1

Cybersecurity Risk Management Jobs in Baltimore, MD

Cyber Security Manager (Remote)

Baltimore, MD · Remote

$110K - $149K/yr

Risk Management * Oversee cybersecurity risk assessments, including application, infrastructure, cloud, data, and third-party risks. * Maintain cybersecurity risk registers, policy exception and risk ...

Familiarity with Risk Management Framework (RMF) and DoD cybersecurity policies including DODI 8500.01 and DODI 8510.01 * Relevant certifications such as CISSP, CISM, PMP, ITIL, or CGEIT * Minimum 5 ...

Cybersecurity Task Lead

Linthicum, MD · On-site

$109K - $148K/yr

Familiarity with Risk Management Framework (RMF) and DoD cybersecurity policies including DODI 8500.01 and DODI 8510.01 * Relevant certifications such as CISSP, CISM, PMP, ITIL, or CGEIT * Minimum 5 ...

Cybersecurity Task Lead

Linthicum, MD · On-site

$109K - $148K/yr

Familiarity with Risk Management Framework (RMF) and DoD cybersecurity policies including DODI 8500.01 and DODI 8510.01 * Relevant certifications such as CISSP, CISM, PMP, ITIL, or CGEIT * Minimum 5 ...

Sr. Cybersecurity Architect

Baltimore, MD · On-site +1

$140K - $160K/yr

Serve as a senior technical advisor supporting security and privacy initiatives across emerging technology, cyber risk management, Zero Trust, and cybersecurity readiness efforts * Research, evaluate ...

next page

Showing results 1-20

Cybersecurity Risk Management information

See Baltimore, MD salary details

$56.6K

$132.1K

$184.8K

How much do cybersecurity risk management jobs pay per year?

As of Jul 11, 2026, the average yearly pay for cybersecurity risk management in Baltimore, MD is $132,110.00, according to ZipRecruiter salary data. Most workers in this role earn between $110,300.00 and $149,000.00 per year, depending on experience, location, and employer.

Can I make $200,000 a year in cyber security?

Cybersecurity risk management professionals can earn $200,000 or more annually, especially with extensive experience, advanced certifications like CISSP or CISM, and roles in senior management or specialized fields. Salary levels vary based on industry, location, and the complexity of the organization's security needs.

What are some common challenges faced by professionals in Cybersecurity Risk Management, and how can they be addressed?

Professionals in Cybersecurity Risk Management often encounter challenges such as keeping up with rapidly evolving cyber threats, balancing security needs with business objectives, and ensuring compliance with industry regulations. Addressing these challenges requires continuous learning, effective communication with stakeholders, and close collaboration with IT, legal, and business teams. Building strong partnerships across departments and investing in ongoing training can help mitigate these obstacles and support proactive risk management.

How much does a cybersecurity risk analyst make?

A cybersecurity risk analyst typically earns between $70,000 and $120,000 annually, depending on experience, certifications, and location. Entry-level positions may start lower, while experienced analysts with certifications like CISSP or CISA can earn higher salaries, especially in high-demand industries.

What is the difference between Cybersecurity Risk Management vs Cybersecurity Analyst?

AspectCybersecurity Risk ManagementCybersecurity Analyst
CertificationsCRISC, CISSP, CISMCompTIA Security+, CEH, CISSP
Work EnvironmentRisk assessment, policy development, strategic planningMonitoring security systems, incident response, vulnerability analysis
Employer & Industry UsageFinancial, healthcare, government, large enterprisesIT departments, cybersecurity firms, corporate security teams

Cybersecurity Risk Management focuses on identifying, assessing, and mitigating security risks at an organizational level, often involving policy creation and strategic planning. In contrast, a Cybersecurity Analyst primarily monitors security systems, responds to incidents, and analyzes vulnerabilities. Both roles require similar certifications but serve different functions within cybersecurity teams.

What are the key skills and qualifications needed to thrive in Cybersecurity Risk Management, and why are they important?

To thrive in Cybersecurity Risk Management, you need a solid understanding of information security principles, risk assessment methodologies, compliance standards, and typically a degree in cybersecurity or a related field. Familiarity with risk management frameworks (such as NIST or ISO 27001), security tools, and professional certifications like CISSP or CRISC is highly valued. Strong analytical thinking, effective communication, and problem-solving skills help professionals translate technical risks for non-technical stakeholders and foster collaboration. These competencies are crucial to proactively identifying threats, managing vulnerabilities, and ensuring organizational resilience in a rapidly evolving digital landscape.

What does a cyber risk manager do?

A cyber risk manager assesses and prioritizes cybersecurity threats to an organization, develops strategies to mitigate risks, and implements security policies. They often use tools like risk assessment frameworks and require certifications such as CISSP or CISM to effectively manage security risks and ensure compliance.

What is cybersecurity risk management?

Cybersecurity risk management is the process of identifying, assessing, and prioritizing risks to an organization's digital assets and information systems. It involves implementing strategies and controls to minimize the impact of potential cyber threats, such as data breaches, malware, and unauthorized access. The goal is to balance security measures with business needs, ensuring sensitive information remains protected while maintaining operational efficiency. Effective risk management is ongoing, adapting to new threats and changes within the organization.

Can you make $500,000 a year in cyber security?

Cybersecurity risk management professionals can potentially earn $500,000 or more annually, especially at senior levels, in leadership roles, or with extensive experience and specialized certifications like CISSP or CISM. High salaries are often associated with executive positions, consulting, or working for large organizations with complex security needs.
What are popular job titles related to Cybersecurity Risk Management jobs in Baltimore, MD? For Cybersecurity Risk Management jobs in Baltimore, MD, the most frequently searched job titles are:
What job categories do people searching Cybersecurity Risk Management jobs in Baltimore, MD look for? The top searched job categories for Cybersecurity Risk Management jobs in Baltimore, MD are:
What cities near Baltimore, MD are hiring for Cybersecurity Risk Management jobs? Cities near Baltimore, MD with the most Cybersecurity Risk Management job openings:
Infographic showing various Cybersecurity Risk Management job openings in Baltimore, MD as of July 2026, with employment types broken down into 67% Full Time, and 33% Contract. Highlights an 100% In-person job distribution, with an average salary of $132,110 per year, or $63.5 per hour.
Cyber Security Manager (Remote)

Cyber Security Manager (Remote)

CareFirst

Baltimore, MD • Remote

$110K - $149K/yr

Other

Retirement

Posted 14 days ago


CareFirst BlueCross BlueShield rating

7.3

Company rating: 7.3 out of 10

Based on 31 frontline employees who took The Breakroom Quiz

219th of 281 rated insurance


Job description

Resp & Qualifications

PURPOSE: 
The Manager, Cybersecurity Governance, Risk & Compliance (GRC) is responsible for leading and executing the organizations cybersecurity risk management, governance, and compliance programs. This role ensures alignment with regulatory requirements, industry standards, and internal policies while enabling the business to manage cyber risk effectively. The Manager partners closely with technology, legal, privacy, audit, and business leaders to identify, assess, mitigate, and report cybersecurity risks. This position includes direct people leadership and plays a critical role in maturing cybersecurity risk management practices across the enterprise. The Manager is also responsible for planning, monitoring, and managing the organizations budget to ensure strategic alignment and fiscal responsibility

ESSENTIAL FUNCTIONS:

Governance & Program Leadership

  • Lead the development, implementation, and ongoing maturity of the cybersecurity governance, risk, and compliance program.
  • Establish and maintain cybersecurity policies, standards, procedures, and control frameworks aligned with business objectives.
  • Serve as a trusted advisor to technology and business stakeholders on cybersecurity risk and control effectiveness.

Risk Management

  • Oversee cybersecurity risk assessments, including application, infrastructure, cloud, data, and third-party risks.
  • Maintain cybersecurity risk registers, policy exception and risk acceptance processes, and remediation tracking.
  • Partner with business and technology teams to develop practical risk mitigation strategies aligned to organizational risk appetite.
  • Monitor emerging cyber threats, regulatory changes, and industry trends to proactively adjust risk posture.

Compliance & Regulatory Alignment

  • Ensure compliance with applicable regulations and frameworks such as NIST (800-53, 800171, CSF), HIPAA, HITRUST, SOC, ISO 27001, and other relevant standards.
  • Support internal and external audits and assessments, including evidence collection, issue management, and remediation validation.
  • Act as a primary point of coordination for cybersecurity related regulatory and assurance activities.

Third-party Risk Management

  • Lead or support third-party cybersecurity risk assessments, including review of SOC reports, vendor questionnaires, and other security attestations.
  • Partner with procurement, legal, and business teams to ensure appropriate cybersecurity requirements are embedded into vendor engagements.

Metrics, Reporting & Continuous Improvement

  • Define and maintain key risk and compliance metrics and dashboards to measure program effectiveness.
  • Prepare clear, concise risk reporting for senior leadership and governance forums.
  • Drive continuous improvement through process optimization, automation, and use of GRC tooling.

People Leadership

  • Lead, mentor, and develop a team of cybersecurity risk and compliance professionals.
  • Set priorities, manage workload, and support professional growth and performance management.
  • Foster a collaborative, accountable, and results driven team culture.

SUPERVISORY RESPONSIBILITY:
This position manages people.

QUALIFICATIONS:

Education Level: Bachelor's Degree in Computer Science, Information Technology, or related field OR in lieu of a Bachelor's degree, an additional 4 years of relevant work experience is required in addition to the required work experience.
Experience: 

  • 5 years Related professional experience.
  • 1 year Supervisory experience or demonstrated progressive leadership experience.

 Preferred Qualifications:

  • Masters Degree

Knowledge, Skills and Abilities (KSAs)

  • Ability to multitask and manage multiple relationships. 
  • Ability to lead and work as part of a team.
  • Ability to execute technology and tool automation processes.
  • Deep knowledge of risk treatment and mitigation strategies.
  • Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity.
  • Thorough understanding of cyber threats and vulnerabilities.
  • Must be able to meet established deadlines and handle multiple customer service demands from internal and external customers, within set expectations for service excellence. Must be able to effectively communicate and provide positive customer service to every internal and external customer, including customers who may be demanding or otherwise challenging.
  • Proven experience leading a large multidisciplinary organization.
  • Proven experience leading the endtoend implementation of an enterprise GRC tool, including requirements gathering, configuration, integration with existing systems, user training, and ongoing optimization.
     

Salary Range: 146,560 - 272,052


Salary Range Disclaimer

The disclosed range estimate has not been adjusted for the applicable geographic differential associated with the location at which the work is being performed. This compensation range is specific and considers factors such as (but not limited to) the scope and responsibilities of the position, the candidate's work experience, education/training, internal peer equity, and market and business consideration. It is not typical for an individual to be hired at the top of the range, as compensation decisions depend on each case's facts and circumstances, including but not limited to experience, internal equity, and location. In addition to your compensation, CareFirst offers a comprehensive benefits package, various incentive programs/plans, and 401k contribution programs/plans (all benefits/incentives are subject to eligibility requirements).

Department

Cybersecurity Governance

Equal Employment Opportunity

CareFirst BlueCross BlueShield is an Equal Opportunity (EEO) employer.  It is the policy of the Company to provide equal employment opportunities to all qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veteran or disabled status, or genetic information.

Where To Apply

Please visit our website to apply: www.carefirst.com/careers

Federal Disc/Physical Demand

Note:  The incumbent is required to immediately disclose any debarment, exclusion, or other event that makes him/her ineligible to perform work directly or indirectly on Federal health care programs.

PHYSICAL DEMANDS:

The associate is primarily seated while performing the duties of the position.  Occasional walking or standing is required.  The hands are regularly used to write, type, key and handle or feel small controls and objects.  The associate must frequently talk and hear.  Weights up to 25 pounds are occasionally lifted.

Sponsorship in US

Must be eligible to work in the U.S. without Sponsorship

#LI-MK1 


What CareFirst BlueCross BlueShield employees say

Pay

Benefits

Hours and flexibility

Workplace

Get the full story on Breakroom