The Director partners closely with first-line control owners across security and technology, Portfolio Information Security Officers (PISOs), and key stakeholders in Enterprise Risk Management ...
The Director partners closely with first-line control owners across security and technology, Portfolio Information Security Officers (PISOs), and key stakeholders in Enterprise Risk Management ...
Lead end-to-end risk-based IT operational audit engagements, including planning, fieldwork, reporting, and issue validation * Assist in the development and execution of the risk-based IT audit plan ...
Lead end-to-end risk-based IT operational audit engagements, including planning, fieldwork, reporting, and issue validation * Assist in the development and execution of the risk-based IT audit plan ...
Sr Manager, IT Audit
Denver, CO · On-site
Lead end-to-end risk-based IT operational audit engagements, including planning, fieldwork, reporting, and issue validation * Assist in the development and execution of the risk-based IT audit plan ...
Sr Manager, IT Audit
Denver, CO · On-site
Lead end-to-end risk-based IT operational audit engagements, including planning, fieldwork, reporting, and issue validation * Assist in the development and execution of the risk-based IT audit plan ...
Conduct quarterly account reviews with internal stakeholders, including cyber strategy, technology risk, IT audit, governance risk and compliance, privacy, third-party risk, cloud security, incident ...
Conduct quarterly account reviews with internal stakeholders, including cyber strategy, technology risk, IT audit, governance risk and compliance, privacy, third-party risk, cloud security, incident ...
This role influences senior stakeholders across technology, product, engineering, operations, risk ... Bachelor's degree in Information Security, Computer Science, Information Technology, Engineering ...
New
This role influences senior stakeholders across technology, product, engineering, operations, risk ... Bachelor's degree in Information Security, Computer Science, Information Technology, Engineering ...
New
Director of Information Technology
Sterling, CO · On-site
$65K - $82K/yr
The Director of Information Technology provides leadership, administration, and oversight of the ... At-Risk * Career and Technical Education (CTE) * Pupil Enrollment * Postsecondary and Workforce ...
Director of Information Technology
Sterling, CO · On-site
$65K - $82K/yr
The Director of Information Technology provides leadership, administration, and oversight of the ... At-Risk * Career and Technical Education (CTE) * Pupil Enrollment * Postsecondary and Workforce ...
Director of Information Technology
Sterling, CO · On-site
$65K - $82K/yr
The Director of Information Technology provides leadership, administration, and oversight of the ... At-Risk * Career and Technical Education (CTE) * Pupil Enrollment * Postsecondary and Workforce ...
Director of Information Technology
Sterling, CO · On-site
$65K - $82K/yr
The Director of Information Technology provides leadership, administration, and oversight of the ... At-Risk * Career and Technical Education (CTE) * Pupil Enrollment * Postsecondary and Workforce ...
Cybersecurity IT Audit Manager
Denver, CO · On-site
Performing and/or managing Information Technology(IT) audits and security assessments in various ... associated risk assessment approaches. * Managing multiple client projects, and teams with ...
Cybersecurity IT Audit Manager
Denver, CO · On-site
Performing and/or managing Information Technology(IT) audits and security assessments in various ... associated risk assessment approaches. * Managing multiple client projects, and teams with ...
IT Security Specialist
Aurora, CO · On-site
SIMILAR CAREER TITLESCybersecurity Analyst, Information Security Analyst, Security Engineer, Network Security Specialist, Security Administrator, IT Risk Analyst, Cyber Defense Specialist, Security ...
IT Security Specialist
Aurora, CO · On-site
SIMILAR CAREER TITLESCybersecurity Analyst, Information Security Analyst, Security Engineer, Network Security Specialist, Security Administrator, IT Risk Analyst, Cyber Defense Specialist, Security ...
Familiarity with post-merger IT integration, carve-out separation, process reengineering, offshoring, or IT risk and compliance as well as an understanding of IT best practices and the core ...
Familiarity with post-merger IT integration, carve-out separation, process reengineering, offshoring, or IT risk and compliance as well as an understanding of IT best practices and the core ...
Familiarity with post-merger IT integration, carve-out separation, process reengineering, offshoring, or IT risk and compliance as well as an understanding of IT best practices and the core ...
Familiarity with post-merger IT integration, carve-out separation, process reengineering, offshoring, or IT risk and compliance as well as an understanding of IT best practices and the core ...
Familiarity with post-merger IT integration, carve-out separation, process reengineering, offshoring, or IT risk and compliance as well as an understanding of IT best practices and the core ...
Familiarity with post-merger IT integration, carve-out separation, process reengineering, offshoring, or IT risk and compliance as well as an understanding of IT best practices and the core ...
At DESRI, our culture is grounded in rigorous analytics and thoughtful risk-taking, with a strong ... About the role DESRI is seeking a Director, Information Technology to build and lead the firm ...
At DESRI, our culture is grounded in rigorous analytics and thoughtful risk-taking, with a strong ... About the role DESRI is seeking a Director, Information Technology to build and lead the firm ...
Your Impact You will drive Newmont's global IT risk, SOX, and third-party risk management strategy by advancing automation, strengthening controls, and improving risk visibility. Your work will ...
Your Impact You will drive Newmont's global IT risk, SOX, and third-party risk management strategy by advancing automation, strengthening controls, and improving risk visibility. Your work will ...
IT Security Specialist
Aurora, CO · On-site
SIMILAR CAREER TITLES Cybersecurity Analyst, Information Security Analyst, Security Engineer, Network Security Specialist, Security Administrator, IT Risk Analyst, Cyber Defense Specialist, Security ...
IT Security Specialist
Aurora, CO · On-site
SIMILAR CAREER TITLES Cybersecurity Analyst, Information Security Analyst, Security Engineer, Network Security Specialist, Security Administrator, IT Risk Analyst, Cyber Defense Specialist, Security ...
Program Manager, IT
Denver, CO · On-site
$119K - $119K/yr
Aprio's IT Operations function manages the firm's technology investments across infrastructure ... Tier vendors by spend, criticality, and risk. Maintain vendor records - contract data, renewal ...
Program Manager, IT
Denver, CO · On-site
$119K - $119K/yr
Aprio's IT Operations function manages the firm's technology investments across infrastructure ... Tier vendors by spend, criticality, and risk. Maintain vendor records - contract data, renewal ...
... information technology risk management domains such as but not limited to: application security, infrastructure security, identity and access management, vulnerability and cyber threat management ...
... information technology risk management domains such as but not limited to: application security, infrastructure security, identity and access management, vulnerability and cyber threat management ...
IT Director
Denver, CO · On-site
... risk control and progress monitoring) • Managing and supervising IT security, in coordination and under the supervision of the CISO (Chief Information Security Officer) of Client • Organizing and ...
IT Director
Denver, CO · On-site
... risk control and progress monitoring) • Managing and supervising IT security, in coordination and under the supervision of the CISO (Chief Information Security Officer) of Client • Organizing and ...
DIRECTOR, IT
$170K - $185K/yr
... risk, and align IT service delivery with organizational objectives. * Analyzes the business requirements of all departments to determine their technology needs. * Purchases efficient and cost ...
New
Quick apply
DIRECTOR, IT
$170K - $185K/yr
... risk, and align IT service delivery with organizational objectives. * Analyzes the business requirements of all departments to determine their technology needs. * Purchases efficient and cost ...
New
DIRECTOR, IT
$170K - $185K/yr
... risk, and align IT service delivery with organizational objectives. * Analyzes the business requirements of all departments to determine their technology needs. * Purchases efficient and cost ...
New
Quick apply
DIRECTOR, IT
$170K - $185K/yr
... risk, and align IT service delivery with organizational objectives. * Analyzes the business requirements of all departments to determine their technology needs. * Purchases efficient and cost ...
New
It Risk information
See Colorado salary details
$20.28 is the 25th percentile. Wages below this are outliers.
$15.17 - $20.87
28% of jobs
The median wage is $24.27 / hr.
$20.87 - $26.56
37% of jobs
$26.56 - $32.26
6% of jobs
$35.82 is the 75th percentile. Wages above this are outliers.
$32.26 - $37.96
6% of jobs
$37.96 - $43.66
12% of jobs
$43.66 - $49.36
0% of jobs
$49.36 - $55.06
0% of jobs
$55.06 - $60.76
8% of jobs
$60.76 - $66.45
0% of jobs
$66.45 - $72.15
0% of jobs
$72.15 - $77.85
2% of jobs
$15
$31
$77
How much do it risk jobs pay per hour?
What is IT risk?
What is the difference between It Risk vs Cybersecurity Analyst?
| Aspect | It Risk | Cybersecurity Analyst |
|---|---|---|
| Required Credentials | Certifications like CRISC, CISSP, CISA | Certifications like CompTIA Security+, CISSP, CEH |
| Work Environment | Risk management teams, compliance departments | Security operations centers, IT departments |
| Employer & Industry Usage | Financial, healthcare, and large enterprises | Tech firms, finance, government agencies |
It Risk professionals focus on identifying, assessing, and mitigating risks related to IT systems and compliance. Cybersecurity Analysts primarily monitor and respond to security threats and incidents. While both roles require similar certifications and work in overlapping environments, It Risk emphasizes risk management strategies, whereas Cybersecurity Analysts concentrate on security operations and threat response.
What are the key skills and qualifications needed to thrive as an IT Risk professional, and why are they important?
What are some common challenges faced by IT Risk professionals when working with cross-functional teams?
Asurion rating
7.2
Based on 84 frontline employees who took The Breakroom Quiz
116th of 207 rated it services
Job description
The Director, Cyber Risk leads Asurion's cyber and technology risk management discipline and is accountable for a consistent, outcome-driven program the business can rely on for decision-making. This strategic, cross-functional leader owns the end-to-end cyber risk lifecycle-identification, assessment, quantification, treatment, acceptance, monitoring, and reporting-along with the cyber risk register, risk appetite and tolerance framework, control assurance, and issues management. The Director partners closely with first-line control owners across security and technology, Portfolio Information Security Officers (PISOs), and key stakeholders in Enterprise Risk Management, Internal Audit, Legal, and Privacy. This role sets the standard for sound risk judgment, develops a high-performing team, and translates complex cyber risk into clear, defensible narratives for senior leadership and the board. This is a salaried, leadership role with enterprise impact, guiding a multi-year maturity uplift from ad hoc practices to scalable, evidence-based risk management.
Key Responsibilities- Own and continuously improve the cyber and technology risk management framework, methodology, taxonomy, and lifecycle aligned to NIST CSF 2.0, ISO 27001/27005, and applicable regulatory obligations.
- Define standards, procedures, and rating scales for consistent enterprise-wide risk identification, assessment, and reporting; partner with the PISO model to ensure common language and practices across portfolios.
- Lead enterprise cyber risk assessments across technology, business, regulatory, and emerging-risk domains to produce consistent, defensible determinations.
- Establish and operate a cyber risk quantification capability (e.g., FAIR-based) to express risk in business and financial terms and inform prioritization and investment decisions.
- Maintain the enterprise cyber risk register; ensure risks are well-described, owned, rated, and tracked to acceptable residual levels; develop and manage KRI/KCI programs for forward-looking posture.
- Operationalize the risk appetite and tolerance framework with the CISO and senior leadership; own risk acceptance and exception governance with clear, auditable documentation and time-bound approvals.
- Govern cyber risk policy structure, ownership, review cadence, and exception handling; chair or support cyber risk forums and escalate decisions to appropriate authority levels.
- Lead second-line, risk-based assurance over design and operating effectiveness of key cyber controls in coordination with first-line and Internal Audit; identify thematic weaknesses and drive structural remediation.
- Own issues and remediation management-intake, prioritization, owner assignment, tracking to closure, and escalation of aging items.
- Define and report outcome-focused metrics (e.g., residual risk trends, out-of-appetite reduction, early-versus-late finding ratios, incidents tied to accepted risk) in executive- and board-ready formats.
- Serve as primary point of contact for cyber risk in regulatory exams, audits, and carrier-partner due diligence.
- Integrate cyber risk into Enterprise Risk Management to ensure consistency in enterprise risk reporting and governance; partner with Legal, Privacy, Procurement, and technology leaders to embed risk-informed decisions.
- Oversee vendor/third-party risk within the cyber risk portfolio to ensure supply-chain risk is governed in line with enterprise practices.
- Build, lead, and develop a team of senior managers and analysts; set objectives, manage performance, and scale capacity through process improvement, tooling, and appropriate AI-assisted workflows.
- Bachelor's degree in a related field or equivalent professional experience.
- 10+ years in cybersecurity, IT/technology risk, or GRC, including 5+ years leading managers or multiple teams/domains.
- Proven experience designing, leading, or substantially maturing an end-to-end enterprise cyber/IT risk management program.
- Deep knowledge of NIST CSF 2.0, ISO 27001/27005, relevant regulatory regimes, and the three-lines-of-defense model.
- Experience operating a risk register, risk appetite/tolerance framework, and risk acceptance/exception governance.
- Hands-on experience with GRC/IRM platforms (e.g., ServiceNow IRM, Archer, OneTrust, or comparable).
- Excellent executive communication skills with a track record of briefing senior leadership and boards.
- Strong cross-functional influence partnering across security, technology, legal, privacy, and business teams.
- Preferred: CRISC, CISSP, CISM, or CISA; FAIR-based quantification experience; background in regulated or consumer-facing environments; experience with ERM integration and executive/board risk committees; Master's degree in a related field.
- Strategic risk leadership with the ability to connect cyber risk to business outcomes and investment decisions.
- Sound, defensible judgment under uncertainty; skilled in risk trade-offs and acceptance decisions.
- Expertise in risk quantification, KRI/KCI design, and outcome-based program metrics.
- Strong governance and policy acumen, including appetite/tolerance, exceptions, and escalation pathways.
- Proficiency in second-line control assurance and issues management, driving thematic remediation.
- Exceptional written and verbal communication; translates complex risk into clear, actionable narratives for executives and the board.
- Team leadership and talent development; builds high-performance teams and next-level leaders.
- Change agent mindset with process improvement, tooling, and automation competencies, including appropriate use of AI-assisted workflows.
- Collaboration and influence across ERM, Internal Audit, Legal, Privacy, Procurement, and technology organizations.
N/A
Physical Demands- Stationary Position: Frequently
- Vision: 20/20 corrected vision
- Hearing: Receive detailed information if spoken to