1

Operational Risk Manager Jobs in Vail, AZ (NOW HIRING)

... operations to obtain evidence, close gaps, and ensure control sustainability. * Facilitate Management Review meetings as required by the standard, preparing agenda materials, risk summaries, audit ...

Manages operational, human capital, reputational and business risk. Exercises leadership, authority and sound decision making to mitigate sales practice risk. Ensures compliance with regulatory ...

Project Manager

Tucson, AZ · On-site

$80K - $120K/yr

Working closely with operations leadership, you'll proactively identify risks/opportunities, track ... Manage full project lifecycle: planning, scheduling, budgeting, resource allocation, risk ...

Working closely with operations leadership, you'll proactively identify risks/opportunities, track ... Manage full project lifecycle: planning, scheduling, budgeting, resource allocation, risk ...

The successful candidate will manage complex projects including project risk and align business ... Experience in industrial and mining projects, including financial and operational insights.

Project Manager - HVAC

Tucson, AZ · Hybrid

$80K - $120K/yr

Working closely with operations leadership, you'll proactively identify risks/opportunities, track ... Manage full project lifecycle: planning, scheduling, budgeting, resource allocation, risk ...

Risk management, commercial awareness, business analysis & reporting, and operational/business knowledge. * Excellent communication and collaboration skills. * An ability to effectively liaise with ...

Project Manager - HVAC

Tucson, AZ · On-site

$80K - $120K/yr

Working closely with operations leadership, you'll proactively identify risks/opportunities, track ... Manage full project lifecycle: planning, scheduling, budgeting, resource allocation, risk ...

next page

Showing results 1-20

Operational Risk Manager information

See Vail, AZ salary details

$49.6K

$127.3K

$249.9K

How much do operational risk manager jobs pay per year?

As of Jul 11, 2026, the average yearly pay for operational risk manager in Vail, AZ is $127,290.00, according to ZipRecruiter salary data. Most workers in this role earn between $77,500.00 and $167,700.00 per year, depending on experience, location, and employer.

What Does an Operational Risk Manager Do?

An operational risk manager works to identify and limit the risk associated with a company’s operations. As an operational risk manager, your responsibilities involve assessing business operations, identifying issues, and creating reports on your findings. You then help develop policies and implement changes to lessen operational risks. Other duties include continually monitoring the business to find potential new threats and ensuring company compliance with laws and regulations.

What are the 4 pillars of operational risk management?

The four pillars of operational risk management are risk identification, risk assessment, risk mitigation, and risk monitoring. An Operational Risk Manager uses these pillars to develop strategies that minimize potential losses from internal processes, people, systems, or external events, often utilizing tools like risk dashboards and frameworks such as Basel II. Mastery of these pillars is essential for effective risk oversight and compliance.

What does an operational risk manager do?

An operational risk manager identifies, assesses, and monitors risks that could disrupt a company's operations, such as process failures, fraud, or system outages. They develop strategies to mitigate these risks, ensure compliance with regulations, and often use risk management tools and data analysis to support decision-making.

Do risk managers make good money?

Operational Risk Managers typically earn competitive salaries that vary by industry, experience, and location. According to industry data, the median annual salary ranges from $80,000 to over $130,000, with additional compensation such as bonuses and certifications like FRM or ORM enhancing earning potential.

What are some common challenges faced by Operational Risk Managers in maintaining effective risk controls across different departments?

Operational Risk Managers often encounter challenges in ensuring consistent risk controls due to varying processes, priorities, and risk appetites across departments. Communication gaps and resistance to change can make it difficult to implement standardized procedures. Successfully overcoming these challenges involves building strong cross-functional relationships, conducting regular training, and fostering a risk-aware culture to ensure alignment on risk management practices throughout the organization.

What are the three C's of operational risk management?

The three C's of operational risk management are Culture, Controls, and Communication. These elements help organizations identify, assess, and mitigate risks effectively, which is essential for an Operational Risk Manager to ensure operational resilience and compliance. Developing strong controls and fostering a risk-aware culture are key skills in this role.

What are the key skills and qualifications needed to thrive as an Operational Risk Manager, and why are they important?

To thrive as an Operational Risk Manager, you need a solid understanding of risk assessment, regulatory compliance, and internal controls, typically supported by a degree in finance, business, or a related field. Familiarity with risk management frameworks, GRC (governance, risk, and compliance) systems, and certifications such as FRM or ORM are highly valued. Strong analytical thinking, attention to detail, and effective communication skills set top performers apart in this role. These competencies are crucial for identifying, mitigating, and communicating operational risks, ensuring organizational stability and regulatory adherence.

What is the difference between Operational Risk Manager vs Risk Analyst?

AspectOperational Risk ManagerRisk Analyst
CertificationsCFA, FRM, or similarCFA, FRM, or similar
Work EnvironmentFinancial institutions, banks, insurance companiesFinancial firms, consulting, corporate risk teams
ResponsibilitiesIdentify, assess, and mitigate operational risks; develop risk frameworksAnalyze risk data, support risk assessments, prepare reports

The Operational Risk Manager focuses on managing and mitigating operational risks within organizations, often holding certifications like CFA or FRM. In contrast, Risk Analysts primarily analyze risk data and support risk management processes. Both roles are vital in financial sectors and share similar credentials, but the Operational Risk Manager has a broader responsibility for risk mitigation strategies.

What job categories do people searching Operational Risk Manager jobs in Vail, AZ look for? The top searched job categories for Operational Risk Manager jobs in Vail, AZ are:
What cities near Vail, AZ are hiring for Operational Risk Manager jobs? Cities near Vail, AZ with the most Operational Risk Manager job openings:
ISMS Compliance Manager

ISMS Compliance Manager

Hexagon Mining, Inc.

Tucson, AZ • Remote

Full-time

Posted 29 days ago


Job description

The Company:

Hexagon is a global leader in digital reality solutions, combining sensor, software, and autonomous technologies. We are putting data to work to boost efficiency, productivity, quality, and safety across industrial, manufacturing, infrastructure, public sector, and mobility applications.

Our technologies are shaping the production and people-related ecosystems to become increasingly connected and autonomous — ensuring a scalable, sustainable future.

Hexagon’s Mining division solves surface and underground mine challenges with proven technologies for planning, operations, and safety.

Hexagon (Nasdaq Stockholm: HEXA B) has approximately 24,000 employees in 50 countries and net sales of approximately 5.5bn USD. Learn more at hexagon.com and follow us @HexagonAB.

The Role:

The Compliance Manager is accountable for the design, operation, and continuous improvement of the organisation’s Information Security Management System (ISMS) and its associated certification programme. This role is not a technical security engineering position. Instead, it demands a highly organised, process-oriented compliance professional who can orchestrate cross-functional teams, manage external auditors, close control gaps, and ensure that the control environment remains audit-ready at all times. The Compliance Manager serves as the primary interface between the organisation’s day-to-day operations and its ISO 27001 certification obligations.

Major Areas of Responsibility:

  • ISMS Program Ownership
    • Own, maintain, and continuously improve the ISO 27001-aligned Information Security Management System (ISMS), including its scope, Statement of Applicability (SoA), risk treatment plan, and all supporting documentation.
    • Serve as the internal subject-matter authority for ISO/IEC 27001 standard requirements and, where applicable, supplementary standards (ISO 27002, 27005, 27017, 27018, SOC 2 overlap).
    • Maintain the organisation’s certification roadmap and annual audit calendar, coordinating with the external certification body and any internal audit function.
    • Ensure the ISMS programme remains aligned with organisational strategy, evolving business requirements, regulatory changes, and threat landscape shifts.
  • Control Framework Management
    • Maintain a complete, current, and authoritative ISO 27001 control framework, mapping Annex A controls (and relevant supplementary controls) to business processes, asset owners, and accountable teams.
    • Conduct and manage periodic control effectiveness assessments to verify that controls are designed adequately and are operating as intended.
    • Drive gap remediation: identify control deficiencies, assign remediation owners, set target dates, track progress to closure, and escalate where timelines are at risk.
    • Ensure evidence artefacts (policies, procedures, records, logs, test results) are complete, current, well-organised, and retained in accordance with the ISMS evidence management framework.
    • Manage policy and procedure lifecycle—drafting, review, approval, version control, and annual attestation—in collaboration with policy owners.
  • Audit Management & Readiness
    • Scope, plan, and manage both internal and external ISO 27001 audits (Stage 1, Stage 2 certification, and annual surveillance/recertification audits).
    • Serve as the primary liaison with the external certification body: coordinate logistics, manage the audit schedule, prepare opening and closing meetings, and facilitate auditor access to systems, evidence, and personnel.
    • Proactively assess control adequacy before external audits.
    • Manage all audit findings (minor nonconformities, major nonconformities, and observations): ensure timely root cause analysis, corrective action plans, evidence of closure, and follow-up verification.
    • Maintain a perpetual audit-readiness posture, ensuring the organisation can demonstrate an effective ISMS at any point during the certification cycle—not only at audit time.
  • Risk Management Integration
    • Facilitate the information security risk assessment and risk treatment process working with technical and business stakeholders to identify, evaluate, and treat information security risks.
    • Maintain the risk register and risk treatment plan, tracking risk acceptance decisions, treatment progress, and residual risk posture.
    • Ensure risk assessment outputs are reflected in the SoA and control framework, and that significant residual risks are escalated appropriately to leadership.
  • Cross-Functional Stakeholder Engagement
    • Identify and engage the correct accountable owners across product, engineering, infrastructure, IT, legal, HR, and business operations to obtain evidence, close gaps, and ensure control sustainability.
    • Facilitate Management Review meetings as required by the standard, preparing agenda materials, risk summaries, audit result summaries, and improvement recommendations.
    • Develop and maintain a stakeholder engagement model that clarifies each team’s ISMS responsibilities without requiring them to become compliance specialists.
    • Act as a trusted advisor to leadership on the organisation’s compliance posture, certification status, and material risks.
    • Support teams as they address questions regarding information security management, including responses to customer security questionnaires
    • Manage and support incident response efforts, including containment, investigation, and recovery.
  • Compliance Programme Governance
    • Maintain a compliance calendar covering ISMS obligations—control reviews, policy attestations, risk assessments, internal audits, and external audit milestones.
    • Produce regular compliance status reports and management dashboards that accurately reflect the state of the control environment, open gaps, and remediation progress.
    • Contribute to supplier assurance activities by assessing third-party compliance requirements relevant to the ISMS scope.

Key Stakeholders:

This role will be successful if able to build relationships and work directly with the following stakeholders:

  • VP of Information Technology and Data
  • Group Privacy and Information Security Officer
  • Group Governance, Risk, and Compliance
  • SVP of Product
  • SVP of Engineering
  • Engineering Management
  • Legal and Compliance

Knowledge and Experience - Required:

  • Bachelor’s degree in Information Security, Computer Science, Business Administration, or a related field; or equivalent professional experience.
  • 5+ years of experience in information security compliance, GRC (Governance, Risk, and Compliance), or audit management roles.
  • Demonstrated, hands-on experience managing an ISO 27001 ISMS through at least one full certification or recertification audit cycle—including scoping, internal audits, external audit management, and nonconformity remediation.
  • Proven ability to manage cross-functional stakeholders without direct authority—influencing product, engineering, HR, legal, and operations teams to meet compliance obligations.
  • Experience maintaining control frameworks, risk registers, and ISMS documentation libraries.
  • Track record of writing and managing information security policies and procedures.

Knowledge and Experience - Desired:

  • Deep knowledge of the ISO/IEC 27001:2022 standard, Annex A controls, and supporting guidance in ISO/IEC 27002:2022.
  • Strong understanding of information security risk assessment methodologies.
  • Ability to read, interpret, and apply compliance and audit requirements without needing to be a hands-on technical security practitioner.
  • Excellent written and verbal communication skills; able to translate complex compliance requirements into clear, actionable guidance for non-security audiences.
  • Strong project and programme management skills: ability to manage multiple workstreams, deadlines, and stakeholders simultaneously.
  • CISM (Certified Information Security Manager) or CRISC (Certified in Risk and Information Systems Control).
  • Working knowledge of complementary frameworks such as SOC 2 (Type I/II), NIST CSF, CIS Controls, GDPR, or CCPA—particularly where they overlap with or supplement the ISO 27001 control environment.
  • Prior experience in a regulated industry (financial services, healthcare, or public sector) where certification drives contractual or regulatory obligations.

Travel:

  • Travel is expected to complete job function - including potential significant periods of travel related to coordination of audit readiness and execution. Overall travel is not to exceed 50% of time.


Hexagon is an Equal Opportunity Employer. We prohibit discrimination against any job applicant based on protected characteristics.