ZipRecruiter

Log In

1

Director Enterprise Risk Management Jobs in Raleigh, NC

UHS

RISK MGMT ANALYST

Raleigh, NC

Under the supervision of the PI/RM Director, assists with monitoring and implementation of the ... Risk Management reporting requirements. · Maintains current knowledge of federal updates for CORE ...

UHS

RISK MGMT ANALYST

Raleigh, NC · On-site

Under the supervision of the PI/RM Director, assists with monitoring and implementation of the ... Indicators and UHS Risk Management reporting requirements. • Maintains current knowledge of ...

next page

Showing results 1-20

All JobsDirector Enterprise Risk Management JobsDirector Enterprise Risk Management Jobs in Raleigh, NC

Director Enterprise Risk Management information

See Raleigh, NC salary details

$52.5K

$139.2K

$252.7K

How much do director enterprise risk management jobs pay per year?

As of Jun 17, 2026, the average yearly pay for director enterprise risk management in Raleigh, NC is $139,187.00, according to ZipRecruiter salary data. Most workers in this role earn between $102,600.00 and $162,800.00 per year, depending on experience, location, and employer.

How does a Director of Enterprise Risk Management typically collaborate with other departments to identify and mitigate organizational risks?

A Director of Enterprise Risk Management (ERM) works closely with leaders across departments such as compliance, finance, IT, and operations to proactively identify, assess, and address organizational risks. This often involves facilitating risk workshops, leading cross-functional risk assessments, and ensuring risk mitigation strategies are embedded in business processes. Regular communication and reporting to executive leadership and the board are also key responsibilities, enabling a holistic view of the risk landscape. Effective collaboration helps ensure that risk management is integrated throughout the organization, supporting both strategic objectives and regulatory compliance.

What does a Director of Enterprise Risk Management do?

A Director of Enterprise Risk Management (ERM) is responsible for identifying, assessing, and mitigating risks that could impact an organization’s ability to achieve its objectives. They develop risk management strategies, policies, and frameworks, and work closely with senior leadership to integrate these practices across departments. The role involves overseeing risk assessments, monitoring compliance with regulations, and ensuring the organization is prepared for potential threats. By proactively managing risks, the director helps safeguard the organization's assets, reputation, and long-term success.

What are the key skills and qualifications needed to thrive as a Director of Enterprise Risk Management, and why are they important?

To thrive as a Director of Enterprise Risk Management, you need expertise in risk assessment, regulatory compliance, and strategic planning, typically supported by a bachelor's or master's degree in business, finance, or a related field. Familiarity with risk management frameworks (such as COSO or ISO 31000), GRC (governance, risk, and compliance) systems, and relevant certifications like CRM or FRM is highly valued. Exceptional leadership, analytical thinking, and communication skills help you collaborate across departments and influence organizational culture. These abilities are crucial for identifying potential threats, ensuring regulatory compliance, and safeguarding the organization's long-term success.

What is the difference between Director Enterprise Risk Management vs Risk Manager?

AspectDirector Enterprise Risk ManagementRisk Manager
CredentialsTypically requires advanced degrees (MBA, Risk Management certifications)Often requires similar certifications but may have less emphasis on advanced degrees
Work EnvironmentStrategic, leadership-focused, often in senior management teamsOperational, focused on risk assessment and mitigation activities
Employer & Industry UsageUsed in large corporations across various industriesCommon in organizations of all sizes, especially in finance, insurance, and manufacturing
Search & Comparison IntentUnderstanding senior risk leadership rolesOperational risk management responsibilities

The main difference between a Director Enterprise Risk Management and a Risk Manager lies in their scope and seniority. The Director typically oversees enterprise-wide risk strategies and leads teams, while the Risk Manager focuses on specific risk areas and implementation. Both roles require relevant certifications and experience, but the Director position involves more strategic decision-making and leadership responsibilities.

What are the most commonly searched types of Enterprise Risk Management jobs in Raleigh, NC? The most popular types of Enterprise Risk Management jobs in Raleigh, NC are:
What are popular job titles related to Director Enterprise Risk Management jobs in Raleigh, NC? For Director Enterprise Risk Management jobs in Raleigh, NC, the most frequently searched job titles are:
What job categories do people searching Director Enterprise Risk Management jobs in Raleigh, NC look for? The top searched job categories for Director Enterprise Risk Management jobs in Raleigh, NC are:
What cities near Raleigh, NC are hiring for Director Enterprise Risk Management jobs? Cities near Raleigh, NC with the most Director Enterprise Risk Management job openings:
Director Enterprise Risk Management jobs near you
Sr. Manager of Cybersecurity, Third Party Risk

Sr. Manager of Cybersecurity, Third Party Risk

Advance Auto Parts, Inc.

Raleigh, NC • On-site

$107K - $145K/yr

Full-time

Posted 28 days ago

Job description

Job Description
Position Summary
The Sr. Manager of Cybersecurity Third-Party Risk Management leads the enterprise program responsible for identifying, assessing, monitoring, reporting, and reducing cybersecurity risks introduced by suppliers, vendors, service providers, contractors, technology partners, SaaS platforms, cloud providers, managed service providers, and other third parties.
This role exists to establish and mature a risk-based third-party cybersecurity risk management program aligned to enterprise risk appetite and business priorities, ensure cybersecurity due diligence is performed before onboarding, renewal, material change, or expansion of third-party services, provide executive visibility into third-party cyber risk exposure, remediation status, systemic supplier risk, and program maturity, to reduce cyber, regulatory, operational, privacy, resiliency, and reputational risk associated with third-party relationships.
This position is a hybrid work model (4 days in office, 1 day work from home) based in our corporate headquarters in Raleigh, NC.
Key Responsibilities
Program Governance and Strategy
  • Lead the enterprise Cybersecurity Third-Party Risk Management program, including strategy, operating model, governance, policies, standards, procedures, assessment methodology, and reporting.
  • Develop and maintain risk-based third-party cybersecurity requirements aligned to NIST CSF 2.0, NIST 800-161, SOC 2, PCI DSS, privacy obligations, and enterprise security standards.
  • Define and maintain the third-party cyber risk lifecycle, including intake, inherent risk scoring, due diligence, control assessment, remediation, risk acceptance, ongoing monitoring, renewal review, material change review, and offboarding.
  • Establish governance forums and escalation paths for high-risk vendors, overdue remediation, policy exceptions, and material cyber risk decisions.
  • Continuously improve program maturity, automation, workflow efficiency, stakeholder experience, and audit readiness.
Vendor Cybersecurity Risk Assessments
  • Oversee cybersecurity risk assessments for new and existing vendors.
  • Evaluate vendor controls across identity and access management, network security, cloud security, application security, data protection, encryption, vulnerability management, endpoint protection, logging and monitoring, incident response, disaster recovery, secure SDLC, privacy, and governance.
  • Review evidence such as SOC 2 Type II reports, ISO 27001 certificates, bridge letters, penetration test summaries, vulnerability scan results, SIG/CAIQ questionnaires, security policies, architecture diagrams, audit reports, and remediation plans.
  • Determine residual risk and provide recommendations for approval, conditional approval, remediation, escalation, risk acceptance, or vendor rejection.
Contractual Cybersecurity Requirements
  • Partner with Legal, Procurement, Privacy, Compliance, and business teams to ensure cybersecurity requirements are embedded in vendor contracts and statements of work.
  • Review and advise on contractual clauses related to security controls, breach notification, incident cooperation, right to audit, data protection, encryption, access control, regulatory compliance, cyber insurance, subcontractors, business continuity, data retention, and secure data destruction.
  • Track deviations from standard cybersecurity terms, document risk implications, and route exceptions for appropriate approval.
Ongoing Monitoring and Remediation
  • Operate ongoing monitoring for high-risk and critical vendors, including security ratings, public breach intelligence, certification expiration, control failures, vulnerability exposure, service disruptions, and material business changes.
  • Maintain a centralized view of open vendor cyber findings, remediation commitments, accepted risks, compensating controls, and exceptions.
  • Drive remediation of vendor control gaps from identification through validation and closure.
  • Escalate overdue or unacceptable vendor risks through cybersecurity governance, procurement governance, enterprise risk forums, or executive leadership as appropriate.
  • Partner with business owners to ensure vendor risk decisions are understood, documented, and aligned to enterprise risk appetite.
Fourth-Party and Supply Chain Risk
  • Assess cybersecurity risks associated with subcontractors, subprocessors, hosting providers, offshore delivery models, managed service delivery chains, and other fourth-party dependencies.
  • Identify concentration risk related to common technology platforms, critical suppliers, geographic dependencies, cloud service providers, and systemic service providers.
  • Require transparency into material subcontractors and downstream access to company data or systems.
  • Partner with business continuity, resilience, procurement, and enterprise risk teams to evaluate critical supplier resilience and recovery capabilities.
Metrics, Reporting, and Executive Communication
  • Develop executive-level metrics, dashboards, and risk narratives showing third-party cyber risk posture, critical vendor coverage, assessment volume, remediation aging, risk acceptance trends, contractual coverage, and program maturity.
  • Report third-party cyber risk trends to cybersecurity leadership, enterprise risk committees, , audit stakeholders, and executive leadership.
  • Translate technical findings into business risk language that enables informed decisions by senior leaders and business owners.
  • Prepare materials for audit, regulatory inquiries, board reporting, and internal governance reviews as needed.
Required Qualifications
  • Bachelor's degree in Cybersecurity, Information Technology, Information Systems, Risk Management, Business, or a related field, or equivalent experience.
  • 8+ years of experience in cybersecurity, third-party risk management, vendor risk management, technology risk, IT audit, governance/risk/compliance, or related disciplines.
  • 3+ years of leadership experience managing people, programs, or cross-functional risk initiatives.
  • Demonstrated experience operating cybersecurity risk management processes in a large enterprise, publicly traded, highly regulated, or Fortune 500 environment.
  • Strong understanding of cybersecurity control domains, including identity, cloud, network, endpoint, application security, data protection, vulnerability management, logging/monitoring, incident response, and resilience.
  • Experience reviewing vendor security evidence, including SOC 2, ISO 27001, SIG/CAIQ, penetration test summaries, vulnerability reports, audit reports, and remediation plans.
  • Experience partnering with Procurement and Legal on cybersecurity terms and vendor contract negotiations.
  • Ability to communicate cyber risk clearly to technical teams, business stakeholders, executives, legal partners, auditors, and risk committees.
  • Strong judgment, prioritization, program management, issue management, and stakeholder influence skills.
Preferred Qualifications
  • Experience with ServiceNow GRC/IRM, Archer, OneTrust, ProcessUnity, Coupa, Ariba, Prevalent, BitSight, SecurityScorecard, UpGuard, or similar third-party risk platforms.
  • Knowledge of NIST CSF 2.0, NIST SP 800-161, ISO 27001, SOC 2 Trust Services Criteria, PCI DSS, SOX, GDPR/CCPA, and SEC cybersecurity disclosure expectations.
  • Professional certification such as CISSP, CISM, CRISC, CISA, CCSP, CCSK, CDPSE, ISO 27001 Lead Auditor/Implementer, or third-party risk management certification.
  • Experience with critical suppliers, cloud service providers, managed service providers, offshore support models, payment processors, data processors, and operationally critical vendors.
  • Experience supporting board, audit committee, enterprise risk committee, or executive-level cybersecurity reporting.
  • Experience transforming or scaling a third-party cyber risk program across a complex supplier ecosystem.
We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age national origin, religion, sexual orientation, gender identity, status as a veteran and basis of disability or any other federal, state or local protected class. We comply with all applicable federal, state, and local laws.
California Residents click below for Privacy Notice:
https://jobs.advanceautoparts.com/us/en/disclosures
Advance Auto Parts logo

About Advance Auto Parts

Sourced by ZipRecruiter

At Advance Auto Parts we have a passion for YES. Each day we are motivated by a passion to help our Customers. We have a commitment to advance the lives of our fellow Team Members, Customers, and the Communities where we live and work.

Industry

Motor vehicle and motor vehicle parts wholesalers, retail, internet and it and elementary and secondary schools

Company size

10,000+ Employees

Headquarters location

Raleigh, NC, US

View All Advance Auto Parts Jobs

Apply