ZipRecruiter

Log In

1

Cybersecurity Risk Management Jobs in Washington, DC

Workday

Principal Cybersecurity Engineer

Reston, VA · On-site

About the Team We are seeking a highly skilled Principal cybersecurity engineer to architect the development of our internal suite of Cybersecurity Risk Management and Automation tools. This role ...

Leidos

Risk Management Lead

Fort Belvoir, VA · On-site

$131K - $237K/yr

This support includes, but is not limited to, cybersecurity solutions (including network, operating ... Experience leading risk management efforts to achieve and maintain authorization for systems using ...

Leidos

Risk Management Lead

Fort Belvoir, VA · On-site

$131K - $237K/yr

This support includes, but is not limited to, cybersecurity solutions (including network, operating ... Experience leading risk management efforts to achieve and maintain authorization for systems using ...

Leidos

Risk Management Lead

Fort Belvoir, VA

$131K - $237K/yr

This support includes, but is not limited to, cybersecurity solutions (including network, operating ... Experience leading risk management efforts to achieve and maintain authorization for systems using ...

next page

Showing results 1-20

All JobsCybersecurity Risk Management JobsCybersecurity Risk Management Jobs in Washington, DC

Cybersecurity Risk Management information

See Washington, DC salary details

$64.3K

$150K

$209.9K

How much do cybersecurity risk management jobs pay per year?

As of Jun 21, 2026, the average yearly pay for cybersecurity risk management in Washington, DC is $150,027.00, according to ZipRecruiter salary data. Most workers in this role earn between $125,200.00 and $169,300.00 per year, depending on experience, location, and employer.

What is the role of a risk manager in cybersecurity?

A cybersecurity risk manager identifies, assesses, and prioritizes security risks to an organization’s information systems. They develop strategies to mitigate threats, implement security controls, and ensure compliance with industry standards, often using tools like risk assessment frameworks and security audits. Their role is essential in protecting digital assets and supporting overall cybersecurity posture.

Is security risk management a good career?

Security risk management is a valuable career in cybersecurity, focusing on identifying and mitigating threats to organizational assets. It often requires knowledge of security frameworks, risk assessment tools, and certifications like CISSP or CISM. The field offers strong job growth, competitive salaries, and opportunities across various industries.

What are some common challenges faced by professionals in Cybersecurity Risk Management, and how can they be addressed?

Professionals in Cybersecurity Risk Management often encounter challenges such as keeping up with rapidly evolving cyber threats, balancing security needs with business objectives, and ensuring compliance with industry regulations. Addressing these challenges requires continuous learning, effective communication with stakeholders, and close collaboration with IT, legal, and business teams. Building strong partnerships across departments and investing in ongoing training can help mitigate these obstacles and support proactive risk management.

What is the difference between Cybersecurity Risk Management vs Cybersecurity Analyst?

AspectCybersecurity Risk ManagementCybersecurity Analyst
CertificationsCRISC, CISSP, CISMCompTIA Security+, CEH, CISSP
Work EnvironmentRisk assessment, policy development, strategic planningMonitoring security systems, incident response, vulnerability analysis
Employer & Industry UsageFinancial, healthcare, government, large enterprisesIT departments, cybersecurity firms, corporate security teams

Cybersecurity Risk Management focuses on identifying, assessing, and mitigating security risks at an organizational level, often involving policy creation and strategic planning. In contrast, a Cybersecurity Analyst primarily monitors security systems, responds to incidents, and analyzes vulnerabilities. Both roles require similar certifications but serve different functions within cybersecurity teams.

What are the key skills and qualifications needed to thrive in Cybersecurity Risk Management, and why are they important?

To thrive in Cybersecurity Risk Management, you need a solid understanding of information security principles, risk assessment methodologies, compliance standards, and typically a degree in cybersecurity or a related field. Familiarity with risk management frameworks (such as NIST or ISO 27001), security tools, and professional certifications like CISSP or CRISC is highly valued. Strong analytical thinking, effective communication, and problem-solving skills help professionals translate technical risks for non-technical stakeholders and foster collaboration. These competencies are crucial to proactively identifying threats, managing vulnerabilities, and ensuring organizational resilience in a rapidly evolving digital landscape.

What is cybersecurity risk management?

Cybersecurity risk management is the process of identifying, assessing, and prioritizing risks to an organization's digital assets and information systems. It involves implementing strategies and controls to minimize the impact of potential cyber threats, such as data breaches, malware, and unauthorized access. The goal is to balance security measures with business needs, ensuring sensitive information remains protected while maintaining operational efficiency. Effective risk management is ongoing, adapting to new threats and changes within the organization.

What is risk management in cyber security?

In cybersecurity risk management, professionals identify, assess, and prioritize potential security threats to an organization’s information systems. They implement strategies and controls to mitigate or accept risks, often using frameworks like NIST or ISO 27001, and may hold certifications such as CISSP or CISM to ensure effective risk handling.

Can you make $500,000 a year in cyber security?

Cybersecurity risk management professionals can potentially earn $500,000 or more annually, especially at senior levels, in leadership roles, or with extensive experience and specialized certifications like CISSP or CISM. High salaries are often associated with executive positions, consulting, or working in large organizations with complex security needs.
What are popular job titles related to Cybersecurity Risk Management jobs in Washington, DC? For Cybersecurity Risk Management jobs in Washington, DC, the most frequently searched job titles are:
What job categories do people searching Cybersecurity Risk Management jobs in Washington, DC look for? The top searched job categories for Cybersecurity Risk Management jobs in Washington, DC are:
What cities near Washington, DC are hiring for Cybersecurity Risk Management jobs? Cities near Washington, DC with the most Cybersecurity Risk Management job openings:
Cybersecurity Risk Management jobs near you
Infographic showing various Cybersecurity Risk Management job openings in Washington, DC as of June 2026, with employment types broken down into 100% Full Time. Highlights an 92% Physical, 2% Hybrid, and 6% Remote job distribution, with an average salary of $150,027 per year, or $72.1 per hour.
Sr. Manager, Information Technology and Information Security Risk

Sr. Manager, Information Technology and Information Security Risk

Tier4 Group

Reston, VA • On-site

Full-time

Posted 25 days ago

Job description

Sr. Manager, Information Technology and Information Security Risk
Hybrid Work Schedule- 3 days onsite in Reston, VA

SUMMARY OF POSITION:

The Information Technology and Information Security Risk (IT/IS) Sr. Manager plays a critical enterprise-wide role in overseeing cybersecurity, technology, data, AI and information security risk governance. This role partners with the Chief Risk Officer (CRO) and the Enterprise Risk Management team in identifying, assessing, and monitoring the organization’s technology and cybersecurity risk profile to ensure alignment with the our client’s strategic objectives, risk appetite, and regulatory expectations.
This role has broad ownership and visibility across the enterprise and serves as a key second-line risk partner to senior leadership, business lines, IT, Information Security, Compliance, and third-party vendors. The Senior Manager will help ensure adherence to regulatory expectations from agencies such as FHFA, FFIEC, OCC, FDIC, SEC, and FINRA. This person will partner with business lines, IT, and compliance teams to maintain a strong security posture and reduce exposure across critical financial systems and third-party relationships, strengthening the organization’s overall cyber resilience and operational risk management framework.

Core Responsibilities

  • Evaluate and provide independent challenge regarding the alignments of the organization’s IT and IS strategy with enterprise business objectives, risk appetite, and regulatory expectations.
  • Review and assess the adequacy of information technology and security risk assessments across applications, infrastructure, and business processes.
  • Partner with IT project teams to influence decisions related to technology architecture, cybersecurity controls, system implementations, and operational risk mitigation strategies
  • Evaluate new and existing systems, platforms, and SAAS integrations for cybersecurity risks and regulatory compliance impacts.
  • Conduct third party and vendor security risk assessments, including review of SOC 1/SOC 2 reports, SIG questionnaires, penetration testing results, and remediation plans to ensure vendor information security practices align with OF expectations.
  • Provide effective second-line oversight and credible challenge related to cybersecurity incidents, operational disruptions, and emerging technology risks, including analysis of potential impacts to customer data, financial systems, and regulatory obligations.
  • Collaborate with business units and technology teams to identify, document, and monitor risks, ensuring remediation activities meet regulatory timelines and internal risk appetite.
  • Oversee the implementation of information technology and security risk management policies and the Cyber-Security Incident Response Plan
  • Conduct cyber security awareness training and education through periodic email phishing tests, in-person and computer-based training, presentations to employees, and security related tabletop exercises.
  • Monitor the status of remediation for IT and IS related issues and ensure that the remediation documentation is complete and adequate.
  • Monitor cybersecurity and financial sector threat intelligence; communicate emerging risks to leadership.
  • Oversee IT and IS key risk indicators (KRIs) and maintain clear and accurate dashboards and reporting metrics for senior management, risk committees, and regulators
  • Ability to analyze complex technical environments and communicate risk in business-focused terms.
  • Strong knowledge of information security frameworks including NIST CSF, NIST 800‑53, ISO 27001, CIS Controls.
  • Effective communication skills for interacting with auditors, examiners, and senior management.

PREFERRED SKILLS AND EXPERIENCE:

  • Bachelor’s degree in Information Security, Cybersecurity, Risk Management, or related fields (or equivalent work experience) preferred.
  • 8–10 years of relevant experience in information security or risk management roles with experience in financial services, banking, payments, fintech, or related regulatory environments preferred.
  • Experience with data analytics and visualization tools (e.g., Power BI, Tableau, or Python).
  • Experience working in a regulated financial services or technology environment.
  • CRISC, CISSP, CISM, Security+ or CGEIT or similar certifications