The Information Security Officer establishes and enforces security governance, policies, and ... Conducts and oversees security risk assessments, threat modeling, and vulnerability management ...
The Information Security Officer establishes and enforces security governance, policies, and ... Conducts and oversees security risk assessments, threat modeling, and vulnerability management ...
Security GRC Analyst
Campbell, CA · On-site
Act as security risk management "ambassador to internal customers. Accountable for The use of defined risk methodologies and best practices to perform IT/Security assessments. Responsible for the ...
Security GRC Analyst
Campbell, CA · On-site
Act as security risk management "ambassador to internal customers. Accountable for The use of defined risk methodologies and best practices to perform IT/Security assessments. Responsible for the ...
Principal Information Security Risk Management - AI
San Francisco, CA · Hybrid
$221K - $276K/yr
The Principal Information Security Risk Management, AI is responsible for ensuring enterprise-wide Generative AI (GenAI), Agentic AI, LLMs, and ML security programs are effective, risk-aligned, and ...
Principal Information Security Risk Management - AI
San Francisco, CA · Hybrid
$221K - $276K/yr
The Principal Information Security Risk Management, AI is responsible for ensuring enterprise-wide Generative AI (GenAI), Agentic AI, LLMs, and ML security programs are effective, risk-aligned, and ...
Sandisk is a leader in data solutions and innovation, and they are seeking a Senior Information Security Analyst to enhance their Information Security Governance, Risk Management, and Strategy ...
Sandisk is a leader in data solutions and innovation, and they are seeking a Senior Information Security Analyst to enhance their Information Security Governance, Risk Management, and Strategy ...
Analyst, Senior GRC Information Security Analyst
Santa Ana, CA · On-site
$43.27 - $64.90/hr
Contribute to the development, management, and ongoing improvement of Information Security risk program, compliance initiatives, and overall security risk posture. * Partner with senior management to ...
Analyst, Senior GRC Information Security Analyst
Santa Ana, CA · On-site
$43.27 - $64.90/hr
Contribute to the development, management, and ongoing improvement of Information Security risk program, compliance initiatives, and overall security risk posture. * Partner with senior management to ...
Contribute to the development, management, and ongoing improvement of Information Security risk program, compliance initiatives, and overall security risk posture. * Partner with senior management to ...
Contribute to the development, management, and ongoing improvement of Information Security risk program, compliance initiatives, and overall security risk posture. * Partner with senior management to ...
This person will oversee security risk management, compliance, incident response, and cybersecurity ... Oversee information security operations, including threat intelligence, vulnerability management ...
This person will oversee security risk management, compliance, incident response, and cybersecurity ... Oversee information security operations, including threat intelligence, vulnerability management ...
Bachelors degree in Computer Science, Information Security, Cybersecurity, Risk Management, or a related field. * 6-8 years of professional experience in third-party risk assessment within ...
Quick apply
Bachelors degree in Computer Science, Information Security, Cybersecurity, Risk Management, or a related field. * 6-8 years of professional experience in third-party risk assessment within ...
Strengthen enterprise information security risk management aligned with ISO 27001, NIST CSF 2.0, NIST AI RMF, and ISO/IEC 42001. * Conduct technical and business process risk assessments and document ...
Quick apply
Apply Early
Strengthen enterprise information security risk management aligned with ISO 27001, NIST CSF 2.0, NIST AI RMF, and ISO/IEC 42001. * Conduct technical and business process risk assessments and document ...
Apply Early
Identify, assess, and mitigate information security risks across the organization. * Maintain and execute a comprehensive IT/IS risk management program. * Leverage, optimize, and automate GRC tools ...
Identify, assess, and mitigate information security risks across the organization. * Maintain and execute a comprehensive IT/IS risk management program. * Leverage, optimize, and automate GRC tools ...
Senior Information Security Analyst, GRC/Responsible AI
Irvine, CA · On-site
$124K - $206K/yr
Strengthen enterprise information security risk management aligned with ISO 27001, NIST CSF 2.0, NIST AI RMF, and ISO/IEC 42001. * Conduct technical and business process risk assessments and document ...
Senior Information Security Analyst, GRC/Responsible AI
Irvine, CA · On-site
$124K - $206K/yr
Strengthen enterprise information security risk management aligned with ISO 27001, NIST CSF 2.0, NIST AI RMF, and ISO/IEC 42001. * Conduct technical and business process risk assessments and document ...
Strengthen enterprise information security risk management aligned with ISO 27001, NIST CSF 2.0, NIST AI RMF, and ISO/IEC 42001. * Conduct technical and business process risk assessments and document ...
Strengthen enterprise information security risk management aligned with ISO 27001, NIST CSF 2.0, NIST AI RMF, and ISO/IEC 42001. * Conduct technical and business process risk assessments and document ...
This role will report to the Security Risk Management and M&A Security Lead and sit within the Chief Information Security Officer (CISO) organization. In this role, you will: * Mature AI-assisted ...
Quick apply
Apply Early
This role will report to the Security Risk Management and M&A Security Lead and sit within the Chief Information Security Officer (CISO) organization. In this role, you will: * Mature AI-assisted ...
Apply Early
The Information Security Manager will serve as San Ysidro Health's expert on Cybersecurity ... Lead risk management activities to ensure risks are prioritized, updated and communicated in ...
The Information Security Manager will serve as San Ysidro Health's expert on Cybersecurity ... Lead risk management activities to ensure risks are prioritized, updated and communicated in ...
This role will report to the Security Risk Management and M&A Security Lead and sit within the Chief Information Security Officer (CISO) organization. In this role, you will: * Mature AI-assisted ...
Quick apply
Apply Early
This role will report to the Security Risk Management and M&A Security Lead and sit within the Chief Information Security Officer (CISO) organization. In this role, you will: * Mature AI-assisted ...
Apply Early
The Information Security Manager will serve as San Ysidro Health's expert on Cybersecurity ... Lead risk management activities to ensure risks are prioritized, updated and communicated in ...
The Information Security Manager will serve as San Ysidro Health's expert on Cybersecurity ... Lead risk management activities to ensure risks are prioritized, updated and communicated in ...
The Information Security Manager will serve as San Ysidro Health's expert on Cybersecurity ... Lead risk management activities to ensure risks are prioritized, updated and communicated in ...
The Information Security Manager will serve as San Ysidro Health's expert on Cybersecurity ... Lead risk management activities to ensure risks are prioritized, updated and communicated in ...
This comprehensive role involves a strategic and multifaceted approach to information security, data governance, risk management, and regulatory compliance, contributing significantly to the ...
This comprehensive role involves a strategic and multifaceted approach to information security, data governance, risk management, and regulatory compliance, contributing significantly to the ...
... Risk, Access Management Risk, Offensive Security Risk, Vulnerability Management Risk, AI ... Focus: Enterprise Technologyand Information SecurityRisk * Provide independentchallengeand ...
... Risk, Access Management Risk, Offensive Security Risk, Vulnerability Management Risk, AI ... Focus: Enterprise Technologyand Information SecurityRisk * Provide independentchallengeand ...
Information Security Analyst - Remote
San Diego, CA · On-site +1
$95K - $130K/yr
Advise on risk levels and security posture through a risk management framework. * Identify business processes requiring information security Integration. * Support the design and execution of ...
Information Security Analyst - Remote
San Diego, CA · On-site +1
$95K - $130K/yr
Advise on risk levels and security posture through a risk management framework. * Identify business processes requiring information security Integration. * Support the design and execution of ...
Information Security Risk Manager information
See California salary details
$61.7K - $74K
3% of jobs
$74K - $86.4K
5% of jobs
$86.4K - $98.7K
10% of jobs
$108.3K is the 25th percentile. Wages below this are outliers.
$98.7K - $111K
9% of jobs
$111K - $123.4K
13% of jobs
The median wage is $131.7K / yr.
$123.4K - $135.7K
15% of jobs
$135.7K - $148K
13% of jobs
$154.4K is the 75th percentile. Wages above this are outliers.
$148K - $160.4K
14% of jobs
$160.4K - $172.7K
12% of jobs
$172.7K - $185K
6% of jobs
$185K - $197.4K
0% of jobs
$61.7K
$134.3K
$197.4K
How much do information security risk manager jobs pay per year?

Full-time
Posted 25 days ago
Job description
Description Under general direction, the Information Security Officer is responsible for the leadership, oversight, and execution of the Court's information security, cybersecurity, privacy, and risk management programs. The Information Security Officer establishes and enforces security governance, policies, and controls to protect the confidentiality, integrity, and availability of Court information systems and data. This position provides strategic security leadership, oversees security operations and incident response, ensures regulatory and Judicial Council of California compliance, manages security risk across enterprise and Software-as-a-Service (SaaS) environments, and advises judicial officers and executive leadership on information security matters.
Examples of Duties Duties may include, but are not limited to the following: Provides enterprise-wide leadership for cybersecurity, information security, and privacy programs. Develops, implements, and maintains the Court's information security governance framework, including policies, standards, procedures, and controls. Establishes and oversees security programs covering network security, application security, cloud and SaaS security, endpoint protection, identity and access management, and data protection.
Develops and maintains the Court's short and long-term information security strategy and roadmap, aligned with Court objectives and enterprise architecture. Conducts and oversees security risk assessments, threat modeling, and vulnerability management across on-premises, cloud, and SaaS environments. Ensures security requirements and controls are embedded into system design, procurement, and enterprise architecture decisions.
Develops, manages, and monitors the information security budget; oversees procurement and lifecycle management of security tools, services, and SaaS solutions. Conducts vendor security due diligence, including risk assessments, contract security terms, and compliance reviews; ensures third-party vendors and service providers meet Court security, privacy, and data protection requirements. Oversees the Court's security incident response program, including detection, investigation, containment, remediation, and post-incident review.
Ensures compliance with Federal Bureau of Investigations (FBI) Criminal Justice Information Systems (CJIS) Security Policy, Internal Revenue Service (IRS) Publication 1075, Judicial Council of California policies, and applicable state and federal data protection requirements. Supports internal and external audits, assessments, and compliance reviews; tracks and remediates findings. Oversees disaster recovery, business continuity, and cyber resilience planning and testing.
Advises judicial officers, executive leadership, and management on security posture, risks, incidents, and mitigation strategies. Plans, prioritizes, schedules, assigns, and evaluates work of assigned personnel; assists with interviews and selection; trains and motivates staff; monitors and evaluates staff performance. Coordinates with statewide judicial branch security initiatives, external agencies, and partner courts.
Promotes a culture of security awareness, accountability, and compliance across the Court. Minimum Qualifications Education: Bachelor's Degree from an accredited college or university in Information Technology, Information Security, Computer Science, or a closely related field. -And- Experience: Five (5) years full-time experience in information security, information assurance, or a closely related field, including responsibility for security governance, compliance, risk management, or security architecture.
Substitution: Additional relevant full-time information security experience may be substituted for the Bachelor's Degree on a year-for-year basis. Certification: Relevant security certifications are highly desirable. Preferred certifications include: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified Chief Information Security Officer (CCISO), Certified in Risk and Information Systems Control (CRISC), International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC) 27001 Lead Auditor, or Computing Technology Industry Association (CompTIA) Security+.
CJIS training and cloud security certifications, including Amazon Web Security (AWS) Security, Azure Security Engineer, and Google Cloud Security, are also valued. Knowledge of: Information security governance, risk management, and compliance frameworks (National Institute of Standards and Technology (NIST) Cybersecurity Framework, NIST 800-53, ISO 27001, Center for Internet Security Critical Security Controls (CIS Controls); federal and state data security standards, particularly FBI CJIS Security Policy, IRS Publication 1075, and Judicial Council of California information security policies; security incident detection, response, and forensic processes; enterprise security architecture, including identity and access management, network security, endpoint protection, encryption, and logging/monitoring; cloud and SaaS security models, shared responsibility frameworks, and third-party risk management; vulnerability management, threat modeling, and risk assessment methodologies; security budget development, procurement processes, and vendor risk management in public sector environment; principles and practices of supervision, training, staff development and performance management; principles and practices of effective team building, team leadership and conflict resolution; design, installation and maintenance of enterprise, distributed systems to courts, state agencies or other hosted court community; networking functions from network hardware and software vendors and products, network security policies, techniques and procedures, network documentation, configuration, maintenance and diagnostic procedures and techniques; internet and intranet architecture; development of long and short-term strategic initiatives for the enterprise organization; principles and practices of technical problem solving; principles, processes and techniques of project management and related software; designing disaster recovery solutions, including planning, implementation and testing; principles, practices and techniques of providing customer service; change management principles and practices. Ability to: Plan, organize and supervise the work of information security and information technology staff; provide leadership and direction to a professional and technical group of staff; motivate, train, coach, evaluate and discipline staff; establish, monitor and control projects and schedules to meet goals and objectives; translate complex security risks into business impact for judicial officers, executive leadership and non-technical stakeholders; understand highly complex information technology systems and issues; identify and articulate security problems and recommend documented solutions; establish and maintain effective and cooperative working relationships with judicial officers, executive leadership, court staff, vendors, and external agencies; communicate effectively both orally and in writing; promote and maintain a team environment; understand the Court's strategic business objectives as they relate to information security.
Other Information Must be able to pass a criminal history background check. Possession of a valid California driver's license or the ability to utilize an alternative method of transportation when needed to carry out job-related essential functions.
About Sacramento Superior Court
Sourced by ZipRecruiter
Industry
Public safety administration
Company size
501 - 1,000 Employees
Headquarters location
Sacramento, CA, US
Year founded
1981