1

Cybersecurity Risk Management Jobs in Brea, CA (NOW HIRING)

Sr. Cybersecurity GRC Manager

Irvine, CA · On-site

$119K - $161K/yr

Strong knowledge of Information Security risk management frameworks, Governance, Risk, and ... Cybersecurity Regulation, PCI-DSS, FFIEC, SOX, and other relevant laws and regulations Strong ...

Cybersecurity risk management frameworks including NIST RMF, secure system development lifecycle (SDLC), and mission assurance methodologies. * Experience supporting cybersecurity assessments ...

next page

Showing results 1-20

Cybersecurity Risk Management information

See Brea, CA salary details

$59K

$137.7K

$192.7K

How much do cybersecurity risk management jobs pay per year?

As of Jul 1, 2026, the average yearly pay for cybersecurity risk management in Brea, CA is $137,730.00, according to ZipRecruiter salary data. Most workers in this role earn between $115,000.00 and $155,400.00 per year, depending on experience, location, and employer.

Can I make $200,000 a year in cyber security?

Cybersecurity risk management professionals can earn $200,000 or more annually, especially with extensive experience, advanced certifications like CISSP or CISM, and roles in senior management or specialized fields. Salary levels vary based on industry, location, and the complexity of the organization's security needs.

What are some common challenges faced by professionals in Cybersecurity Risk Management, and how can they be addressed?

Professionals in Cybersecurity Risk Management often encounter challenges such as keeping up with rapidly evolving cyber threats, balancing security needs with business objectives, and ensuring compliance with industry regulations. Addressing these challenges requires continuous learning, effective communication with stakeholders, and close collaboration with IT, legal, and business teams. Building strong partnerships across departments and investing in ongoing training can help mitigate these obstacles and support proactive risk management.

How much does a cybersecurity risk analyst make?

A cybersecurity risk analyst typically earns between $70,000 and $120,000 annually, depending on experience, certifications, and location. Entry-level positions may start lower, while experienced analysts with certifications like CISSP or CISA can earn higher salaries, especially in high-demand industries.

What is the difference between Cybersecurity Risk Management vs Cybersecurity Analyst?

AspectCybersecurity Risk ManagementCybersecurity Analyst
CertificationsCRISC, CISSP, CISMCompTIA Security+, CEH, CISSP
Work EnvironmentRisk assessment, policy development, strategic planningMonitoring security systems, incident response, vulnerability analysis
Employer & Industry UsageFinancial, healthcare, government, large enterprisesIT departments, cybersecurity firms, corporate security teams

Cybersecurity Risk Management focuses on identifying, assessing, and mitigating security risks at an organizational level, often involving policy creation and strategic planning. In contrast, a Cybersecurity Analyst primarily monitors security systems, responds to incidents, and analyzes vulnerabilities. Both roles require similar certifications but serve different functions within cybersecurity teams.

What are the key skills and qualifications needed to thrive in Cybersecurity Risk Management, and why are they important?

To thrive in Cybersecurity Risk Management, you need a solid understanding of information security principles, risk assessment methodologies, compliance standards, and typically a degree in cybersecurity or a related field. Familiarity with risk management frameworks (such as NIST or ISO 27001), security tools, and professional certifications like CISSP or CRISC is highly valued. Strong analytical thinking, effective communication, and problem-solving skills help professionals translate technical risks for non-technical stakeholders and foster collaboration. These competencies are crucial to proactively identifying threats, managing vulnerabilities, and ensuring organizational resilience in a rapidly evolving digital landscape.

What does a cyber risk manager do?

A cyber risk manager assesses and prioritizes cybersecurity threats to an organization, develops strategies to mitigate risks, and implements security policies. They often use tools like risk assessment frameworks and require certifications such as CISSP or CISM to effectively manage security risks and ensure compliance.

What is cybersecurity risk management?

Cybersecurity risk management is the process of identifying, assessing, and prioritizing risks to an organization's digital assets and information systems. It involves implementing strategies and controls to minimize the impact of potential cyber threats, such as data breaches, malware, and unauthorized access. The goal is to balance security measures with business needs, ensuring sensitive information remains protected while maintaining operational efficiency. Effective risk management is ongoing, adapting to new threats and changes within the organization.

Can you make $500,000 a year in cyber security?

Cybersecurity risk management professionals can potentially earn $500,000 or more annually, especially at senior levels, in leadership roles, or with extensive experience and specialized certifications like CISSP or CISM. High salaries are often associated with executive positions, consulting, or working for large organizations with complex security needs.
What are popular job titles related to Cybersecurity Risk Management jobs in Brea, CA? For Cybersecurity Risk Management jobs in Brea, CA, the most frequently searched job titles are:
What job categories do people searching Cybersecurity Risk Management jobs in Brea, CA look for? The top searched job categories for Cybersecurity Risk Management jobs in Brea, CA are:
What cities near Brea, CA are hiring for Cybersecurity Risk Management jobs? Cities near Brea, CA with the most Cybersecurity Risk Management job openings:
Medical Device Cybersecurity Risk Specialist

Medical Device Cybersecurity Risk Specialist

Diverse Lynx

Irvine, CA • On-site

Full-time

Posted 8 days ago


Key responsibilities

  • Develop, maintain, and improve the cybersecurity risk management program for medical devices.

  • Perform qualitative and quantitative risk assessments and analyze medical device cybersecurity vulnerabilities to determine impact and likelihood.

  • Collaborate with internal teams and vendors to identify, validate, and track risk mitigation strategies and alternative risk treatment options.


Job description

Job Summary:
Diverse Lynx is seeking a Medical Device Cybersecurity Risk Specialist to enhance their cybersecurity risk management program. The role involves conducting risk assessments, analyzing vulnerabilities, and collaborating with internal teams and vendors to implement effective risk mitigation strategies.
Responsibilities:
• Develop, maintain, and continuously improve the organization’s cybersecurity risk management program, with emphasis on practical and sustainable risk reduction.
• Perform qualitative and quantitative risk assessments for systems, projects, vendors, healthcare technologies, and business processes.
• Analyze medical device cybersecurity vulnerabilities, penetration testing findings, and technical risks to determine impact, likelihood, and patient/business impact.
• Partner with internal teams, vendors, and business owners to identify, validate, and track approved mitigation strategies and alternative risk treatment options where needed.
• Maintain accurate and up-to-date risk registers, risk treatment plans, issue logs, and risk dashboards.
• Support the selection, implementation, and validation of technical, administrative, and procedural security controls.
• Provide cybersecurity and risk management input into projects, cloud initiatives, system integrations, device onboarding, and service changes.
• Coordinate and support third-party/vendor risk assessments, follow-up actions, and remediation closure tracking.
• Translate technical cybersecurity issues into clear business impact statements and communicate them effectively to leadership and non-technical stakeholders.
• Produce recurring risk posture reports, trends, metrics, and remediation summaries for management and governance forums.
• Support incident response activities and perform post-incident risk analysis to identify lessons learned and strengthen controls.
• Promote a strong security and risk-aware culture by engaging with stakeholders, educating teams, and encouraging proactive risk identification.
• Collaborate effectively across cybersecurity, engineering, quality, clinical/biomedical, IT, and vendor teams to ensure balanced decision-making that protects both operations and patient safety.
• Stay current on evolving cybersecurity threats, healthcare technology risks, and relevant compliance expectations.
Qualifications:
Required:
• Strong understanding of information security risk management frameworks such as NIST CSF, ISO 27001 / 27005, FAIR, and COSO.
• Hands-on experience in conducting cybersecurity risk assessments, threat modeling, and evaluating risks across systems, vendors, projects, and business processes.
• Solid knowledge of medical device cybersecurity, including vulnerability analysis, security risk mitigation, and patient safety considerations.
• Familiarity with medical device integration, healthcare application ecosystems, and interactions with EHR systems and third-party healthcare vendor applications.
• Understanding of common cybersecurity controls including network security, endpoint protection, identity and access management, encryption, logging/monitoring, and secure system configuration.
• Experience reviewing penetration testing findings, identifying practical mitigation options, and validating remediation approaches in partnership with vendors or technical teams.
• Ability to maintain and manage risk registers, risk treatment plans, dashboards, and remediation tracking mechanisms using GRC platforms or structured spreadsheet-based tools.
• Working knowledge of cloud security, security operations, and cybersecurity input into SDLC, infrastructure changes, and new service introductions.
• Familiarity with regulatory and compliance expectations relevant to healthcare and medical devices, including cybersecurity documentation and risk-based decision-making.
• Ability to research emerging threats, assess business relevance, and proactively recommend risk reduction actions.
Preferred:
• Exposure to Agile / Scrum methodologies and cross-functional project execution is highly desirable.
Company:
Diverse Lynx is a WBENC- and NMSDC-certified partner, helping organizations turn diversity goals into measurable impact through staffing and contingent workforce solutions. Founded in 2002, the company is headquartered in Princeton, New Jersey, US, , with a team of 1001-5000 employees. The company is currently Late Stage.

Diverse Lynx logo

About Diverse Lynx

Sourced by ZipRecruiter

Diverse Lynx, based in Princeton, NJ, US, is a reputable company in the Information Technology sector. The firm, as reflected through its website diverselynx.com, specializes in delivering comprehensive IT solutions. These solutions range from IT consulting to robust digital transformation strategies, IT staffing, and full-time placements services. The company was established in 2008, and it prides itself on providing simplified, efficient technology solutions designed to meet the unique needs of each client.

Industry

It services

Company size

51 - 200 Employees

Headquarters location

Princeton, NJ, US

Year founded

2002

Social media