1

Operational Risk Manager Jobs in Potomac, MD (NOW HIRING)

... operations. * Develop guidance, templates, other tools, and advice to the program offices to ... Provide risk management and information security continuous monitoring program implementation ...

Risk Manager

Riverdale, MD · On-site

$115K - $125K/yr

Overview The Risk Manager is responsible for leading the project's risk management program and ... Identify operational, contractual, insurance, and safety-related risks affecting the project.

The Risk Manager will identify, assess, and mitigate potential risks that could impact the company ... Identify and track subcontractor flow-down insurance requirements to support estimating, operations ...

The Risk Manager will identify, assess, and mitigate potential risks that could impact the company ... Identify and track subcontractor flow-down insurance requirements to support estimating, operations ...

The Risk Manager will identify, assess, and mitigate potential risks that could impact the company ... Identify and track subcontractor flow-down insurance requirements to support estimating, operations ...

The Risk Manager will identify, assess, and mitigate potential risks that could impact the company ... Identify and track subcontractor flow-down insurance requirements to support estimating, operations ...

Our services span from initial planning and investment, through start-up and operations. Core to ... This Project Risk Manager role is a senior role responsible for managing the project risk ...

Lead Risk Specialist

Mclean, VA · On-site

$99K/yr

Audit-Ready Operations: Foster a culture of proactive risk awareness, helping manage horizontal routines to ensure the business is continuously audit-ready. * Cross-Functional Collaboration: Partner ...

US-MD-Bethesda

Bethesda, MD · Hybrid

$114K - $192K/yr

The Operational Risk Manager drives and supports the Operational Risk Management framework, to enable the Bank to effectively identify, monitor, measure, and control its operational risk profile.

Partner effectively with specialized teams across the enterprise-including Operational Risk Management, Enterprise Risk Management, Compliance, Business Risk Offices, Information Technology, Internal ...

next page

Showing results 1-20

Operational Risk Manager information

See Potomac, MD salary details

$48.6K

$124.8K

$245.1K

How much do operational risk manager jobs pay per year?

As of Jul 12, 2026, the average yearly pay for operational risk manager in Potomac, MD is $124,842.00, according to ZipRecruiter salary data. Most workers in this role earn between $76,000.00 and $164,400.00 per year, depending on experience, location, and employer.

What Does an Operational Risk Manager Do?

An operational risk manager works to identify and limit the risk associated with a company’s operations. As an operational risk manager, your responsibilities involve assessing business operations, identifying issues, and creating reports on your findings. You then help develop policies and implement changes to lessen operational risks. Other duties include continually monitoring the business to find potential new threats and ensuring company compliance with laws and regulations.

What are the 4 pillars of operational risk management?

The four pillars of operational risk management are risk identification, risk assessment, risk mitigation, and risk monitoring. An Operational Risk Manager uses these pillars to develop strategies that minimize potential losses from internal processes, people, systems, or external events, often utilizing tools like risk dashboards and frameworks such as Basel II. Mastery of these pillars is essential for effective risk oversight and compliance.

What does an operational risk manager do?

An operational risk manager identifies, assesses, and monitors risks that could disrupt a company's operations, such as process failures, fraud, or system outages. They develop strategies to mitigate these risks, ensure compliance with regulations, and often use risk management tools and data analysis to support decision-making.

Do risk managers make good money?

Operational Risk Managers typically earn competitive salaries that vary by industry, experience, and location. According to industry data, the median annual salary ranges from $80,000 to over $130,000, with additional compensation such as bonuses and certifications like FRM or ORM enhancing earning potential.

What are some common challenges faced by Operational Risk Managers in maintaining effective risk controls across different departments?

Operational Risk Managers often encounter challenges in ensuring consistent risk controls due to varying processes, priorities, and risk appetites across departments. Communication gaps and resistance to change can make it difficult to implement standardized procedures. Successfully overcoming these challenges involves building strong cross-functional relationships, conducting regular training, and fostering a risk-aware culture to ensure alignment on risk management practices throughout the organization.

What are the three C's of operational risk management?

The three C's of operational risk management are Culture, Controls, and Communication. These elements help organizations identify, assess, and mitigate risks effectively, which is essential for an Operational Risk Manager to ensure operational resilience and compliance. Developing strong controls and fostering a risk-aware culture are key skills in this role.

What are the key skills and qualifications needed to thrive as an Operational Risk Manager, and why are they important?

To thrive as an Operational Risk Manager, you need a solid understanding of risk assessment, regulatory compliance, and internal controls, typically supported by a degree in finance, business, or a related field. Familiarity with risk management frameworks, GRC (governance, risk, and compliance) systems, and certifications such as FRM or ORM are highly valued. Strong analytical thinking, attention to detail, and effective communication skills set top performers apart in this role. These competencies are crucial for identifying, mitigating, and communicating operational risks, ensuring organizational stability and regulatory adherence.

What is the difference between Operational Risk Manager vs Risk Analyst?

AspectOperational Risk ManagerRisk Analyst
CertificationsCFA, FRM, or similarCFA, FRM, or similar
Work EnvironmentFinancial institutions, banks, insurance companiesFinancial firms, consulting, corporate risk teams
ResponsibilitiesIdentify, assess, and mitigate operational risks; develop risk frameworksAnalyze risk data, support risk assessments, prepare reports

The Operational Risk Manager focuses on managing and mitigating operational risks within organizations, often holding certifications like CFA or FRM. In contrast, Risk Analysts primarily analyze risk data and support risk management processes. Both roles are vital in financial sectors and share similar credentials, but the Operational Risk Manager has a broader responsibility for risk mitigation strategies.

What cities near Potomac, MD are hiring for Operational Risk Manager jobs? Cities near Potomac, MD with the most Operational Risk Manager job openings:
Risk Manager

Full-time

Re-posted 10 days ago


Job description

Overview

CVP is seeking an Cybersecurity Risk Manager for a large government agency enterprise-level cybersecurity program. The Cybersecurity Risk Manager will work directly with the Cybersecurity Program Manager and the agency's CIO and CISO in cybersecurity tasks such as information security policy development and implementation; security compliance monitoring; security audit management; risk assessment; system authorization; security reporting; and other information security-related tasks.

Responsibilities
  • Identify, evaluate, and develop strategies for handling risks to reduce information security and privacy risk across the agency.
  • Provide recommendations, guidance, planning, and implementation support for agency risk management activities and tools, and provide support as needed to enhance the agency's Information Security Program related to governance, optimizations, automation, and supporting tools.
  • Developing an agency Information Security Risk Management Strategy in accordance with the latest released versions of NIST Special Publications (SPs) such as SP 800-37, Risk Management Framework for Information Systems and Organizations and SP 800-39, Managing Information Security Risk (as revised).
  • Conducting an enterprise risk assessment and developing an agency Information Security Risk Assessment Report that addresses all findings from the assessment
  • Developing an agency Privacy and Security Roadmap that recommends privacy and information security capabilities based on risks identified in the agency's Information Security Risk Assessment Report
  • Developing an agency Information Security Risk Management Plan that addresses how the agency will implement and perform risk management activities regarding risk tolerance, risk assessment, risk response, risk monitoring, and risk capabilities
  • Providing risk management guidance to the agency offices for A&A activities as required, ensuring continuous risk monitoring of information security control implementation effectiveness and required information security compliance requirements
  • Support the Information Security and Assurance Office (ISAO) in implementing and overseeing the organization's information security risk management and security assessment and authorization (A&A) activities.
  • Advise the agency on how best to tailor the revised A&A process to handle non-traditional technologies including, but not limited to, cloud, mobile, and Internet of Things.
  • Provide the agency recommendations on how it can continuously monitor and assess the security posture of agency information systems over time and alert agency decision makers when an information system presents an increased risk or eminent threat to agency data and/or operations.
  • Develop guidance, templates, other tools, and advice to the program offices to support their risk management and ATO activities.
  • Provide risk management and information security continuous monitoring program implementation recommendations to program offices
  • Track and review Plans of Actions and Milestones (POA&Ms) agency-wide to identify areas of risk as a result of unimplemented POA&Ms, a buildup of risk-based decisions, or other cross-cutting issues observed as a result of its risk management support.
  • Track the A&A status for all divisions and programs that have information systems to validate they meet the requirements to protect the agency's data and operations.
  • Develop the required artifacts to complete security accreditation packages for OCIO information systems and perform any required assessments, as requested. The Contractor shall provide oversight and advisory support to agency program office personnel for completion of information system A&A packages, as requested.
  • Follow NIST Federal Information Processing Standards (FIPS) and Special Publications (SPs) to include, but not limited to, FIPS 199 and 200, SP 800-39, SP 800-37, SP 800-137, SP 800-60, SP 800-53, SP 800-53A, SP 800-34, SP 800-30, and SP 800-18. The Contractor shall comply with all agency IT security and Privacy policies and standards including, and the agency Privacy Impact Assessment (PIA) requirements and associated templates.
Qualifications
  • Minimum of six years' experience in cybersecurity. 10+ years' experience is preferred.
  • Minimum of six years' experience leading and delivering in FISMA-based and FedRAMP Assessment and Authorization (A&A) programs for comparably sized federal agencies and programs. Seven plus years' experience is preferred.
  • Shall have at least one of the following industry-recognized certifications:
    • Certified Information System Security Professional (CISSP)
    • Certified Information Systems Auditor (CISA)
    • Certified Information Security Manager (CISM)
    • Certified in Risk and Information Systems Control (CRISC)
  • Familiarity with Information Technology Infrastructure Library (ITIL) Foundation Compliance (GRC) tool, continuous monitoring, and vulnerability management tools or services. Note: NIH currently uses CSAM.
  • Demonstrated experience managing cybersecurity teams including personnel, workload, priorities, scheduling, and risks.
  • Proven experience bringing innovative approaches to help reduce the FISMA workload and time to authorization/reauthorization through such methods as boundary consolidation, common control identification and re-use, automation, assessment readiness reviews, and digital transformation.

Desired Skills

  • PMP Certification
  • CISSP Certification
  • Experience with Security Assessment Tools (Tenable Nessus, DBProtect, Wireshark, WebInspect)
  • NIH/HHS experience

Location

  • Rockville, MD (Hybrid)

Salary Band: $155-165k (Depending on experience)

About CVP

CVP is an award-winning healthcare and next-gen technology and consulting services firm solving critical problems for healthcare, national security, and public sector clients. We help organizations achieve lasting transformation.CVP is an Equal Opportunity Employer dedicated to actively recruiting individuals and providing advancement opportunities based on merit and legitimate job qualifications. We ensure that all associates receive equal opportunities based on their personal qualifications and job requirements. CVP strictly prohibits any form of discrimination or harassment.At CVP, we cultivate a work environment that encourages fairness, teamwork, and respect among all associated. We are committed to maintaining a workplace where everyone can grow both personally and professionally.

Employment Type: FULL_TIME