1

It Risk Manager Jobs in Colorado (NOW HIRING)

The Director partners closely with first-line control owners across security and technology, Portfolio Information Security Officers (PISOs), and key stakeholders in Enterprise Risk Management ...

NISSC 3 Risk Manager

Colorado Springs, CO · On-site

$116K - $194K/yr

Significant experience (senior level) in risk management for complex programs, preferably in DoD, cyber, or systems/IT environments. Demonstrated expertise in proactively identifying, assessing, and ...

NISSC 3 Risk Manager

Colorado Springs, CO · On-site

$116K - $194K/yr

Significant experience (senior level) in risk management for complex programs, preferably in DoD, cyber, or systems/IT environments. Demonstrated expertise in proactively identifying, assessing, and ...

Lead end-to-end risk-based IT operational audit engagements, including planning, fieldwork ... Manage, mentor, and develop IT audit team members, ensuring high-quality deliverables * Communicate ...

Understand the impact of key technology trends and workforce changes impacting our clients through ... Advanced proficiency in Microsoft Office (PowerPoint, Excel, Visio) Information for applicants with ...

Enterprise Risk Management Specialist

Denver, CO · On-site

$100K/yr

Experience of working with Enterprise Risk Management, Project Risk Management, IT Risk Management, Loss Prevention, Internal Audit, HAZOP or other risk management process is preferred. * Excellent ...

Enterprise Risk Management Specialist

Aurora, CO · On-site

$100K/yr

Experience of working with Enterprise Risk Management, Project Risk Management, IT Risk Management, Loss Prevention, Internal Audit, HAZOP or other risk management process is preferred. * Excellent ...

next page

Showing results 1-20

It Risk Manager information

See Colorado salary details

$54.2K

$117.3K

$178.8K

How much do it risk manager jobs pay per year?

As of Jul 9, 2026, the average yearly pay for it risk manager in Colorado is $117,303.00, according to ZipRecruiter salary data. Most workers in this role earn between $94,600.00 and $135,600.00 per year, depending on experience, location, and employer.

What are some common challenges faced by IT Risk Managers when implementing risk mitigation strategies across different departments?

IT Risk Managers often encounter challenges such as varying levels of risk awareness among departments, resistance to new controls or procedures, and balancing business objectives with security requirements. Successful risk mitigation requires clear communication, stakeholder buy-in, and tailored training to ensure all teams understand the importance of compliance. Building strong relationships and fostering a culture of shared responsibility are key to overcoming these hurdles and ensuring effective risk management across the organization.

What are the key skills and qualifications needed to thrive as an IT Risk Manager, and why are they important?

To thrive as an IT Risk Manager, you need a solid understanding of risk assessment, information security, and compliance frameworks, often backed by a bachelor's degree in information technology or related fields. Familiarity with tools such as risk management software, GRC platforms, and certifications like CISSP, CISM, or CRISC is typically required. Strong analytical thinking, communication skills, and the ability to influence stakeholders are crucial soft skills in this role. These skills ensure effective identification, mitigation, and communication of IT risks, supporting organizational resilience and compliance.

What is the highest salary for a risk manager?

The highest salary for an IT Risk Manager can exceed $150,000 annually, especially for those with extensive experience, advanced certifications like CRISC or CISSP, and working in large organizations or financial institutions. Senior risk managers or those in managerial or executive roles may earn even higher compensation, including bonuses and benefits.

What does an IT Risk Manager do?

An IT Risk Manager is responsible for identifying, assessing, and mitigating risks that could impact an organization's information technology systems and data. They develop and implement risk management strategies, policies, and procedures to protect against cybersecurity threats, data breaches, and compliance violations. IT Risk Managers also work closely with other departments to ensure security best practices are followed and often lead risk assessments, audits, and incident response planning.

Is risk a good career?

A career as an IT Risk Manager is considered stable and in demand, as organizations prioritize cybersecurity and risk mitigation. The role requires strong analytical skills, knowledge of security frameworks, and often certifications like CISSP or CRISC. It offers opportunities for advancement and specialization in a growing field.

What is the difference between It Risk Manager vs Cybersecurity Analyst?

AspectIt Risk ManagerCybersecurity Analyst
CertificationsCRISC, CISSP, CISMCISSP, Security+, CEH
Work EnvironmentOversees risk management strategies across IT systemsMonitors and responds to security threats and incidents
Industry UsageUsed in organizations with complex IT infrastructuresCommon in security-focused roles across industries

The It Risk Manager focuses on identifying and managing IT risks at an organizational level, ensuring compliance and risk mitigation strategies. In contrast, a Cybersecurity Analyst primarily monitors security threats and responds to incidents. While both roles require similar certifications and work within the IT security domain, the It Risk Manager has a broader scope related to risk management policies, whereas the Cybersecurity Analyst concentrates on threat detection and response.

How much does a risk manager get paid?

A risk manager's average salary varies by experience and location but typically ranges from $80,000 to $150,000 annually. Senior risk managers or those with specialized certifications like FRM or CRM can earn higher salaries, especially in large organizations or financial sectors.

What is the role of IT risk manager?

An IT risk manager is responsible for identifying, assessing, and mitigating information technology risks within an organization. They develop security policies, implement controls, and ensure compliance with industry standards to protect digital assets and infrastructure. Strong knowledge of cybersecurity, risk management frameworks, and relevant certifications like CISSP or CISM are often required.
What are popular job titles related to It Risk Manager jobs in Colorado? For It Risk Manager jobs in Colorado, the most frequently searched job titles are:
What cities in Colorado are hiring for It Risk Manager jobs? Cities in Colorado with the most It Risk Manager job openings:
Infographic showing various It Risk Manager job openings in Colorado as of July 2026, with employment types broken down into 1% As Needed, 76% Full Time, 19% Part Time, and 4% Contract. Highlights an 93% Physical, 1% Hybrid, and 6% Remote job distribution, with an average salary of $117,303 per year, or $56.4 per hour.
Director, Cyber Risk

Other

Posted 10 days ago


Asurion rating

7.2

Company rating: 7.2 out of 10

Based on 84 frontline employees who took The Breakroom Quiz

120th of 208 rated it services


Job description

Position Overview

The Director, Cyber Risk leads Asurion's cyber and technology risk management discipline and is accountable for a consistent, outcome-driven program the business can rely on for decision-making. This strategic, cross-functional leader owns the end-to-end cyber risk lifecycle-identification, assessment, quantification, treatment, acceptance, monitoring, and reporting-along with the cyber risk register, risk appetite and tolerance framework, control assurance, and issues management. The Director partners closely with first-line control owners across security and technology, Portfolio Information Security Officers (PISOs), and key stakeholders in Enterprise Risk Management, Internal Audit, Legal, and Privacy. This role sets the standard for sound risk judgment, develops a high-performing team, and translates complex cyber risk into clear, defensible narratives for senior leadership and the board. This is a salaried, leadership role with enterprise impact, guiding a multi-year maturity uplift from ad hoc practices to scalable, evidence-based risk management.

Key Responsibilities
  • Own and continuously improve the cyber and technology risk management framework, methodology, taxonomy, and lifecycle aligned to NIST CSF 2.0, ISO 27001/27005, and applicable regulatory obligations.
  • Define standards, procedures, and rating scales for consistent enterprise-wide risk identification, assessment, and reporting; partner with the PISO model to ensure common language and practices across portfolios.
  • Lead enterprise cyber risk assessments across technology, business, regulatory, and emerging-risk domains to produce consistent, defensible determinations.
  • Establish and operate a cyber risk quantification capability (e.g., FAIR-based) to express risk in business and financial terms and inform prioritization and investment decisions.
  • Maintain the enterprise cyber risk register; ensure risks are well-described, owned, rated, and tracked to acceptable residual levels; develop and manage KRI/KCI programs for forward-looking posture.
  • Operationalize the risk appetite and tolerance framework with the CISO and senior leadership; own risk acceptance and exception governance with clear, auditable documentation and time-bound approvals.
  • Govern cyber risk policy structure, ownership, review cadence, and exception handling; chair or support cyber risk forums and escalate decisions to appropriate authority levels.
  • Lead second-line, risk-based assurance over design and operating effectiveness of key cyber controls in coordination with first-line and Internal Audit; identify thematic weaknesses and drive structural remediation.
  • Own issues and remediation management-intake, prioritization, owner assignment, tracking to closure, and escalation of aging items.
  • Define and report outcome-focused metrics (e.g., residual risk trends, out-of-appetite reduction, early-versus-late finding ratios, incidents tied to accepted risk) in executive- and board-ready formats.
  • Serve as primary point of contact for cyber risk in regulatory exams, audits, and carrier-partner due diligence.
  • Integrate cyber risk into Enterprise Risk Management to ensure consistency in enterprise risk reporting and governance; partner with Legal, Privacy, Procurement, and technology leaders to embed risk-informed decisions.
  • Oversee vendor/third-party risk within the cyber risk portfolio to ensure supply-chain risk is governed in line with enterprise practices.
  • Build, lead, and develop a team of senior managers and analysts; set objectives, manage performance, and scale capacity through process improvement, tooling, and appropriate AI-assisted workflows.
Education and Experience
  • Bachelor's degree in a related field or equivalent professional experience.
  • 10+ years in cybersecurity, IT/technology risk, or GRC, including 5+ years leading managers or multiple teams/domains.
  • Proven experience designing, leading, or substantially maturing an end-to-end enterprise cyber/IT risk management program.
  • Deep knowledge of NIST CSF 2.0, ISO 27001/27005, relevant regulatory regimes, and the three-lines-of-defense model.
  • Experience operating a risk register, risk appetite/tolerance framework, and risk acceptance/exception governance.
  • Hands-on experience with GRC/IRM platforms (e.g., ServiceNow IRM, Archer, OneTrust, or comparable).
  • Excellent executive communication skills with a track record of briefing senior leadership and boards.
  • Strong cross-functional influence partnering across security, technology, legal, privacy, and business teams.
  • Preferred: CRISC, CISSP, CISM, or CISA; FAIR-based quantification experience; background in regulated or consumer-facing environments; experience with ERM integration and executive/board risk committees; Master's degree in a related field.
Knowledge, Skills, and Abilities
  • Strategic risk leadership with the ability to connect cyber risk to business outcomes and investment decisions.
  • Sound, defensible judgment under uncertainty; skilled in risk trade-offs and acceptance decisions.
  • Expertise in risk quantification, KRI/KCI design, and outcome-based program metrics.
  • Strong governance and policy acumen, including appetite/tolerance, exceptions, and escalation pathways.
  • Proficiency in second-line control assurance and issues management, driving thematic remediation.
  • Exceptional written and verbal communication; translates complex risk into clear, actionable narratives for executives and the board.
  • Team leadership and talent development; builds high-performance teams and next-level leaders.
  • Change agent mindset with process improvement, tooling, and automation competencies, including appropriate use of AI-assisted workflows.
  • Collaboration and influence across ERM, Internal Audit, Legal, Privacy, Procurement, and technology organizations.
Travel Requirements

N/A

Physical Demands
  • Stationary Position: Frequently
  • Vision: 20/20 corrected vision
  • Hearing: Receive detailed information if spoken to

What Asurion employees say

Pay

Benefits

Hours and flexibility

Workplace

Get the full story on Breakroom