1

It Risk Manager Jobs in California (NOW HIRING)

About the Team The IT Risk & Controls function sits within the Finance Risk Management (FRM) team and plays a critical role in designing secure, compliant, and scalable systems that support our ...

New

SRCO is a management-led function purpose-built to deliver a modern, sustainable, and risk-focused ... We are seeking an IT SOX Lead Risk Advisor who thrives at the intersection of risk management ...

SRCO is a management-led function purpose-built to deliver a modern, sustainable, and risk-focused ... We are seeking an IT SOX Lead Risk Advisor who thrives at the intersection of risk management ...

SRCO is a management-led function purpose-built to deliver a modern, sustainable, and risk-focused ... We are seeking an IT SOX Lead Risk Advisor who thrives at the intersection of risk management ...

SRCO is a management-led function purpose-built to deliver a modern, sustainable, and risk-focused ... We are seeking an IT SOX Lead Risk Advisor who thrives at the intersection of risk management ...

Lead, IT SOX Risk Advisory

San Diego, CA · On-site

$175K - $237K/yr

SRCO is a management-led function purpose-built to deliver a modern, sustainable, and risk-focused ... We are seeking an IT SOX Lead Risk Advisor who thrives at the intersection of risk management ...

Oversee IT risk assessment and scoping process to ensure alignment with financial reporting risks ... Adhere to the Company's Quality Management System (QMS) as well as domestic and global quality ...

Specific Duties and Responsibilities • Responsible for strategic leadership, oversight, and day-to-day management of the IT SOX compliance program. * • Oversee IT risk assessment and scoping ...

next page

Showing results 1-20

It Risk Manager information

See California salary details

$50.8K

$110.1K

$167.8K

How much do it risk manager jobs pay per year?

As of Jul 13, 2026, the average yearly pay for it risk manager in California is $110,095.00, according to ZipRecruiter salary data. Most workers in this role earn between $88,800.00 and $127,300.00 per year, depending on experience, location, and employer.

What are some common challenges faced by IT Risk Managers when implementing risk mitigation strategies across different departments?

IT Risk Managers often encounter challenges such as varying levels of risk awareness among departments, resistance to new controls or procedures, and balancing business objectives with security requirements. Successful risk mitigation requires clear communication, stakeholder buy-in, and tailored training to ensure all teams understand the importance of compliance. Building strong relationships and fostering a culture of shared responsibility are key to overcoming these hurdles and ensuring effective risk management across the organization.

What are the key skills and qualifications needed to thrive as an IT Risk Manager, and why are they important?

To thrive as an IT Risk Manager, you need a solid understanding of risk assessment, information security, and compliance frameworks, often backed by a bachelor's degree in information technology or related fields. Familiarity with tools such as risk management software, GRC platforms, and certifications like CISSP, CISM, or CRISC is typically required. Strong analytical thinking, communication skills, and the ability to influence stakeholders are crucial soft skills in this role. These skills ensure effective identification, mitigation, and communication of IT risks, supporting organizational resilience and compliance.

What is the highest salary for a risk manager?

The highest salary for an IT Risk Manager can exceed $150,000 annually, especially for those with extensive experience, advanced certifications like CRISC or CISSP, and working in large organizations or financial institutions. Senior risk managers or those in managerial or executive roles may earn even higher compensation, including bonuses and benefits.

What does an IT Risk Manager do?

An IT Risk Manager is responsible for identifying, assessing, and mitigating risks that could impact an organization's information technology systems and data. They develop and implement risk management strategies, policies, and procedures to protect against cybersecurity threats, data breaches, and compliance violations. IT Risk Managers also work closely with other departments to ensure security best practices are followed and often lead risk assessments, audits, and incident response planning.

Is risk a good career?

A career as an IT Risk Manager is considered stable and in demand, as organizations prioritize cybersecurity and risk mitigation. The role requires strong analytical skills, knowledge of security frameworks, and often certifications like CISSP or CRISC. It offers opportunities for advancement and specialization in a growing field.

What is the difference between It Risk Manager vs Cybersecurity Analyst?

AspectIt Risk ManagerCybersecurity Analyst
CertificationsCRISC, CISSP, CISMCISSP, Security+, CEH
Work EnvironmentOversees risk management strategies across IT systemsMonitors and responds to security threats and incidents
Industry UsageUsed in organizations with complex IT infrastructuresCommon in security-focused roles across industries

The It Risk Manager focuses on identifying and managing IT risks at an organizational level, ensuring compliance and risk mitigation strategies. In contrast, a Cybersecurity Analyst primarily monitors security threats and responds to incidents. While both roles require similar certifications and work within the IT security domain, the It Risk Manager has a broader scope related to risk management policies, whereas the Cybersecurity Analyst concentrates on threat detection and response.

How much does a risk manager get paid?

A risk manager's average salary varies by experience and location but typically ranges from $80,000 to $150,000 annually. Senior risk managers or those with specialized certifications like FRM or CRM can earn higher salaries, especially in large organizations or financial sectors.

What is the role of IT risk manager?

An IT risk manager is responsible for identifying, assessing, and mitigating information technology risks within an organization. They develop security policies, implement controls, and ensure compliance with industry standards to protect digital assets and infrastructure. Strong knowledge of cybersecurity, risk management frameworks, and relevant certifications like CISSP or CISM are often required.
What cities in California are hiring for It Risk Manager jobs? Cities in California with the most It Risk Manager job openings:
Manager, IT Risk and Controls

Manager, IT Risk and Controls

OpenAI

San Francisco, CA • On-site

$162K - $180K/yr

Full-time

Posted 5 days ago

New


Job description

About the Team
The IT Risk & Controls function sits within the Finance Risk Management (FRM) team and plays a critical role in designing secure, compliant, and scalable systems that support our mission.
Our team is responsible for implementing and governing IT General Controls (ITGC) and automated application controls (ITAC) that underpin the integrity of financial reporting. Our work spans access and change management, segregation of duties, system configuration, and integration oversight. We partner closely with Engineering, Security, and Compliance to ensure financial systems are compliant, resilient, and automation-ready.
FRM, as the broader function, leads OpenAI's financial risk posture-spanning governance over internal controls, third-party risk, audit readiness, and financial systems oversight. Together, we provide the foundation of trust that enables OpenAI to operate at global scale.
About the Role
We're seeking an experienced, execution-focused Manager to help build a world-class IT controls environment supporting finance-critical systems. In this role, you'll lead the design, assessment, and readiness of controls, evaluate risk across systems and integrations, and ensure that our control environment is rigorous, scalable, and aligned with business growth. You'll work closely with Engineering, Security, and Finance teams to embed proactive, technology-driven control solutions into our operations.
What you'll do:
  • Own IT SOX readiness for finance and HR-related systems, and other systems impacting financial reporting.
  • Design and improve controls across end-to-end, system-driven processes such as revenue workflows, financial close, payroll, equity administration, procurement intake/approvals, and HR/Finance integrations.
  • Partner closely with Finance, Accounting, HR, Engineering, Security, and system owners to make sure system logic, automations, integrations, roles, workflows, and configurations support accurate and reliable financial reporting.
  • Evaluate Oracle Fusion access, role design, segregation of duties, privileged access, provisioning/deprovisioning, quarterly access reviews, audit logging, and key finance configurations.
  • Assess Oracle Fusion change and configuration governance, including setup changes, approval workflows, flexfields, scheduled jobs, integrations, custom reports, and release/update impacts..
  • Support audit readiness end-to-end: walkthroughs, documentation, evidence standards, PBC coordination, and auditor Q&A.
  • Drive smarter ways of working by improving control automation, standardization, and continuous monitoring across Oracle Fusion and connected finance, HR, and procurement systems.
  • Act as the day-to-day point of contact for external auditors on IT risk, ITGCs, automated controls

What we're looking for:
  • Bachelor's or Master's degree in Accounting, Finance, Business Administration, Information Systems, or a related field, or equivalent experience.
  • 5+ years of experience in IT audit, SOX, internal controls, or risk management, with hands-on exposure to financial reporting systems.
  • Strong hands-on Oracle Fusion Cloud ERP experience, especially in an ITGC, SOX, IT audit, or controls capacity.
  • Experience designing and testing ITGCs for Oracle Fusion, including user access, role provisioning, privileged access, segregation of duties, change/configuration management, job monitoring, and availability controls.
  • Experience with Oracle Fusion Financials controls across areas such as general ledger, procure-to-pay accounting impacts, order-to-cash/revenue, financial close, reporting, integrations, and key configurations.
  • Familiarity with Workday controls related to HR master data, payroll inputs/outputs, role-based access, integrations, and downstream finance impacts.
  • Familiarity with Zip or similar procurement intake/workflow platforms, including approval workflows, access controls, vendor/request data, and integrations with ERP or finance systems.
  • Strong experience designing and testing automated and application controls across modern cloud-based ERP and third-party finance platforms.
  • Understanding of Oracle Fusion security concepts, including roles, privileges, data access, Security Console, audit reports/logs, and access review evidence.
  • Practical experience reviewing SOC 1 reports, understanding control coverage, identifying gaps/CUECs, and advising teams on how to operationalize SOC reliance.
  • Solid understanding of downstream finance processes, including financial close, payroll, equity administration, procurement, and system-driven accounting workflows.
  • Comfortable operating in a startup or high-growth environment, able to balance speed, risk, and control maturity.
  • Clear communicator who can translate Oracle, audit, and risk concepts into actionable guidance for non-audit partners.
  • Strong organizational and project management skills, with the ability to juggle multiple initiatives and stakeholders.

Nice to have:
  • Background in Big 4 IT audit, SOX advisory, or internal audit.
  • Certifications such as CISA, CPA, CIA, or Oracle Cloud certifications.
  • Experience with Oracle Risk Management Cloud, Oracle Advanced Controls, or similar access/SOD monitoring tools.
  • Experience with Oracle Fusion integrations, OTBI, BI Publisher, FBDI, APIs, OIC, or other reporting/integration mechanisms used for audit evidence.
  • Experience building scalable evidence standards, including IPE completeness and accuracy for Oracle Fusion, Workday, Zip, and other key reports.
  • Exposure to control automation or continuous monitoring initiatives across Oracle Fusion and connected finance, HR, and procurement systems.

Workplace & Location
This is a full-time position based in our San Francisco headquarters. We operate in a hybrid work model, combining in-office collaboration with flexibility for remote work, depending on business needs and team schedules.
About OpenAI
OpenAI is an AI research and deployment company dedicated to ensuring that general-purpose artificial intelligence benefits all of humanity. We push the boundaries of the capabilities of AI systems and seek to safely deploy them to the world through our products. AI is an extremely powerful tool that must be created with safety and human needs at its core, and to achieve our mission, we must encompass and value the many different perspectives, voices, and experiences that form the full spectrum of humanity.
We are an equal opportunity employer, and we do not discriminate on the basis of race, religion, color, national origin, sex, sexual orientation, age, veteran status, disability, genetic information, or other applicable legally protected characteristic.
For additional information, please see OpenAI's Affirmative Action and Equal Employment Opportunity Policy Statement.
Background checks for applicants will be administered in accordance with applicable law, and qualified applicants with arrest or conviction records will be considered for employment consistent with those laws, including the San Francisco Fair Chance Ordinance, the Los Angeles County Fair Chance Ordinance for Employers, and the California Fair Chance Act, for US-based candidates. For unincorporated Los Angeles County workers: we reasonably believe that criminal history may have a direct, adverse and negative relationship with the following job duties, potentially resulting in the withdrawal of a conditional offer of employment: protect computer hardware entrusted to you from theft, loss or damage; return all computer hardware in your possession (including the data contained therein) upon termination of employment or end of assignment; and maintain the confidentiality of proprietary, confidential, and non-public information. In addition, job duties require access to secure and protected information technology systems and related data security obligations.
To notify OpenAI that you believe this job posting is non-compliant, please submit a report through this form. No response will be provided to inquiries unrelated to job posting compliance.
We are committed to providing reasonable accommodations to applicants with disabilities, and requests can be made via this link.
OpenAI Global Applicant Privacy Policy
At OpenAI, we believe artificial intelligence has the potential to help people solve immense global challenges, and we want the upside of AI to be widely shared. Join us in shaping the future of technology.