1

It Risk Manager Jobs in Washington, DC (NOW HIRING)

The IT Risk and Controls Managing Consultant will support stakeholder engagement and technical delivery for efforts supporting a Department of Homeland Security (DHS) client with IT controls audit ...

IT Audit - Staff

Alexandria, VA · On-site

$65K - $80K/yr

IT Audit Staff Location: Alexandria, VA (on-site) Level: Staff Clearance: Secret *Candidates must ... Conduct research related to IT control frameworks, risk management standards, and security ...

Maintain all cybersecurity, IT Risk and Compliance, cyber insurance and other key documents (SSAE ... Managers and frontline supervisors are accountable for creating and maintaining a culture of Safety ...

New

You will lead audit and exam requests for the Risk Tech and Product teams by partnering with ... Please note that this salary information is solely for candidates hired to perform work within one ...

You will lead audit and exam requests for the Risk Tech and Product teams by partnering with ... Please note that this salary information is solely for candidates hired to perform work within one ...

IT Advisory Manager

Chantilly, VA · On-site

$97K - $119K/yr

Job Family: IT Risk & Controls Consulting Travel Required: Up to 10% Clearance Required: Active Top Secret SCI with Polygraph What You Will Do: The IT Advisory Manager will lead stakeholder ...

IT Advisory Manager

Mclean, VA · On-site

$96K - $117K/yr

Job Family: IT Risk & Controls Consulting Travel Required: Up to 10% Clearance Required: Active Top Secret SCI with Polygraph What You Will Do: The IT Advisory Manager will lead stakeholder ...

IT Advisory Manager

Chantilly, VA · On-site

$97K - $119K/yr

Job Family: IT Risk & Controls Consulting Travel Required: Up to 10% Clearance Required: Active Top Secret SCI with Polygraph What You Will Do: The IT Advisory Manager will lead stakeholder ...

next page

Showing results 1-20

It Risk Manager information

See Washington, DC salary details

$58.2K

$126K

$192K

How much do it risk manager jobs pay per year?

As of Jul 6, 2026, the average yearly pay for it risk manager in Washington, DC is $125,970.00, according to ZipRecruiter salary data. Most workers in this role earn between $101,600.00 and $145,700.00 per year, depending on experience, location, and employer.

What are some common challenges faced by IT Risk Managers when implementing risk mitigation strategies across different departments?

IT Risk Managers often encounter challenges such as varying levels of risk awareness among departments, resistance to new controls or procedures, and balancing business objectives with security requirements. Successful risk mitigation requires clear communication, stakeholder buy-in, and tailored training to ensure all teams understand the importance of compliance. Building strong relationships and fostering a culture of shared responsibility are key to overcoming these hurdles and ensuring effective risk management across the organization.

What are the key skills and qualifications needed to thrive as an IT Risk Manager, and why are they important?

To thrive as an IT Risk Manager, you need a solid understanding of risk assessment, information security, and compliance frameworks, often backed by a bachelor's degree in information technology or related fields. Familiarity with tools such as risk management software, GRC platforms, and certifications like CISSP, CISM, or CRISC is typically required. Strong analytical thinking, communication skills, and the ability to influence stakeholders are crucial soft skills in this role. These skills ensure effective identification, mitigation, and communication of IT risks, supporting organizational resilience and compliance.

What is the highest salary for a risk manager?

The highest salary for an IT Risk Manager can exceed $150,000 annually, especially for those with extensive experience, advanced certifications like CRISC or CISSP, and working in large organizations or financial institutions. Senior risk managers or those in managerial or executive roles may earn even higher compensation, including bonuses and benefits.

What does an IT Risk Manager do?

An IT Risk Manager is responsible for identifying, assessing, and mitigating risks that could impact an organization's information technology systems and data. They develop and implement risk management strategies, policies, and procedures to protect against cybersecurity threats, data breaches, and compliance violations. IT Risk Managers also work closely with other departments to ensure security best practices are followed and often lead risk assessments, audits, and incident response planning.

Is risk a good career?

A career as an IT Risk Manager is considered stable and in demand, as organizations prioritize cybersecurity and risk mitigation. The role requires strong analytical skills, knowledge of security frameworks, and often certifications like CISSP or CRISC. It offers opportunities for advancement and specialization in a growing field.

What is the difference between It Risk Manager vs Cybersecurity Analyst?

AspectIt Risk ManagerCybersecurity Analyst
CertificationsCRISC, CISSP, CISMCISSP, Security+, CEH
Work EnvironmentOversees risk management strategies across IT systemsMonitors and responds to security threats and incidents
Industry UsageUsed in organizations with complex IT infrastructuresCommon in security-focused roles across industries

The It Risk Manager focuses on identifying and managing IT risks at an organizational level, ensuring compliance and risk mitigation strategies. In contrast, a Cybersecurity Analyst primarily monitors security threats and responds to incidents. While both roles require similar certifications and work within the IT security domain, the It Risk Manager has a broader scope related to risk management policies, whereas the Cybersecurity Analyst concentrates on threat detection and response.

How much does a risk manager get paid?

A risk manager's average salary varies by experience and location but typically ranges from $80,000 to $150,000 annually. Senior risk managers or those with specialized certifications like FRM or CRM can earn higher salaries, especially in large organizations or financial sectors.

What is the role of IT risk manager?

An IT risk manager is responsible for identifying, assessing, and mitigating information technology risks within an organization. They develop security policies, implement controls, and ensure compliance with industry standards to protect digital assets and infrastructure. Strong knowledge of cybersecurity, risk management frameworks, and relevant certifications like CISSP or CISM are often required.
What are popular job titles related to It Risk Manager jobs in Washington, DC? For It Risk Manager jobs in Washington, DC, the most frequently searched job titles are:
Infographic showing various It Risk Manager job openings in Washington, DC as of June 2026, with employment types broken down into 84% Full Time, 11% Part Time, and 5% Contract. Highlights an 95% Physical, 1% Hybrid, and 4% Remote job distribution, with an average salary of $125,970 per year, or $60.6 per hour.
Principal IT Risk Management Analyst

Principal IT Risk Management Analyst

Strategic Education, Inc.

Herndon, VA • On-site, Remote

Full-time

Medical, Dental, Vision, Life, Retirement, PTO

Posted 12 days ago


Strategic Education rating

8.8

Company rating: 8.8 out of 10

Based on 11 frontline employees who took The Breakroom Quiz

10th of 198 rated education and training


Job description

At Strategic Education Inc., our mission is to enable economic mobility through education. Through our portfolio of institutions and learning solutions, we serve working adult learners by improving affordability, engagement, and workforce readiness. This mission guides our approach to technology, cybersecurity, and risk management.
The Principal IT Risk Management Analyst is a senior leader responsible for advancing the organization's IT risk management program. This is not a compliance or audit role. The successful candidate will have deep experience identifying, assessing, quantifying, and managing technology risk, along with the technical understanding needed to evaluate security controls, identify technology risks, and engage effectively with cybersecurity, engineering, and architecture teams. While the role does not require designing technical solutions or interpreting detailed system configurations, it does require the ability to understand how technology decisions, vulnerabilities, and control weaknesses translate into organizational risk and business impact.
This role drives strategy, leads complex technology risk assessments, and partners across the enterprise to ensure technology risks are effectively identified, measured, managed, and communicated in alignment with organizational risk appetite and tolerance. Success in this role requires the ability to translate technical risk into meaningful business context for executive leadershi
Essential Duties & Responsibilities
Strategic Leadership
  • Lead and evolve the IT security risk management program in alignment with organizational goals, risk appetite, and risk tolerance

  • Partner with executive leadership to shape risk strategy and drive enterprise-wide adoption

  • Serve as a key advisor on risk posture, translating technical findings into strategic business decisions

Risk Assessment & Analysis
  • Identify, assess, and quantify technology risks by evaluating cybersecurity threats, operational vulnerabilities, and emerging technology risks using qualitative and quantitative methodologies

  • Conduct risk assessments using established frameworks, including NIST CSF and CIS Controls v8

  • Translate technical findings into clear, actionable business risk and support risk-based decision making

  • Manage and maintain the enterprise IT risk register, including risk ownership, scoring, and lifecycle tracking

Risk Mitigation & Governance
  • Design and implement IT security risk mitigation strategies and controls aligned with industry standards

  • Lead the risk exception management process, including evaluation, documentation, and risk acceptance decisions

  • Provide risk-informed guidance for complex technology initiatives, including emerging areas such as artificial intelligence and machine learning

  • Integrate IT security risk management practices into business and technology processes

  • Support the development and lifecycle management of information security policies and standards

Risk Reporting & Insights
  • Define and evolve risk metrics, key risk indicators (KRIs), and risk appetite thresholds

  • Develop dashboards and reporting that translate risk data into actionable insights for executive and board-level audiences

  • Communicate complex risk concepts clearly to both technical and non-technical stakeholders

Program Enablement & Continuous Improvement
  • Drive adoption of IT security risk platforms and workflow automation to improve efficiency and scalability

  • Identify and implement automation opportunities across risk management workflows

  • Continuously enhance risk methodologies, tools, and processes

  • Stay current on the evolving threat landscape, emerging technologies, and industry practices

Mentorship & Development
  • Mentor and guide junior team members in direct or matrixed reporting relationships

  • Lead or own workstreams while providing direction and support to junior analysts

Qualifications
Skills & Expertise
  • Strong leadership, analytical, and problem-solving skills with a risk-first mindset

  • Demonstrated team leadership through mentoring, coaching, or leading analysts

  • Ability to own workstreams and guide junior staff in a matrixed environment

  • Strong technical depth to identify risks, evaluate control effectiveness, and translate vulnerability and technical data into business risk

  • Deep knowledge of NIST CSF, CIS Controls v8, and related frameworks

  • Proven ability to build and manage an enterprise IT risk register and exception management program

  • Experience building and evolving risk metrics, KRIs, dashboards, and executive reporting

  • Hands-on experience with GRC platforms and workflow automation tools (e.g., Archer, ServiceNow GRC, OneTrust, Jira, Rapid7 Nexpose) and the ability to automate processes

  • Understanding of AI/ML risk domains, including model risk, data integrity, bias, and adversarial threats, with the ability to recommend controls

  • Experience drafting, reviewing, and improving information security policies and standards

  • Ability to communicate technical concepts and residual risk clearly to non-technical stakeholders

Work Experience
  • 5+ years of IT risk management experience, with a focus on risk assessment, quantification, and risk register ownership (not primarily compliance or audit)

  • 3+ years mentoring or leading team members

  • Demonstrated experience mentoring analysts while owning and delivering discrete risk workstreams or program components

  • Experience conducting risk assessments aligned to NIST CSF, CIS Controls v8, or similar frameworks

  • Experience managing an IT risk register, risk exception processes, and residual risk documentation

  • Experience developing risk metrics, dashboards, and executive reporting

  • Experience with GRC platforms and workflow automation in a risk context

  • Experience managing risks related to emerging technologies, including artificial intelligence

Education & Certifications
  • Bachelor's degree in a relevant discipline required; Master's degree preferred

Preferred certifications:
  • CRISC (ISACA)

  • CISSP (ISC²)

  • CISM (ISACA)

  • CompTIA Security+

  • CompTIA CySA+

  • CompTIA CASP+

  • CGEIT (ISACA)

Other:
  • Must be able to travel occasionally should a business need arise. For most roles travel would not be common. Travel may involve plane, car or metro. In accordance with ADA policies, reasonable accommodations regarding travel limitations can be provided. Travel will be more common for roles such as Account Executives (25 - 50%), senior leaders (10 - 20%) or Capella Core Faculty (5 - 10%).
  • Ability to work onsite in Corporate or Campus location (in a typical office environment) may be required based on role. If so, this would include being mobile within the office, including movement from floor-to-floor using elevators or stairs.
  • If offsite or hybrid role, must have access to work in setting which enables meeting all requirements of the role (including privacy, reliable internet access, phone, ability to video conference, etc.) at a remote location.
  • This role may require lifting, however reasonable accommodations will be provided in accordance with our ADA policies.
  • Must be able to meet critical thinking and problem solving aspects aligned to job duties, as well as effectively communicating with co-workers.
  • Must be able to work more than 40 hours per week when business needs warrant. Accommodations related to schedule may be considered.
  • Able to access information using a computer.
  • Other essential functions and marginal job functions are subject to modification.

#LI-JD1
SEI offers a comprehensive package of benefits to employees scheduled 30 hours or more per week. In addition to medical, dental, vision, life and disability plans, SEI employees may take advantage of well-being incentives, parental leave, paid time off, certain paid holidays, tax saving accounts (FSA, HSA), 401(k) retirement benefit, Employee Stock Purchase Plan, tuition assistance as well as entertainment and retail discounts. Non-exempt employees are eligible for overtime pay, if applicable.
Careers - Our Benefits, Strategic Education, Inc
SEI is an equal opportunity employer committed to fostering an inclusive and collaborative culture where individuals can grow their careers and contribute fully. We strive to attract talent with broad experiences, skills and perspectives. We welcome applications from all. While it is not typical for an individual to be hired at or near the top end of the pay range at SEI, we offer a competitive salary. The actual base pay offered to the successful candidate may vary depending on multiple factors including, but not limited to, job-related knowledge/skills, experience, business needs, geographical location, and internal pay equity. Our Talent Acquisition Team is ready to discuss your interest in joining SEI. The expected salary range for this position is below.
$119,300.00 - $178,900.00 - Salary
If you require reasonable accommodations to complete our application process, please contact our Human Resources Department at Careers@strategiced.com.

What Strategic Education employees say

Pay

Hours and flexibility

Workplace

Get the full story on Breakroom