1

Director Technology Risk Management Jobs (NOW HIRING)

Being a member of IT FinSight Delivery team, An IT ERM Associate Director has primary ... The incumbent will execute and support day-to-day IT risk management activities (such as risk and ...

next page

Showing results 1-20

Director Technology Risk Management information

See salary details

$54K

$143.2K

$260K

How much do director technology risk management jobs pay per year?

As of Jul 4, 2026, the average yearly pay for director technology risk management in the United States is $143,185.00, according to ZipRecruiter salary data. Most workers in this role earn between $105,500.00 and $167,500.00 per year, depending on experience, location, and employer.

What does a Director of Technology Risk Management do?

A Director of Technology Risk Management is responsible for identifying, assessing, and mitigating technology-related risks within an organization. They develop and implement policies, frameworks, and strategies to ensure that IT systems and processes comply with regulatory requirements and best practices. Their work helps protect the company's data, assets, and reputation from threats such as cyberattacks, data breaches, and system failures. They also collaborate with other departments to promote a culture of risk awareness and provide guidance on risk-related matters.

How does a Director of Technology Risk Management typically collaborate with other departments to ensure effective risk mitigation?

A Director of Technology Risk Management works closely with IT, compliance, legal, and business operations teams to identify and address technology risks. This involves leading cross-functional risk assessments, facilitating communication between technical and non-technical stakeholders, and ensuring that risk mitigation strategies align with organizational goals. Regular meetings, workshops, and reporting structures are established to maintain transparency and drive a culture of risk awareness across departments. Effective collaboration is essential for implementing controls and responding proactively to emerging threats.

What are the key skills and qualifications needed to thrive as a Director of Technology Risk Management, and why are they important?

To excel as a Director of Technology Risk Management, a strong background in information security, risk assessment, regulatory compliance, and a relevant degree such as in computer science or information systems is essential. Familiarity with risk management frameworks (such as NIST, ISO 27001), GRC (Governance, Risk, and Compliance) platforms, and certifications like CISSP or CISM are commonly required. Leadership, strategic thinking, and effective communication skills are vital for driving risk initiatives and collaborating across business units. These competencies ensure robust risk mitigation, regulatory adherence, and alignment of technology strategies with organizational goals.

What is the difference between Director Technology Risk Management vs Cybersecurity Manager?

AspectDirector Technology Risk ManagementCybersecurity Manager
Primary FocusOverseeing technology risk strategies and enterprise risk mitigationManaging cybersecurity operations and security measures
CertificationsCRISC, CISSP, CISMCISSP, CISA, CEH
Work EnvironmentStrategic, cross-departmental, executive levelOperational, technical teams, security operations centers
Industry UsageFinancial, healthcare, large enterprisesIT security firms, corporate IT departments

The main difference is that the Director Technology Risk Management focuses on broad technology risk strategies across the organization, while the Cybersecurity Manager concentrates on implementing and managing cybersecurity measures. Both roles require similar certifications but differ in scope and strategic versus operational responsibilities.

More about Director Technology Risk Management jobs
What cities are hiring for Director Technology Risk Management jobs? Cities with the most Director Technology Risk Management job openings:
What are the most commonly searched types of Technology Risk Management jobs? The most popular types of Technology Risk Management jobs are:
What states have the most Director Technology Risk Management jobs? States with the most job openings for Director Technology Risk Management jobs include:
Infographic showing various Director Technology Risk Management job openings in the United States as of June 2026, with employment types broken down into 98% Full Time, and 2% Part Time. Highlights an 87% Physical, 2% Hybrid, and 11% Remote job distribution, with an average salary of $143,185 per year, or $68.8 per hour.
Manager IT Cybersecurity Risk Management

Manager IT Cybersecurity Risk Management

Texas Health Resources

Arlington, TX • Remote

Full-time

Posted 10 days ago


Texas Health Resources rating

7.7

Company rating: 7.7 out of 10

Based on 338 frontline employees who took The Breakroom Quiz

160th of 877 rated healthcare providers


Job description

Manager IT Cybersecurity Risk Management
Are you looking for a rewarding career with top-notch benefits? We are looking for a qualified Manager like you to join our Texas Health family.

Position Highlights

  • Work location: Texas Health System Services
  • Core Work hours: Monday - Friday 8a-5p; Remote Opportunity with the ability to come on site at least 1x a month

 Position Summary

As a Manager within the IT Risk Management & Assurance Team, the individual will oversee day-to-day IT Risk Management program operations and supervise employees within the Risk Management service delivery area/s.  

Key Responsibilities 

Perform Governance, Risk Management and Compliance Controls, Processes and Technology
Provide leadership with IT GRC platform and road map. Ensure that product request pipeline is aligned with IT risk management strategy. Govern and lead the IT GRC development efforts.
Ensure IT GRC components fully support governance, risk and compliance processes.
Create and develop requirements for reports and dashboards within GRC system to support THR Information security and risk management support needs.
Directly partner with the Privacy, Entity Directors and Compliance to support audit functions, controls monitoring efforts and oversees risk processes.
Support Texas Health entity leadership and ITS executives through the process of prioritizing security initiatives based on relevant business risk and regulatory compliance issues, financial implications, and alignment with the Texas Health strategic plan.
Develop and create requirements for monthly and quarterly risk management reports and ensure timely report delivery.
Lead supported IT Risk Management functional areas and process activities with THR risk stakeholders and delegate requirements and action items to risk management functional areas.
Lead in the program support and reporting within the Information Security Governance Council, THR PCI workgroup, Privacy and Security Council and other steering group committees. 
Ensure that all THR Information Security controls are document and mapped to policy and technical solutions along with control effectiveness.
Lead in delegating program function activities to support THR Information Security communication, training and awareness plans.
Assist in the development, coordination and integration of the Information Security road-map and strategy.
Provide leadership with the THR risk management processes and procedures and align with THR entity risks.
Provide leadership and ongoing management of the IT risk register along with risk treatment plans. Provide, document and update risk treatment plan accordingly.
Report and develop metrics, measures and scorecards for to measure the effectiveness of the Information Security Program and the supported program areas, including key performance indicators and key risk indicators.
Lead and delegate IT risk management activities in program support program areas that leverages the THR risk analysis lifecycle and risk stratification process.
Review and update IT risk scenario catalog to align with THR risk posture. Ensure program support team members are informed and use the risk scenario catalog.
Review and update the IT risk management controls catalog and ensure control effectives as it relates to stratification process and risk scenarios. 
Review and update IT risk management metrics and measures catalog and ensure alignment with key performance and key risk indicators.
Commission and authorized development activities, such as SharePoint, in support of the Information Security Program and alignment with IT GRC product road map.
Perform Audits, Incident Management, Investigations, Risk Assessments
Provides leadership and accountability in the support of the THR Information Security audit plan.
Govern and lead efforts with the tracking and resolution of security incidents, issues management and exception processes.
Support audit processes and supporting documents and ensure audits are processed on time and ensure program support team members are aware of audit tasks.
Develop accurate audit documentation that is used by supported program team members and delegate audit tasks lists.
Provide guidance and leadership on audits, incidents and assessments and ensure program team member execution.
Support and help develop incident management processes and ensure incidents are coordinated and documented correctly. Provide continuous feedback loop into risk identification and risk analysis.
Provide leadership from risk management perspective input into incident management policies and procedures.
Lead efforts with security incident management with THR and ITS staffs.
Ensure security incidents are reported and resolved in the appropriate time-frames. This includes governance to ensure due care is executed with security incident investigations.
Develop and lead system and entity risk assessments to system owners within the prescribed timelines.
Develop and coordinate and risk assessment with THR and ITS system owners. Provide governance on delegated risk assessment action items.
Review and develop risk assessment content and align potential gaps with risk stratification process.
Ensure training is provided by risk management team members to system owners on audits, security incidents and risk assessment practices, processes and procedures.
Develop and create reports to THR risk stakeholders for audits, security incidents and risk assessments. Present final reports and provide recommendation on remediation activities.
Provide governance on forensic investigations and reporting for security incidents. Provide input on security investigation requiring THR executives input or legal counsel communication.
Support and Perform Information Security Continuous Monitoring Processes and Technology
Lead and provide risk based decision support in the Information Security Review process. Ensure that all risk based decisions are documented in IT GRC.
Develop processes and procedures to ensure that critical Information Security controls are being monitored and align with risk catalog.
Develop processes and procedures to sustain and grow the IT risk management audit program and the continuous control monitoring efforts.
Monitor ongoing threats to the THR enterprise network and communicate threats to leadership, employees and system administrators as necessary.
Provide guidance on IT GRC issue management and escalate with THR risk stakeholders if necessary.
Effectively communicate identified security risks and solutions to leadership, business partners and IT staff.
As new systems are presented, research, design, operate and advocate new technologies, architectures, and security
products that will support security requirements for the health system and its customers, business partners and vendors.
Develop and deliver business impacts and exposure, based on emerging security threats, vulnerabilities and risks and develop reports to drive high risk vulnerability efforts.
Review and stratify vulnerability management reports that include the assessment, analysis and reporting and remediation of vulnerabilities. Provide governance to ensure monitoring and tracking of vulnerability remediation
Assess and report the impact of audit and risk findings and provide ITS owners with remediation and compensating control recommendations.
Support and Evaluate/Measure the Effectiveness of Information Security Policies, Standards and Procedures
Work and foster relationship with THR stakeholders (ITS and Non ITS) on the development of Information Security policies, standards and procedures.
Lead and develop procedures for the effective risk assessments and audit of information security policies.
Provide risk based decision support in the security exception process. Also help develop and integrate the procedures and processes for the submission and management of policy exceptions.
Develop Information Security training and awareness products, track and report on Information Security awareness training effectiveness.
Develop and communicate accurate Information Security reports and presentations.
Perform ITSM Process Management
Ensure risk management team follows change management, incident and problem management processes.
Ensure all IT GRC activities are compliant with ITSM request, incident and change processes.
Ensures all systems that fall within the scope of this position's duties are fully documented including risk management activities as it relates to change advisory board.
Prioritizes team members work appropriately, carrying out and delegate assignments with the appropriate level of direction and completing tasks.
Monitors team members work progress of project status, problems or obstacles and workload problems in a timely manner while mentoring/assisting others.
Ensures team members are providing timely and accurate status reports while providing mentoring/assisting with team members and others.
Develop complete and accurate structured system acceptance test plans.
Executes testing and documents the results working independently while mentoring/assisting others.
Develop and implement installation plans working independently while mentoring/assisting others.
Provide communication to THR service desk on new processes or changes needed to support the IT risk management team.
Monitor system performance statistics to ensure changes perform within standards.
Leadership, Training, and Skills Development
Coaches, mentors,and performs employee performance reviews.
Shares work experiences and expertise with others while mentoring/assisting others.
Lead, develop and mentor IT Risk Management professionals as well as contractors, vendors and services providers.
Strives to improve business knowledge working independently, while mentoring/assisting others.
Strives to improve technical knowledge with little or no supervision.
Demonstrates comprehensive knowledge of multiple systems/applications and their integration while mentoring/assisting others.
Demonstrates comprehensive knowledge of technical tools and techniques with little or no supervision.
Provides technical guidance and/or business knowledge and direction to project team members, working independently, while mentoring/assisting others.
Monitors industry trends for applicability working independently while mentoring/assisting others.
Participates in THR Educational opportunities working independently while mentoring/assisting others.

Education
Bachelor's Degree Computer Science, Information Technology, Business or related field / 4 Years Relevant experience in lieu of a degree Required
 And
Master's Degree Computer Science, Information Technology, Business or related field Preferred
Experience
5 Years Hands-on Information Security or relevant IT experience Required
Healthcare Experience is a Plus
Progressive Leadership Experience Strongly Preferred
Cybersecurity Risk Management Experience Preferred
Licenses and Certifications
CISSP - Certified Information Systems Security Professional CISSP, CISM, CISA, CRISC or CIPP Upon Hire Required
Skills
Ability to work closely with enterprise architects, other functional area architects and security specialists to ensure adequate security solutions are in place throughout all IT systems and platforms to mitigate identified risks sufficiently, and to meet business objectives and regulatory requirements.
Ability to support enterprise level Governance, Risk Management and Compliance activities.
Establish standards, driving designs and implementation of appropriate IT Risk management processes and controls which help improve operations and lower risk.
Support strategic and tactical security, risk mitigation and regulatory compliance guidance for all ITS projects, including the evaluation of enterprise policies, processes, operating procedures and governance controls.
Lead the development and implementation of prudent enterprise security standards, guidelines and procedures to protect the integrity, availability and privacy of all corporate information assets
Ability develop and implement policies, standards, processes and procedures that are aligned with common control
frameworks and regulatory standards such as COBIT, HIPAA/HITECH, HITRUST, NIST, ISO 27000 and PCI DSS.
Ability to develop and perform risk assessments and security review processes that are that are aligned with common control frameworks and regulatory standards such as COBIT, HIPAA/HITECH, HITRUST, NIST, ISO 27000 and PCI DSS.
Ability to develop metrics, measures and scorecards for to measure the effectiveness of the Enterprise Information Security - GRC Program.
Ability to operate GRC Technology Solutions.
Ability to support the operation and governance of Identity management / access control solutions, policies, process and technologies.
Ability to develop, integrate and conduct Security Awareness Training and Communications.
Ability to help project teams and IT owners comply with enterprise and IT security policies, industry regulations, and best practices.
Ability to contribute to the alignment of security governance with EA, IT governance, project and portfolio management and business governance activities.
Ability to research, design, operate and advocate new technologies, architectures, and security products that will support security requirements for the health system and its customers, business partners and vendors.
Ability to contribute to the development and maintenance of the information security strategy.
Ability to analyze business impact and exposure, based on emerging security threats, vulnerabilities and risks.
Ability to effectively communicate security risks and solutions to leadership, business partners and IT staff.
Why Texas Health? 

At Texas Health Resources, our mission is "to improve the health of the people in the communities we serve".

As part of the Texas Health family and its 28,000 employees, we're one of the largest employers in the Dallas Fort Worth area. Our career growth and professional development opportunities are top-notch and our benefits are equally outstanding. Come be a part of our exceptional team as we improve the health of the people in our communities every day. You belong here.

Learn more about our culture, benefits, and recent awards. 

#LI-TA1


What Texas Health Resources employees say

Pay

Benefits

Hours and flexibility

Workplace

Get the full story on Breakroom


Texas Health Resources logo

About Texas Health Resources

Sourced by ZipRecruiter

Texas Health Resources is a major player in the healthcare industry, located in Arlington, TX, US. With its roots dating back to 1922, and an amalgamation of multiple area hospitals in 1982, the organization has since evolved into one of the largest faith-based, nonprofit health systems in the United States, taking care and improving the health of people in the communities it serves. Staying aligned with its aim to enhance public health, the company's core services encompass a wide range of medical treatments, general wellness programs, fitness, and rehabilitation, continually expanding its healthcare infrastructure, and establishing collaborations for advanced medical research.

Industry

Outpatient health care

Company size

10,000+ Employees

Headquarters location

Arlington, TX, US

Year founded

1997