1

Cybersecurity Risk Management Jobs in Naperville, IL

You have "zero-to-one" marketing experience in a B2B cybersecurity, risk, compliance, or GRC ... Deep familiarity with supply chain risk, third-party risk management (TPRM), or highly regulated ...

You have "zero-to-one" marketing experience in a B2B cybersecurity, risk, compliance, or GRC ... Deep familiarity with supply chain risk, third-party risk management (TPRM), or highly regulated ...

Senior Cyber Risk Analyst

Chicago, IL ยท Hybrid

$110K - $130K/yr

Deep understanding of cybersecurity principles, threat landscapes, and control frameworks (e.g., NIST CSF, NIST 800-53, ISO 27001, HITRUST). * Risk Management Mastery: Proven track record of building ...

Senior Cyber Risk Analyst

Chicago, IL ยท On-site

$110K - $130K/yr

Deep understanding of cybersecurity principles, threat landscapes, and control frameworks (e.g., NIST CSF, NIST 800-53, ISO 27001, HITRUST). * Risk Management Mastery: Proven track record of building ...

Senior Manager of IT

Schaumburg, IL ยท Hybrid

$128K - $129K/yr

Solid understanding of cybersecurity, risk management, and IT governance. * Master's degree preferred. What We're Looking For * Strategic thinker who can balance long-term planning with hands-on ...

Apply Early

Senior Manager of IT

Schaumburg, IL ยท On-site

$128K - $129K/yr

Solid understanding of cybersecurity, risk management, and IT governance. * Master's degree preferred. What We're Looking For * Strategic thinker who can balance long-term planning with hands-on ...

Cybersecurity risk and maturity assessments * Security standards assessments and readiness support ... Demonstrates excellent time management and organization skills * Approximately 25% overnight travel ...

Cybersecurity GRC Compliance Lead

Chicago, IL ยท On-site

$83K - $141K/yr

The Cybersecurity GRC Compliance Lead will act as a subject matter expert in the delivery of the ... Strong knowledge of cyber regulations, risk management frameworks, and methodologies. * Strategic ...

Cybersecurity GRC Compliance Lead

Chicago, IL ยท On-site

$83K - $141K/yr

The Cybersecurity GRC Compliance Lead will act as a subject matter expert in the delivery of the ... Strong knowledge of cyber regulations, risk management frameworks, and methodologies. * Strategic ...

Cybersecurity GRC Compliance Lead

Chicago, IL ยท On-site

$83K - $141K/yr

The Cybersecurity GRC Compliance Lead will act as a subject matter expert in the delivery of the ... Strong knowledge of cyber regulations, risk management frameworks, and methodologies. * Strategic ...

next page

Showing results 1-20

Cybersecurity Risk Management information

See Naperville, IL salary details

$57K

$132.8K

$185.8K

How much do cybersecurity risk management jobs pay per year?

As of Jul 7, 2026, the average yearly pay for cybersecurity risk management in Naperville, IL is $132,845.00, according to ZipRecruiter salary data. Most workers in this role earn between $110,900.00 and $149,900.00 per year, depending on experience, location, and employer.

Can I make $200,000 a year in cyber security?

Cybersecurity risk management professionals can earn $200,000 or more annually, especially with extensive experience, advanced certifications like CISSP or CISM, and roles in senior management or specialized fields. Salary levels vary based on industry, location, and the complexity of the organization's security needs.

What are some common challenges faced by professionals in Cybersecurity Risk Management, and how can they be addressed?

Professionals in Cybersecurity Risk Management often encounter challenges such as keeping up with rapidly evolving cyber threats, balancing security needs with business objectives, and ensuring compliance with industry regulations. Addressing these challenges requires continuous learning, effective communication with stakeholders, and close collaboration with IT, legal, and business teams. Building strong partnerships across departments and investing in ongoing training can help mitigate these obstacles and support proactive risk management.

How much does a cybersecurity risk analyst make?

A cybersecurity risk analyst typically earns between $70,000 and $120,000 annually, depending on experience, certifications, and location. Entry-level positions may start lower, while experienced analysts with certifications like CISSP or CISA can earn higher salaries, especially in high-demand industries.

What is the difference between Cybersecurity Risk Management vs Cybersecurity Analyst?

AspectCybersecurity Risk ManagementCybersecurity Analyst
CertificationsCRISC, CISSP, CISMCompTIA Security+, CEH, CISSP
Work EnvironmentRisk assessment, policy development, strategic planningMonitoring security systems, incident response, vulnerability analysis
Employer & Industry UsageFinancial, healthcare, government, large enterprisesIT departments, cybersecurity firms, corporate security teams

Cybersecurity Risk Management focuses on identifying, assessing, and mitigating security risks at an organizational level, often involving policy creation and strategic planning. In contrast, a Cybersecurity Analyst primarily monitors security systems, responds to incidents, and analyzes vulnerabilities. Both roles require similar certifications but serve different functions within cybersecurity teams.

What are the key skills and qualifications needed to thrive in Cybersecurity Risk Management, and why are they important?

To thrive in Cybersecurity Risk Management, you need a solid understanding of information security principles, risk assessment methodologies, compliance standards, and typically a degree in cybersecurity or a related field. Familiarity with risk management frameworks (such as NIST or ISO 27001), security tools, and professional certifications like CISSP or CRISC is highly valued. Strong analytical thinking, effective communication, and problem-solving skills help professionals translate technical risks for non-technical stakeholders and foster collaboration. These competencies are crucial to proactively identifying threats, managing vulnerabilities, and ensuring organizational resilience in a rapidly evolving digital landscape.

What does a cyber risk manager do?

A cyber risk manager assesses and prioritizes cybersecurity threats to an organization, develops strategies to mitigate risks, and implements security policies. They often use tools like risk assessment frameworks and require certifications such as CISSP or CISM to effectively manage security risks and ensure compliance.

What is cybersecurity risk management?

Cybersecurity risk management is the process of identifying, assessing, and prioritizing risks to an organization's digital assets and information systems. It involves implementing strategies and controls to minimize the impact of potential cyber threats, such as data breaches, malware, and unauthorized access. The goal is to balance security measures with business needs, ensuring sensitive information remains protected while maintaining operational efficiency. Effective risk management is ongoing, adapting to new threats and changes within the organization.

Can you make $500,000 a year in cyber security?

Cybersecurity risk management professionals can potentially earn $500,000 or more annually, especially at senior levels, in leadership roles, or with extensive experience and specialized certifications like CISSP or CISM. High salaries are often associated with executive positions, consulting, or working for large organizations with complex security needs.
What are popular job titles related to Cybersecurity Risk Management jobs in Naperville, IL? For Cybersecurity Risk Management jobs in Naperville, IL, the most frequently searched job titles are:
What cities near Naperville, IL are hiring for Cybersecurity Risk Management jobs? Cities near Naperville, IL with the most Cybersecurity Risk Management job openings:
Identity Security Posture Management (ISPM) Specialist

Identity Security Posture Management (ISPM) Specialist

Kemper

Downers Grove, IL โ€ข On-site

$98K - $131K/yr

Full-time

Medical, Dental, Vision, Retirement, PTO

Posted 10 days ago


Job description

Location(s)

Dallas, Texas, Jacksonville, Florida, P&C-Butterfield Road-Downers Grove-IL-AAC

Details

Kemper is one of the nation's leading specialized insurers. Our success is a direct reflection of the talented and diverse people who make a positive difference in the lives of our customers every day. We believe a high-performing culture, valuable opportunities for personal development and professional challenge, and a healthy work-life balance can be highly motivating and productive. Kemper's products and services are making a real difference to our customers, who have unique and evolving needs. By joining our team, you are helping to provide an experience to our stakeholders that delivers on our promises.

Manages and matures our identity security posture-executes continuously monitoring and remediating identity risk and access exposure across IAM/IGA/PAM-reducing breach likelihood and audit/compliance risk. The Identity Security Posture Management (ISPM) Specialist is responsible for improving the organization's identity security posture by continuously identifying, prioritizing, and driving remediation of identity-related exposures across the enterprise. This role partners with Account Operations, IGA, PAM, Cybersecurity Operations, IT infrastructure, and application owners to reduce identity attack paths, strengthen privileged access controls, and produce measurable risk reduction aligned to regulatory and audit expectations

Responsibilities:

  • Identity posture monitoring & exposure management
  • Operate and mature the Identity Security Posture Management capability (ISPM) to discover identity exposures across Identity Providers (e.g., Entra ID/AD), SaaS applications, cloud environments, and critical business systems.
  • Identify and track identity security issues such as excessive privileges, dormant accounts, misconfigured admin roles, weak authentication enforcement, privilege escalation paths, and risky third-party access.
  • Maintain an Identity Exposure Register with severity, business impact, owner, remediation plan, and due dates; enforce SLA-based remediation for critical findings.
  • Risk prioritization & remediation orchestration
  • Triage and prioritize findings using risk-based methods (e.g., likelihood/impact, exploitability, business criticality).
  • Coordinate remediation with system owners: role redesign, least privilege enforcement, MFA coverage improvements, privileged role controls, conditional access, and entitlement clean-up.
  • Drive reduction of inappropriate combinations and segmentation-of-duties issues where relevant.
  • Controls, audit, and compliance enablement

  • Provide evidence to support identity-related controls (e.g., privileged access governance, MFA enforcement, access review/UAR posture, joiner-mover-leaver quality, service account governance).
  • Produce audit-ready reporting and artifacts for internal audit and external auditors (SOX/ITGC/GITC reliance, regulator exams).
  • Ensure posture findings are connected to policy/standard requirements and tracked through governance workflows.
  • Telemetry, metrics, and executive reporting
  • Build and maintain ISPM dashboards and KRIs (e.g., privileged role sprawl, stale privileged accounts, MFA coverage, high-risk entitlements, remediation cycle time).
  • Present posture trends and remediation progress to Identity Security & Governance leadership and stakeholders (CISO org, IT, app owners).
  • Integration & automation

  • Partner with engineering teams to integrate ISPM insights with ticketing/workflow tools (e.g., Axonius, ServiceNow/Jira), SIEM/SOAR, IGA (e.g., SailPoint), and PAM (e.g., CyberArk).
  • Automate repeatable posture checks where possible (APIs, scripts, scheduled reports), and document repeatable playbooks/runbooks.
  • Collaboration & stakeholder enablement

  • Act as a trusted advisor to application and infrastructure teams on identity security best practices (least privilege, role design, privileged access, authentication hardening).
  • Contribute to identity governance operating procedures, playbooks, and standard updates.

Job Requirements

  • Bachelor's degree or an equivalent mix of education and experience in Information Cyber Security, Risk Management and Governance Risk and Compliance.
  • 7+ years of relevant experience in third-party cyber and data risk management and conducting third-party cyber and data risk assessments.
  • Experience with reviewing and negotiating cyber and data security contract language.
  • Expert knowledge of cyber and data security and risk disciplines and practices.
  • Advanced knowledge of technology controls, security, and risk issues.
  • Strong eye for detail and ability to successfully manage and conduct third-party cyber and data assessments, gather evidence, and coordinate risk remediation responses.
  • A team player with strong collaboration skills and the ability to work with minimal supervision.
  • Ability to leverage strong verbal, written communication skills to collaborate with cross-functional teams.
  • Strong analytical and problem-solving skills capable of managing projects that drive business objectives.
  • Demonstrated ability to participate in complex, comprehensive or large projects and initiatives.
  • Ability to serve as a lead expert resource in technology controls and information security for project teams, the business, organization, and outside vendors.
  • 5+ years in identity security, IAM/IGA, security operations, or security risk management with hands-on exposure to identity platforms.
  • Working knowledge of identity concepts: authentication, authorization, RBAC/ABAC, privileged access, service accounts, identity lifecycle, entitlement models, and access reviews.
  • Experience interpreting identity-related findings and coordinating remediation with technical and business stakeholders.
  • Familiarity with at least two of the following areas: Entra ID/Azure AD, Active Directory, SailPoint (or equivalent IGA), CyberArk (or equivalent PAM), AWS/Azure identity constructs, common SaaS admin models.
  • Strong documentation and reporting skills (evidence packs, dashboards, executive-ready summaries).

Preferred Qualifications

  • Experience with ISPM/identity exposure tooling (identity threat detection, entitlement risk, posture management, attack path analysis).
  • Experience in regulated industries (insurance, financial services, healthcare) and audit support (SOX/ITGC, NYDFS, GLBA).Practical automation skills (PowerShell, Python, KQL, APIs) to streamline posture checks and reporting.
  • Certifications (nice to have): Security+, SSCP, CISSP (or associate), GIAC IAM-related, Microsoft/AWS security certifications.


Key Competencies

  • Risk-based prioritization; analytical thinking; stakeholder management
  • Strong written communication; evidence discipline
  • Operational rigor (tracking, SLAs, follow-through)
  • Ability to translate technical identity findings into business risk

This position is a hybrid role that sits in either our Downers Grove, IL, Dallas, TX or Jacksonville, FL office locations

The base range for this position is $89,000 to $148,100. When determining candidate offers, we consider experience, skills, education, certifications, and geographic location among other factors. This job is eligible for an annual discretionary bonus, equity, and Kemper benefits (Medical, Dental, Vision, PTO, 401k, etc.)

Kemper is proud to be an equal opportunity employer. All applicants will be considered for employment without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran, disability status or any other status protected by the laws or regulations in the locations where we operate. We are committed to supporting diversity and equality across our organization and we work diligently to maintain a workplace free from discrimination.

Kemper does not accept unsolicited resumes through or from search firms or staffing agencies. All unsolicited resumes will be considered the property of Kemper and Kemper will not be obligated to pay a placement fee.

Kemper will never request personal information, such as your social security number or banking information, via text or email. Additionally, Kemper does not use external messaging applications like WireApp or Skype to communicate with candidates. If you receive such a message, delete it.

#LI-AK