Information Security Risk Manager Jobs in Virginia

Sr. Manager, Information Technology and Information Security Risk
Hybrid Work Schedule- 3 days onsite in Reston, VA

SUMMARY OF POSITION:

The Information Technology and Information Security Risk (IT/IS) Sr. Manager plays a critical enterprise-wide role in overseeing cybersecurity, technology, data, AI and information security risk governance. This role partners with the Chief Risk Officer (CRO) and the Enterprise Risk Management team in identifying, assessing, and monitoring the organization’s technology and cybersecurity risk profile to ensure alignment with the our client’s strategic objectives, risk appetite, and regulatory expectations.
This role has broad ownership and visibility across the enterprise and serves as a key second-line risk partner to senior leadership, business lines, IT, Information Security, Compliance, and third-party vendors. The Senior Manager will help ensure adherence to regulatory expectations from agencies such as FHFA, FFIEC, OCC, FDIC, SEC, and FINRA. This person will partner with business lines, IT, and compliance teams to maintain a strong security posture and reduce exposure across critical financial systems and third-party relationships, strengthening the organization’s overall cyber resilience and operational risk management framework.

Core Responsibilities

• Evaluate and provide independent challenge regarding the alignments of the organization’s IT and IS strategy with enterprise business objectives, risk appetite, and regulatory expectations.
• Review and assess the adequacy of information technology and security risk assessments across applications, infrastructure, and business processes.
• Partner with IT project teams to influence decisions related to technology architecture, cybersecurity controls, system implementations, and operational risk mitigation strategies
• Evaluate new and existing systems, platforms, and SAAS integrations for cybersecurity risks and regulatory compliance impacts.
• Conduct third party and vendor security risk assessments, including review of SOC 1/SOC 2 reports, SIG questionnaires, penetration testing results, and remediation plans to ensure vendor information security practices align with OF expectations.
• Provide effective second-line oversight and credible challenge related to cybersecurity incidents, operational disruptions, and emerging technology risks, including analysis of potential impacts to customer data, financial systems, and regulatory obligations.

• Collaborate with business units and technology teams to identify, document, and monitor risks, ensuring remediation activities meet regulatory timelines and internal risk appetite.
• Oversee the implementation of information technology and security risk management policies and the Cyber-Security Incident Response Plan
• Conduct cyber security awareness training and education through periodic email phishing tests, in-person and computer-based training, presentations to employees, and security related tabletop exercises.
• Monitor the status of remediation for IT and IS related issues and ensure that the remediation documentation is complete and adequate.
• Monitor cybersecurity and financial sector threat intelligence; communicate emerging risks to leadership.
• Oversee IT and IS key risk indicators (KRIs) and maintain clear and accurate dashboards and reporting metrics for senior management, risk committees, and regulators

• Ability to analyze complex technical environments and communicate risk in business-focused terms.
• Strong knowledge of information security frameworks including NIST CSF, NIST 800‑53, ISO 27001, CIS Controls.
• Effective communication skills for interacting with auditors, examiners, and senior management.

PREFERRED SKILLS AND EXPERIENCE:

• Bachelor’s degree in Information Security, Cybersecurity, Risk Management, or related fields (or equivalent work experience) preferred.
• 8–10 years of relevant experience in information security or risk management roles with experience in financial services, banking, payments, fintech, or related regulatory environments preferred.
• Experience with data analytics and visualization tools (e.g., Power BI, Tableau, or Python).
• Experience working in a regulated financial services or technology environment.
• CRISC, CISSP, CISM, Security+ or CGEIT or similar certifications