ZipRecruiter

Log In

1

Cybersecurity Risk Management Jobs in Raleigh, NC

Varsity Tutors

Cyber Security Tutor

Raleigh, NC ยท Remote

$40/hr

Emphasizes a systematic approach to security assessment and connects cybersecurity to business risk management, compliance requirements, and ethical computing practices. * Curriculum Awareness ...

Varsity Tutors

Cyber Security Tutor

Durham, NC ยท Remote

$40/hr

Emphasizes a systematic approach to security assessment and connects cybersecurity to business risk management, compliance requirements, and ethical computing practices. * Curriculum Awareness ...

Varsity Tutors

Cyber Security Tutor

Chapel Hill, NC ยท Remote

$40/hr

Emphasizes a systematic approach to security assessment and connects cybersecurity to business risk management, compliance requirements, and ethical computing practices. * Curriculum Awareness ...

Gnw

Chief Information Security Officer

Raleigh, NC ยท On-site

... and risk management programs. The CISO will possess the following experience and capabilities: Enterprise Cybersecurity Strategy & Risk Leadership Proven success establishing and executing an ...

New

next page

Showing results 1-20

All JobsCybersecurity Risk Management JobsCybersecurity Risk Management Jobs in Raleigh, NC

Cybersecurity Risk Management information

See Raleigh, NC salary details

$55.4K

$129.2K

$180.8K

How much do cybersecurity risk management jobs pay per year?

As of Jun 9, 2026, the average yearly pay for cybersecurity risk management in Raleigh, NC is $129,243.00, according to ZipRecruiter salary data. Most workers in this role earn between $107,900.00 and $145,800.00 per year, depending on experience, location, and employer.

What are some common challenges faced by professionals in Cybersecurity Risk Management, and how can they be addressed?

Professionals in Cybersecurity Risk Management often encounter challenges such as keeping up with rapidly evolving cyber threats, balancing security needs with business objectives, and ensuring compliance with industry regulations. Addressing these challenges requires continuous learning, effective communication with stakeholders, and close collaboration with IT, legal, and business teams. Building strong partnerships across departments and investing in ongoing training can help mitigate these obstacles and support proactive risk management.

What is the difference between Cybersecurity Risk Management vs Cybersecurity Analyst?

AspectCybersecurity Risk ManagementCybersecurity Analyst
CertificationsCRISC, CISSP, CISMCompTIA Security+, CEH, CISSP
Work EnvironmentRisk assessment, policy development, strategic planningMonitoring security systems, incident response, vulnerability analysis
Employer & Industry UsageFinancial, healthcare, government, large enterprisesIT departments, cybersecurity firms, corporate security teams

Cybersecurity Risk Management focuses on identifying, assessing, and mitigating security risks at an organizational level, often involving policy creation and strategic planning. In contrast, a Cybersecurity Analyst primarily monitors security systems, responds to incidents, and analyzes vulnerabilities. Both roles require similar certifications but serve different functions within cybersecurity teams.

What are the key skills and qualifications needed to thrive in Cybersecurity Risk Management, and why are they important?

To thrive in Cybersecurity Risk Management, you need a solid understanding of information security principles, risk assessment methodologies, compliance standards, and typically a degree in cybersecurity or a related field. Familiarity with risk management frameworks (such as NIST or ISO 27001), security tools, and professional certifications like CISSP or CRISC is highly valued. Strong analytical thinking, effective communication, and problem-solving skills help professionals translate technical risks for non-technical stakeholders and foster collaboration. These competencies are crucial to proactively identifying threats, managing vulnerabilities, and ensuring organizational resilience in a rapidly evolving digital landscape.

What is cybersecurity risk management?

Cybersecurity risk management is the process of identifying, assessing, and prioritizing risks to an organization's digital assets and information systems. It involves implementing strategies and controls to minimize the impact of potential cyber threats, such as data breaches, malware, and unauthorized access. The goal is to balance security measures with business needs, ensuring sensitive information remains protected while maintaining operational efficiency. Effective risk management is ongoing, adapting to new threats and changes within the organization.
What are popular job titles related to Cybersecurity Risk Management jobs in Raleigh, NC? For Cybersecurity Risk Management jobs in Raleigh, NC, the most frequently searched job titles are:
What job categories do people searching Cybersecurity Risk Management jobs in Raleigh, NC look for? The top searched job categories for Cybersecurity Risk Management jobs in Raleigh, NC are:
What cities near Raleigh, NC are hiring for Cybersecurity Risk Management jobs? Cities near Raleigh, NC with the most Cybersecurity Risk Management job openings:
Cybersecurity Risk Management jobs near you
Sr. Manager of Cybersecurity, Third Party Risk

Sr. Manager of Cybersecurity, Third Party Risk

Advance Auto Parts

Raleigh, NC โ€ข Hybrid

$107K - $145K/yr

Other

Posted 18 days ago

Job description

Job Description
Position Summary
The Sr. Manager of Cybersecurity Third-Party Risk Management leads the enterprise program responsible for identifying, assessing, monitoring, reporting, and reducing cybersecurity risks introduced by suppliers, vendors, service providers, contractors, technology partners, SaaS platforms, cloud providers, managed service providers, and other third parties.
This role exists to establish and mature a risk-based third-party cybersecurity risk management program aligned to enterprise risk appetite and business priorities, ensure cybersecurity due diligence is performed before onboarding, renewal, material change, or expansion of third-party services, provide executive visibility into third-party cyber risk exposure, remediation status, systemic supplier risk, and program maturity, to reduce cyber, regulatory, operational, privacy, resiliency, and reputational risk associated with third-party relationships.
This position is a hybrid work model (4 days in office, 1 day work from home) based in our corporate headquarters in Raleigh, NC.
Key Responsibilities
Program Governance and Strategy
  • Lead the enterprise Cybersecurity Third-Party Risk Management program, including strategy, operating model, governance, policies, standards, procedures, assessment methodology, and reporting.
  • Develop and maintain risk-based third-party cybersecurity requirements aligned to NIST CSF 2.0, NIST 800-161, SOC 2, PCI DSS, privacy obligations, and enterprise security standards.
  • Define and maintain the third-party cyber risk lifecycle, including intake, inherent risk scoring, due diligence, control assessment, remediation, risk acceptance, ongoing monitoring, renewal review, material change review, and offboarding.
  • Establish governance forums and escalation paths for high-risk vendors, overdue remediation, policy exceptions, and material cyber risk decisions.
  • Continuously improve program maturity, automation, workflow efficiency, stakeholder experience, and audit readiness.
Vendor Cybersecurity Risk Assessments
  • Oversee cybersecurity risk assessments for new and existing vendors.
  • Evaluate vendor controls across identity and access management, network security, cloud security, application security, data protection, encryption, vulnerability management, endpoint protection, logging and monitoring, incident response, disaster recovery, secure SDLC, privacy, and governance.
  • Review evidence such as SOC 2 Type II reports, ISO 27001 certificates, bridge letters, penetration test summaries, vulnerability scan results, SIG/CAIQ questionnaires, security policies, architecture diagrams, audit reports, and remediation plans.
  • Determine residual risk and provide recommendations for approval, conditional approval, remediation, escalation, risk acceptance, or vendor rejection.
Contractual Cybersecurity Requirements
  • Partner with Legal, Procurement, Privacy, Compliance, and business teams to ensure cybersecurity requirements are embedded in vendor contracts and statements of work.
  • Review and advise on contractual clauses related to security controls, breach notification, incident cooperation, right to audit, data protection, encryption, access control, regulatory compliance, cyber insurance, subcontractors, business continuity, data retention, and secure data destruction.
  • Track deviations from standard cybersecurity terms, document risk implications, and route exceptions for appropriate approval.
Ongoing Monitoring and Remediation
  • Operate ongoing monitoring for high-risk and critical vendors, including security ratings, public breach intelligence, certification expiration, control failures, vulnerability exposure, service disruptions, and material business changes.
  • Maintain a centralized view of open vendor cyber findings, remediation commitments, accepted risks, compensating controls, and exceptions.
  • Drive remediation of vendor control gaps from identification through validation and closure.
  • Escalate overdue or unacceptable vendor risks through cybersecurity governance, procurement governance, enterprise risk forums, or executive leadership as appropriate.
  • Partner with business owners to ensure vendor risk decisions are understood, documented, and aligned to enterprise risk appetite.
Fourth-Party and Supply Chain Risk
  • Assess cybersecurity risks associated with subcontractors, subprocessors, hosting providers, offshore delivery models, managed service delivery chains, and other fourth-party dependencies.
  • Identify concentration risk related to common technology platforms, critical suppliers, geographic dependencies, cloud service providers, and systemic service providers.
  • Require transparency into material subcontractors and downstream access to company data or systems.
  • Partner with business continuity, resilience, procurement, and enterprise risk teams to evaluate critical supplier resilience and recovery capabilities.
Metrics, Reporting, and Executive Communication
  • Develop executive-level metrics, dashboards, and risk narratives showing third-party cyber risk posture, critical vendor coverage, assessment volume, remediation aging, risk acceptance trends, contractual coverage, and program maturity.
  • Report third-party cyber risk trends to cybersecurity leadership, enterprise risk committees, , audit stakeholders, and executive leadership.
  • Translate technical findings into business risk language that enables informed decisions by senior leaders and business owners.
  • Prepare materials for audit, regulatory inquiries, board reporting, and internal governance reviews as needed.
Required Qualifications
  • Bachelor's degree in Cybersecurity, Information Technology, Information Systems, Risk Management, Business, or a related field, or equivalent experience.
  • 8+ years of experience in cybersecurity, third-party risk management, vendor risk management, technology risk, IT audit, governance/risk/compliance, or related disciplines.
  • 3+ years of leadership experience managing people, programs, or cross-functional risk initiatives.
  • Demonstrated experience operating cybersecurity risk management processes in a large enterprise, publicly traded, highly regulated, or Fortune 500 environment.
  • Strong understanding of cybersecurity control domains, including identity, cloud, network, endpoint, application security, data protection, vulnerability management, logging/monitoring, incident response, and resilience.
  • Experience reviewing vendor security evidence, including SOC 2, ISO 27001, SIG/CAIQ, penetration test summaries, vulnerability reports, audit reports, and remediation plans.
  • Experience partnering with Procurement and Legal on cybersecurity terms and vendor contract negotiations.
  • Ability to communicate cyber risk clearly to technical teams, business stakeholders, executives, legal partners, auditors, and risk committees.
  • Strong judgment, prioritization, program management, issue management, and stakeholder influence skills.
Preferred Qualifications
  • Experience with ServiceNow GRC/IRM, Archer, OneTrust, ProcessUnity, Coupa, Ariba, Prevalent, BitSight, SecurityScorecard, UpGuard, or similar third-party risk platforms.
  • Knowledge of NIST CSF 2.0, NIST SP 800-161, ISO 27001, SOC 2 Trust Services Criteria, PCI DSS, SOX, GDPR/CCPA, and SEC cybersecurity disclosure expectations.
  • Professional certification such as CISSP, CISM, CRISC, CISA, CCSP, CCSK, CDPSE, ISO 27001 Lead Auditor/Implementer, or third-party risk management certification.
  • Experience with critical suppliers, cloud service providers, managed service providers, offshore support models, payment processors, data processors, and operationally critical vendors.
  • Experience supporting board, audit committee, enterprise risk committee, or executive-level cybersecurity reporting.
  • Experience transforming or scaling a third-party cyber risk program across a complex supplier ecosystem.
We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age national origin, religion, sexual orientation, gender identity, status as a veteran and basis of disability or any other federal, state or local protected class. We comply with all applicable federal, state, and local laws.
California Residents click below for Privacy Notice:
https://jobs.advanceautoparts.com/us/en/disclosures
Advance Auto Parts logo

About Advance Auto Parts

Sourced by ZipRecruiter

At Advance Auto Parts we have a passion for YES. Each day we are motivated by a passion to help our Customers. We have a commitment to advance the lives of our fellow Team Members, Customers, and the Communities where we live and work.

Industry

Motor vehicle and motor vehicle parts wholesalers, retail, internet and it and elementary and secondary schools

Company size

10,000+ Employees

Headquarters location

Raleigh, NC, US

View All Advance Auto Parts Jobs

Apply