1

Cybersecurity Risk Management Jobs in Ohio (NOW HIRING)

Cybersecurity, Senior (ISSM)

Kettering, OH · On-site

$89K - $115K/yr

Provide the PMO/Capability Development Manager (CDM) cybersecurity support per DoWI 8500.01 to include assessing and continuously monitoring cybersecurity risk ensuring that legacy and new ...

Cybersecurity, Senior (ISSM)

Kettering, OH · On-site

$89K - $115K/yr

Provide the PMO/Capability Development Manager (CDM) cybersecurity support per DoDI 8500.01. Support includes assessing and continuously monitoring cybersecurity risk ensuring that legacy and new ...

Cybersecurity, Senior (ISSM)

Kettering, OH · On-site

$89K - $115K/yr

Provide the PMO/Capability Development Manager (CDM) cybersecurity support per DoDI 8500.01. Support includes assessing and continuously monitoring cybersecurity risk ensuring that legacy and new ...

Cybersecurity, Senior (ISSM)

Kettering, OH

$89K - $115K/yr

Provide the PMO/Capability Development Manager (CDM) cybersecurity support per DoDI 8500.01. Support includes assessing and continuously monitoring cybersecurity risk ensuring that legacy and new ...

next page

Showing results 1-20

Cybersecurity Risk Management information

See Ohio salary details

$54.2K

$126.4K

$176.8K

How much do cybersecurity risk management jobs pay per year?

As of Jul 12, 2026, the average yearly pay for cybersecurity risk management in Ohio is $126,407.00, according to ZipRecruiter salary data. Most workers in this role earn between $105,500.00 and $142,600.00 per year, depending on experience, location, and employer.

Can I make $200,000 a year in cyber security?

Cybersecurity risk management professionals can earn $200,000 or more annually, especially with extensive experience, advanced certifications like CISSP or CISM, and roles in senior management or specialized fields. Salary levels vary based on industry, location, and the complexity of the organization's security needs.

What are some common challenges faced by professionals in Cybersecurity Risk Management, and how can they be addressed?

Professionals in Cybersecurity Risk Management often encounter challenges such as keeping up with rapidly evolving cyber threats, balancing security needs with business objectives, and ensuring compliance with industry regulations. Addressing these challenges requires continuous learning, effective communication with stakeholders, and close collaboration with IT, legal, and business teams. Building strong partnerships across departments and investing in ongoing training can help mitigate these obstacles and support proactive risk management.

How much does a cybersecurity risk analyst make?

A cybersecurity risk analyst typically earns between $70,000 and $120,000 annually, depending on experience, certifications, and location. Entry-level positions may start lower, while experienced analysts with certifications like CISSP or CISA can earn higher salaries, especially in high-demand industries.

What is the difference between Cybersecurity Risk Management vs Cybersecurity Analyst?

AspectCybersecurity Risk ManagementCybersecurity Analyst
CertificationsCRISC, CISSP, CISMCompTIA Security+, CEH, CISSP
Work EnvironmentRisk assessment, policy development, strategic planningMonitoring security systems, incident response, vulnerability analysis
Employer & Industry UsageFinancial, healthcare, government, large enterprisesIT departments, cybersecurity firms, corporate security teams

Cybersecurity Risk Management focuses on identifying, assessing, and mitigating security risks at an organizational level, often involving policy creation and strategic planning. In contrast, a Cybersecurity Analyst primarily monitors security systems, responds to incidents, and analyzes vulnerabilities. Both roles require similar certifications but serve different functions within cybersecurity teams.

What are the key skills and qualifications needed to thrive in Cybersecurity Risk Management, and why are they important?

To thrive in Cybersecurity Risk Management, you need a solid understanding of information security principles, risk assessment methodologies, compliance standards, and typically a degree in cybersecurity or a related field. Familiarity with risk management frameworks (such as NIST or ISO 27001), security tools, and professional certifications like CISSP or CRISC is highly valued. Strong analytical thinking, effective communication, and problem-solving skills help professionals translate technical risks for non-technical stakeholders and foster collaboration. These competencies are crucial to proactively identifying threats, managing vulnerabilities, and ensuring organizational resilience in a rapidly evolving digital landscape.

What does a cyber risk manager do?

A cyber risk manager assesses and prioritizes cybersecurity threats to an organization, develops strategies to mitigate risks, and implements security policies. They often use tools like risk assessment frameworks and require certifications such as CISSP or CISM to effectively manage security risks and ensure compliance.

What is cybersecurity risk management?

Cybersecurity risk management is the process of identifying, assessing, and prioritizing risks to an organization's digital assets and information systems. It involves implementing strategies and controls to minimize the impact of potential cyber threats, such as data breaches, malware, and unauthorized access. The goal is to balance security measures with business needs, ensuring sensitive information remains protected while maintaining operational efficiency. Effective risk management is ongoing, adapting to new threats and changes within the organization.

Can you make $500,000 a year in cyber security?

Cybersecurity risk management professionals can potentially earn $500,000 or more annually, especially at senior levels, in leadership roles, or with extensive experience and specialized certifications like CISSP or CISM. High salaries are often associated with executive positions, consulting, or working for large organizations with complex security needs.
What are popular job titles related to Cybersecurity Risk Management jobs in Ohio? For Cybersecurity Risk Management jobs in Ohio, the most frequently searched job titles are:
What job categories do people searching Cybersecurity Risk Management jobs in Ohio look for? The top searched job categories for Cybersecurity Risk Management jobs in Ohio are:
What cities in Ohio are hiring for Cybersecurity Risk Management jobs? Cities in Ohio with the most Cybersecurity Risk Management job openings:
Infographic showing various Cybersecurity Risk Management job openings in Ohio as of July 2026, with employment types broken down into 2% Locum Tenens, 87% Full Time, 9% Part Time, and 2% Contract. Highlights an 79% Physical, 5% Hybrid, and 16% Remote job distribution, with an average salary of $126,407 per year, or $60.8 per hour.
Senior Cybersecurity Governance Specialist

Senior Cybersecurity Governance Specialist

Western & Southern Financial Group

Cincinnati, OH • On-site

Full-time

Re-posted 10 days ago


Western & Southern Financial Group rating

8.9

Company rating: 8.9 out of 10

Based on 8 frontline employees who took The Breakroom Quiz

44th of 281 rated insurance


Job description

Overview

Leads the team in providing strategic security leadership and assurance to business and IT teams for major corporate initiatives and information security projects.  Develops the strategy in how Western & Southern Financial Group (W&SFG) performs risk assessments, security assessments and policy reviews of WSFG systems and third-party vendors to identify areas of noncompliance with established information security standards and regulations.  Manages the recommendations and coaches the team on mitigation strategies and countermeasures.  Provides guidance to IT stakeholders in the evaluation, design or implementation of secure computing environments including vulnerability management.  Works with Cybersecurity Risk Management team in driving improvements in the information security policy framework.  Manages the development, review and monitoring of information security policies and procedures, and develops and communicates improvements.  Identifies and defines overall security requirements for the proper operation and design of business and IT applications to ensure the protection of W&SFG systems and data.  Leads the development of the organization's information security awareness program.  Escalates when needed and updates Director on a regular basis.

Responsibilities

What you will do;

  • Consults and/or executes third-party vendor due diligence security reviews to ensure compliance with information security policy, security procedures and regulatory requirements.  Identifies and reports deficiencies or risks to the appropriate stakeholders.  Follows up with business teams and third parties to escalate issues when necessary.
  • Plans and executes security assessments and penetration testing.  Leads effort to address identified IT audit findings and cybersecurity risks with corrective action plans.  Develops the strategy and drives process/program improvements with IT leadership and compliance teams. Conducts ongoing monitoring of the first-party security posture and performance.  Acts as a liaison with Internal Audit on IT audits.
  • Works with stakeholders to plan, develop and deploy a comprehensive vulnerability management program to govern cybersecurity risk to the enterprise.  Builds effective relationships with stakeholders who own and support applications, IT infrastructure and operations to review exposure to threats and drive risk reduction measures.  Establishes and tracks performance metrics and provides regular updates to IT leadership on the status of the vulnerability management program.
  • Leads efforts with project teams to ensure PMLC/SDLC tollgates are being met for security and that the appropriate security artifacts are being maintained.  Plans and develops strategy to ensure security is incorporated into the PMLC/SDLC.  Makes certain it assesses the protection of information and information systems from unauthorized access, use, disclosure, disruption, modification or destruction in order to provide confidentiality, integrity and availability.  Develops key performance indicators to measure overall effectiveness and reduction of risk.
  • Conducts in-depth research to understand industry best practices, emerging trends and the latest open source methods.  Leads in developing practices and standards that inform design and deliver high-quality solutions that will help address current security challenges and enable new ways of delivering value to the Enterprise.
  • Provides leadership to IT and the business with minimal supervision serving as a technical security consultant. Acts as a key contributor to solve complex business problems and deliver solutions that help avoid risks to corporate network and information assets.  Ensures the appropriate level of controls are applied based on industry standards, best practices and cybersecurity regulations by developing repeatable processes to identify, evaluate, and measure IT security risk.
  • Plans and delivers training and/or mentoring advice to team members and other IT groups on security topics, risk avoidance, and security best practices.
  • Plans and manages the information security policy lifecycle, including policy creation, policy maintenance, policy exception, and policy change requests.  Drives improvement in the overall security policy framework. Leads the effort in working with the business and IT management to ensure that the security policy framework and internal controls are being appropriate followed.  Conducts risk assessments based on policy and control evaluations.
  • Is responsible for the development, review, implementation and maintenance of the organization's information security awareness program.  Leads efforts and collaborates with HR and Corporate Communication teams to deliver security training and security awareness to associates and consultants. Develops and executes security training and awareness strategy.
  • Helps manage the remediation of audit and security review findings and recommendations.
  • Performs other duties as assigned.
  • Complies with all policies and standards.
Qualifications
  • Bachelor's Degree

In computer science, computer engineering, IT or a related technical field, or commensurate selection criteria experience.

  • Demonstrated extensive experience in the areas of information security governance and third-party risk management.
  • Proven ability to influence and drive risk reduction measures within IT and across reporting structures.
  • Demonstrated understanding of the current security threats, techniques, vulnerabilities, response and mitigation strategies used in cybersecurity.
  • Proven extensive experience working with IT risk and compliance frameworks such as NIST (preferred), ISO, COBIT, COSO, COBIT, etc.
  • Demonstrated extensive experience working with best practices and industry cybersecurity regulations including NY DFS, HIPAA, and PCI.
  • Demonstrated experience with information security, security awareness, and risk assessment and mitigation concepts, methodologies, and processes.
  • Demonstrated experience in completing assigned tasks accurately and on a timely basis.
  • Proven ability to identify and assess the severity and potential impact of risks.
  • Proven inherent passion for information security and service excellence.
  • Demonstrated ability to identify project risks and gaps, developing creative and workable solutions to complex problems and policy issues.
  • Proven strong team player - collaborates well with others to solve problems and actively incorporate input from various sources.
  • Demonstrated strong analytical and problem-solving skills with the ability to grasp new concepts and apply them; effectively evaluates information/data to make decisions; anticipates obstacles and develops plans to resolve.
  • Proven excellent verbal and written communication skills with ability to convey information to internal and external customers in a clear, focused and concise manner.
  • Demonstrated calm and professional demeanor when handling demanding situations.
  • Proven ability to work with a team and multiple stakeholders to provide direction and oversight.
  • Demonstrated self-starter with strong internal motivation.
  • Proven ability to work under multiple deadlines and with minimal supervision.
  • Basic computer, network, and system knowledge and skills with a thorough understanding of security controls.
  • Strong proficiency in the use of Microsoft Office, particularly Word, Excel and PowerPoint.
  • Certified Information Systems Security Professional (CISSP), any GIAC certification or ISACA certifications-preferred

Work Setting/Position Demands:

  • Works in an office setting and remains in a stationary position for long periods of time while working at a desk, on a computer or with other standard office equipment, or while in meetings.
  • Requires the ability to verbally communicate and exchange accurate information to customers and associates on a regular basis.
  • Requires visual acuity to read and interpret a variety of correspondence, procedures, reports and forms via paper and electronic documents, visual inspection involving small defects; small parts, and/or operation of machinery (including inspection); using measurement devices continuously. Visual acuity is required to determine accuracy, neatness, and thoroughness of work assigned.
  • Requires the ability to prepare written correspondence, reports and forms using prescribed formats and conforming to rules of punctuation, grammar, diction, and style on a regular basis.
  • Requires the ability to apply principles of logical thinking to define problems, collect data, establish facts, and draw valid conclusions
  • Performs substantial movement of wrists, hands, and fingers for continuous computer work.
  • Extended hours required during peak workloads or special projects/events.

Travel Requirements:

  • Occasional travel may be required.
Employment Type: FULL_TIME

What Western & Southern Financial Group employees say

Pay

Benefits

Hours and flexibility

Workplace

Get the full story on Breakroom