1

Director Technology Risk Management Jobs in Washington

The ideal candidate will have experience working with IT security controls, risk management practices, compliance frameworks, or audit activities and possess strong analytical and documentation ...

You will leverage your analytical and risk management expertise to drive meaningful outcomes, influence corporate policies and standards, and ensure the resilience of our enterprise technology.

IT Audit - Staff

Alexandria, VA ยท On-site

$65K - $80K/yr

IT Audit Staff Location: Alexandria, VA (on-site) Level: Staff Clearance: Secret *Candidates must ... Conduct research related to IT control frameworks, risk management standards, and security ...

Bachelor's Degree in Business Administration, Project Management, Information Technology, Public Administration, or a related field. * Minimum of 5 years of experience in risk management, program ...

Risk Management Consultant

Washington, DC ยท On-site

$82K - $157K/yr

About the Job General Summary of Position The Risk Management Consultant works under the direction of the Director of Risk Management to identify and mitigate patient safety risks. The Consultant ...

Bachelor's Degree in Business Administration, Project Management, Information Technology, Public Administration, or a related field. * Minimum of 5 years of experience in risk management, program ...

Bachelor's Degree in Business Administration, Project Management, Information Technology, Public Administration, or a related field. * Minimum of 5 years of experience in risk management, program ...

next page

Showing results 1-20

Director Technology Risk Management information

What does a Director of Technology Risk Management do?

A Director of Technology Risk Management is responsible for identifying, assessing, and mitigating technology-related risks within an organization. They develop and implement policies, frameworks, and strategies to ensure that IT systems and processes comply with regulatory requirements and best practices. Their work helps protect the company's data, assets, and reputation from threats such as cyberattacks, data breaches, and system failures. They also collaborate with other departments to promote a culture of risk awareness and provide guidance on risk-related matters.

How does a Director of Technology Risk Management typically collaborate with other departments to ensure effective risk mitigation?

A Director of Technology Risk Management works closely with IT, compliance, legal, and business operations teams to identify and address technology risks. This involves leading cross-functional risk assessments, facilitating communication between technical and non-technical stakeholders, and ensuring that risk mitigation strategies align with organizational goals. Regular meetings, workshops, and reporting structures are established to maintain transparency and drive a culture of risk awareness across departments. Effective collaboration is essential for implementing controls and responding proactively to emerging threats.

What are the key skills and qualifications needed to thrive as a Director of Technology Risk Management, and why are they important?

To excel as a Director of Technology Risk Management, a strong background in information security, risk assessment, regulatory compliance, and a relevant degree such as in computer science or information systems is essential. Familiarity with risk management frameworks (such as NIST, ISO 27001), GRC (Governance, Risk, and Compliance) platforms, and certifications like CISSP or CISM are commonly required. Leadership, strategic thinking, and effective communication skills are vital for driving risk initiatives and collaborating across business units. These competencies ensure robust risk mitigation, regulatory adherence, and alignment of technology strategies with organizational goals.

What is the difference between Director Technology Risk Management vs Cybersecurity Manager?

AspectDirector Technology Risk ManagementCybersecurity Manager
Primary FocusOverseeing technology risk strategies and enterprise risk mitigationManaging cybersecurity operations and security measures
CertificationsCRISC, CISSP, CISMCISSP, CISA, CEH
Work EnvironmentStrategic, cross-departmental, executive levelOperational, technical teams, security operations centers
Industry UsageFinancial, healthcare, large enterprisesIT security firms, corporate IT departments

The main difference is that the Director Technology Risk Management focuses on broad technology risk strategies across the organization, while the Cybersecurity Manager concentrates on implementing and managing cybersecurity measures. Both roles require similar certifications but differ in scope and strategic versus operational responsibilities.

What are the most commonly searched types of Technology Risk Management jobs in Washington? The most popular types of Technology Risk Management jobs in Washington are:
What are popular job titles related to Director Technology Risk Management jobs in Washington? For Director Technology Risk Management jobs in Washington, the most frequently searched job titles are:
What job categories do people searching Director Technology Risk Management jobs in Washington look for? The top searched job categories for Director Technology Risk Management jobs in Washington are:
What cities in Washington are hiring for Director Technology Risk Management jobs? Cities in Washington with the most Director Technology Risk Management job openings:
Senior IT Risk and Compliance Analyst

Senior IT Risk and Compliance Analyst

NORC at the University of Chicago

Washington, DC โ€ข On-site

Other

Medical, Dental, Vision, Life, Retirement, PTO

Posted 16 days ago


Job description

JOB SUMMARY: NORC at the University of Chicago seeks Senior IT Risk and Compliance Analyst to join our DSS Security and Compliance group. The successful candidate will be part of an IT Risk and Compliance team, expert in government security standards and regulations. The successful candidate will be part of an IT Risk and Compliance team, expert in government security standards and regulations. The team is responsible for specifying, documenting, validating, and maintaining IT security & privacy controls to ensure compliance with security requirements of clients (principally Government) and corporate standards for data and systems integrity. The team develops and implements tools and processes to measure and track IT risk and compliance metrics. The team provides guidance to IT functional teams on risk and compliance as it pertains to system development, documentation, testing, monitoring, and reporting. The team conducts risk assessments and security impact analyses of information systems.โ€ฏโ€ฏ Location: This is a hybrid role based in our Chicago Loop or Washington, DC office, with a minimum of six days per month in the office. Remote candidates may also be considered. Qualified applicants must be U.S. citizens due to security clearance requirements for projects. DEPARTMENT: Digital Services & Solutions Security & Compliance NORC's Digital Services & Solutions group provides technology services to our staff and clients. Given the critical role technology plays in our day-to-day lives, we are committed to providing professional, high-quality solutions in order to further our collective goal of advancing social science research. RESPONSIBILITIES: Work with the team in specifying, documenting, validating, and maintaining IT security & privacy controls to ensure compliance with security. requirements of clients (principally Government) and corporate standards for data and systems integrity. Help develop and implement tools and processes to measure and track IT risk and compliance metrics. Provide guidance to IT functional teams on risk and compliance as it pertains to system development, documentation, testing, monitoring, and reporting. Assist the team with conducting risk assessments and security impact analyses of information systems. REQUIRED SKILLS: Education and Certifications: Bachelorโ€™s degree in computer science, Information Technology, or a related field (or equivalent years of experience). Professional certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or similar certifications. General Experience: Minimum of 4 years of experience in information security roles, emphasizing security architecture and engineering solutions. Proven experience in performing network penetration testing, vulnerability scans, and configuration analysis. Experience overseeing project penetration testing activities. Preferred experience as an ISO for federal programs and projects. Experience coordinating communications across vendors, internal stakeholders, and program owners. Experience using CSAM ATO Experience: In-depth knowledge and experience guiding information systems through the Authorization to Operate (ATO) process: Proficient in navigating the complex landscape of ATO processes, demonstrating a successful track record in obtaining authorizations for information systems Extensive knowledge of the steps involved in the ATO process, ensuring compliance with government regulations and standards, including NIST Special Publications and FISMA A proven ability to streamline and expedite ATO timelines without compromising security standards, showcasing efficiency in documentation and regulatory adherence Expertise in developing and presenting comprehensive ATO documentation, including System Security Plans, to accrediting authorities and other relevant stakeholders Demonstrated skill in addressing and mitigating security risks identified during the ATO process, ensuring the secure operation of systems in various environments Exceptional communication skills to articulate ATO requirements, progress, and challenges to both technical and non-technical stakeholders, fostering collaboration and understanding. Risk Management Experience: Demonstrated experience in developing threat models and security risk assessments. Ability to recommend mitigations and countermeasures to address identified risks, vulnerabilities, and threats. Experience conducting incident response across vendors, internal stakeholders, and program owners, including implementing, and coordinating the response plan, overseeing the technical response, and coordinating with legal, technical, and communications teams. Compliance and Documentation: Thorough understanding and experience with government regulations and standards related to information security. In-depth knowledge of security compliance checks and the ability to perform audit activities. Experience in reviewing and validating security documentation, including system security requirements definition and System Security Plans. Experience conducting penetration testing across multiple vendors, contractors, and consultants that meet stringent client requirements. Communication and Guidance: Strong communication skills with the ability to guide NORC customers on information security policies and regulations. Ability to effectively communicate complex security concepts to both technical and non-technical stakeholders. SALARY AND BENEFITS: The pay range for this position is $97,000 - $120,000. This position is classified as regular. Regular staff are eligible for NORCโ€™s comprehensive benefits program. Benefits include, but are not limited to: Generously subsidized health insurance, effective on the first day of employment Dental and vision insurance A defined contribution retirement program, along with a separate voluntary 403(b) retirement program Group life insurance, long-term and short-term disability insurance Benefits that promote work/life balance, including generous paid time off, holidays; paid parental leave, bereavement leave, tuition assistance, and an Employee Assistance Program (EAP). NORC is committed to equity and transparency in its pay practices. We publish salary ranges and benefit information for every job. The listed hiring range reflects what we, in good faith, expect to pay at the time of posting, though actual compensation may vary and may be adjusted over time. A candidateโ€™s placement within the range depends on factors such as competencies, education, qualifications, experience, skills, performance, and organizational needs. WHAT WE DO: NORC at the University of Chicago is an objective, non-partisan research institution that delivers reliable data and rigorous analysis to guide critical programmatic, business, and policy decisions. Since 1941, our teams have conducted groundbreaking studies, created and applied innovative methods and tools, and advanced principles of scientific integrity and collaboration. Today, government, corporate, and nonprofit clients around the world partner with us to transform increasingly complex information into useful knowledge. WHO WE ARE: For over 80 years, NORC has evolved in many ways, moving the needle with research methods, technical applications and groundbreaking research findings. But our tradition of excellence, passion for innovation, and commitment to collegiality have remained constant components of who we are as a brand, and who each of us is as a member of the NORC team. With world-class benefits, a business casual environment, and an emphasis on continuous learning, NORC is a place where people join for the stellar research and analysis work for which weโ€™re known, and stay for the relationships they form with their colleagues who take pride in the impact their work is making on a global scale. EEO STATEMENT: NORC is an equal opportunity employer. NORC evaluates qualified applicants without regard to race, color, religion, sex, gender, national origin, disability, status as a protected veteran, sexual orientation, and other legally protected characteristics. #LI-MS1