance

Ball Corporation

Westminster, CO • On-site

$143K - $225K/yr

Other

Posted 15 days ago

Ball rating

7.7

Company rating: 7.7 out of 10

Based on 22 frontline employees who took The Breakroom Quiz

Job description

At Ball, integrity and trust are the foundation of who we are. Guided by our core values-"We Care. We Work. We Win."-we create a culture where every voice matters and every idea drives progress.  

Together with our global employees, customers, and partners, we're turning bold sustainability goals into reality and shaping a future we can all be proud of. 

Create a new future. Apply Today. 

The Director of Cybersecurity Governance, Risk, and Compliance (GRC) is accountable for designing, building, and leading enterprisewide cyber risk governance, regulatory compliance strategy, and boardlevel risk reporting for Ball Corporation's global manufacturing and supplychaindriven business. This role sets the enterprise cyber risk posture, translates business risk appetite into enforceable governance mechanisms, and ensures cybersecurity risk is measured, reported, and managed as a business risk and not a purely technical concern. The Director serves as Ball's primary authority on cybersecurity risk governance, regulatory compliance and assurance, and acts as a trusted advisor to the CISO, executive leadership, Legal, Internal Audit, and the Board. The role owns and governs all Security GRC subcapabilities: 1) Security Governance & Program Management, 2) Security Risk Management, 3) Security Assessments & Compliance Management, 4) CyberSupply Chain Risk Management, 5) Business Continuity Planning (cyber integration), 6) Security Training & Awareness, 7) Cyber Metrics and Reporting.

Essential Responsible Areas:

  • Establish and maintain the enterprise cybersecurity governance framework, including policies, standards, risk taxonomy, and accountability models, with a focus on building out missing program elements to elevate maturity.
  • Define and operationalize the enterprise cyber risk management program, including risk identification, assessment, prioritization, escalation, and reporting.
  • Own executive and Boardlevel cybersecurity risk & metrics reporting, ensuring alignment to business impact, materiality, and risk tolerance.
  • Lead the global cybersecurity compliance strategy, ensuring alignment with applicable regulatory, legal, and contractual requirements, with an emphasis on establishing rigorous security controls and repeatable compliance processes.
  • Provide senior oversight of cybersecurity audits, assessments, and assurance activities; ensure consistent and defensible outcomes.
  • Govern cyber supplychain and thirdparty risk management, embedding security risk considerations into vendor lifecycle processes.
  • Ensure cybersecurity risk is integrated into business continuity, crisis management, and enterprise resilience planning.
  • Build, lead, develop, and mentor the Security GRC team, establishing clear interfaces with other cybersecurity and business functions.
  • Ensure cybersecurity governance and compliance requirements are appropriately tailored to regional regulatory, legal, and operational realities while maintaining global consistency.
  • Partner with regional business and technology leaders to address localized cyber risk scenarios, including manufacturing, operational technology (OT), and supplychain considerations.
  • Oversee regional regulatory compliance obligations (e.g., data protection, critical infrastructure, export controls) and support regulatory inquiries or audits as required.
  • Enable effective risk communication and escalation between regions and corporate leadership, ensuring timely visibility of material risks.

Required Qualifications:

  • Bachelor's degree in Information Security, Computer Science, Risk Management, Business Administration, or a related field required; Master's degree (e.g., MBA or MS in Information Security/Risk Management) strongly preferred.
  • Minimum of 15 years of progressive experience in cybersecurity, technology risk, or enterprise risk management, including 7+ years leading and building GRC, risk, or compliance functions within complex, preferably global, organizations.
  • Demonstrated experience operating in regulated, assetintensive, or manufacturingcentric environments.
  • Deep knowledge of cybersecurity governance, risk, and compliance frameworks (with experience implementing NIST CSF and ISO 27001), and familiarity with relevant regulations (e.g., SOX ITGC, data protection laws).
  • CISSP or CISM certification required; CRISC, CGEIT, or similar riskfocused certification strongly preferred.

Compensation & Benefits: 

  • Expected Hiring Salary Range:$143,000, - $225,000   (Salary to be determined by the applicant's education, experience, knowledge, skills, and abilities, as well as internal equity and alignment with market data.)  
  • This role will be eligible to participate in the annual incentive compensation plan. 
  • Please visit our "Total Rewards" page to learn more about Ball's comprehensive benefits structure.  
  • Onsite Work Environment:This position is based in [add the location here] and requires regular in-person engagement by working on-site. Travel and local commute between Ball locations and other possible non-Ball locations may be required.  
  • Hybrid On-Site Work Environment: Based in Colorado, this position requires regular in-person engagement by working on-site for four (4) or more days per work week (with core collaboration days of Tuesday, Wednesday, and Thursday). [Travel and local commute between Ball locations and other possible non-Ball locations may be required.] 

When submitting your application to Ball, we encourage you to emphasize your skills, experience, and qualifications that align with the role.  

Ball Corporation is proud to be an Equal Opportunity Employer. We actively encourage applications from everybody. All qualified job applicants will receive consideration without regard to race, color, religion, creed, national origin, aboriginality, genetic information, ancestry, marital status, sex, sexual orientation, gender identity or expression, physical or mental disability, pregnancy, veteran status, age, political affiliation or any other non-merit characteristic. 

Please note the advertised job title might vary from the job title on the contract due to local job title structure and global HR systems. 

  • Under Colorado, California, Connecticut, Minnesota, and Pennsylvania law, you have the right to exclude or redact age-related details-such as your date of birth, school attendance dates, or graduation dates-from your resume, cover letter, CV, or other supporting documents (e.g., transcripts, certificates).  
  • Legal authorization to work in the U.S. We will not sponsor individuals for employment visa, now or in the future, for this job opening. 

* This position will be posted internally for a minimum of 5 days and will remain open until filled or adjusted based on the volume of applicants. 

No agencies please. 

Global Grade 14A

What Ball employees say

Pay

Benefits

Hours and flexibility

Workplace

Get the full story on Breakroom

Apply