Manager Model Risk Management Jobs in Virginia (NOW HIRING)

Since 1898, we have helped customers complete more than 25,000 projects in 160 countries on all seven continents that have created jobs, grown economies, improved the resiliency of the world's infrastructure, increased access to energy, resources, and vital services, and made the world a safer, cleaner place. 

Differentiated by the quality of our people and our relentless drive to deliver the most successful outcomes, we align our capabilities to our customers' objectives to create a lasting positive impact. We serve the Infrastructure; Nuclear, Security & Environmental; Energy; Mining & Metals, and the Manufacturing and Technology markets. Our services span from initial planning and investment, through start-up and operations. 

Core to Bechtel is our Vision, Values and Commitments. They are what we believe, what customers can expect, and how we deliver. Learn more about our extraordinary teams building inspiring projects in our Impact Report. 

The Manager, Cybersecurity Risk Management focuses efforts on managing and reporting on cyber risks globally across Bechtel, playing a crucial role in assessing and managing risk, and driving mitigation plans associated with our wider cybersecurity program. The manager drives a comprehensive risk management program, while supporting peer cybersecurity teams in maturing and standardizing their programs. The manager identifies and mitigates security risks; provides subject matter expertise and technical guidance to process owners; partners with Service Owners, GBU Managers, IT Architecture, Operations and Support, and Software Development, to contribute to the reporting of a comprehensive view of the security risk posture and its impact on the business.

Risk Oversight

• Develops and maintains a comprehensive cybersecurity risk management strategy, leads enterprise-wide cyber risk assessments and mitigation / remediation activities.
• Collaborates with IT, legal, compliance, and business units to ensure risk mitigation strategies are embedded in operations.
• Monitors emerging threats and risk posture and activities accordingly.
• Presents risk analysis, metrics, and mitigation plans to management and stakeholders.
• Identifies risk and mitigating controls for information security exceptions based on adherence to relevant company policies, standards, baselines, and industry standards (e.g., ISO 27001, NIST, GDPR, HIPAA, CIS, FedRAMP).
• Mentors and develops junior risk analysts and cybersecurity professionals.
• Assists with the administration and maintenance of the ServiceNow GRC platform.

Strategic Leadership, Business Partnership & Enablement

• Translates risk insights into strategic decisions and enterprise-wide policies.
• Contributes to the design of cybersecurity strategies by advising on risk reduction priorities related to exception and risk register trends.
• Develops metrics to track exception mitigation rates, approval / review rates, aging, and SLA compliance.
• Drives initiatives that reduce recurring exception requests through enterprise-wide solutions.

Analytics

• Monitors the effectiveness of the information security exceptions process in accordance with agreed upon metrics and performance measures to drive continuous improvements.
• Conducts root cause analysis on recurring issues to enhance process efficiency and reduce exception requests.
• Collaborates with cross-functional teams to gather, interpret, and validate mitigating controls to ensure accuracy and relevance.

• Requires bachelor’s degree plus 8+ years experience in information security risk, with at least 3 years in a risk management role or similar function.

• Strong knowledge of cybersecurity frameworks, company policies, and regulatory requirements.
• Strong expertise across commercial and government cloud services (AWS, Azure, GCP, OCI, etc.), on-premises and application environments.
• Experience with tools such as ServiceNow, GRC tools, Power BI, and cloud technologies.
• Strong knowledge of risk frameworks (e.g., ISO 27005, NIST, ISO, PCI, SOX, etc.).
• Proven ability to translate complex technical concepts into plain language for decision-makers.
• Skilled in preparing polished deliverables that support informed decision-making.
• Team player who builds trust across technical and non-technical teams.
• Demonstrated ability to work independently, adapt quickly, and drive tasks forward with limited direction.
• Strong project management and delegation skills across diverse, cross-functional initiatives

Preferred:

• Certifications such as CISSP, CISM, CRISC, or CISA.
• 5+ years of prior experience in EPCM (Engineering, Procurement, Construction / Project Management). Prefer global company background and/or Fortune 500 and/or EPC industry.
• Comfortable working in a highly iterative environment, both structured and unstructured.
• Metrics and visualization tools knowledge a plus (i.e., ServiceNow, Power BI, Tableau,).
• Advanced user of M365 Suite to prepare all project plans, deliverables, presentations, reports, and findings.

For decades, Bechtel has worked to inspire the next generation of employees and beyond! Because our teams face some of the world's toughest challenges, we offer robust benefits to ensure our people thrive.  Whether it is advancing careers, delivering programs to enhance our culture, or providing time to recharge, Bechtel has the benefits to build a legacy of sustainable growth. Learn more at Bechtel Total Rewards

As a global company, Bechtel has long been home to a vibrant multitude of nationalities, cultures, ethnicities, and life experiences. This diversity has made us a more trusted partner, more effective problem solvers and innovators, and a more attractive destination for leading talent.

We are committed to being a company where every colleague feels that they belong-where colleagues feel part of "One Team," respected and rewarded for what they bring, supported in pursuing their goals, invested in our values and purpose, and treated equitably. Click here to learn more about the people who power our legacy.