Quantitative Cyber Risk Jobs in Raleigh, NC (NOW HIRING)

Be You
Duke University's IT Security Office (ITSO) is seeking a skilled Senior Program Manager to help shape, communicate, and advance Duke's cybersecurity strategy. This role focuses on quantifying, contextualizing, and managing cyber risk across Duke University. You will partner closely with leadership, including the CISO and other Security Office leaders, to craft and communicate standards, practices, and program direction.
This position is ideal for someone who thrives in a fast-paced, analytical environment and enjoys translating complex information into clear guidance for diverse audiences. While prior security experience is helpful, candidates with strong backgrounds in analytics, risk, or strategic program management are encouraged to apply.
Minimum Requirements
• Bachelor's degree in a related field plus 3 or more years of experience in security, audit, analytics, or related areas.
OR
• 5+ years of combined education/experience in a related field.
Preferred Qualifications
• Certifications such as SANS/GIAC, CISSP, CISA, CISM.
• Experience with cybersecurity, risk analytics, or security program development.
• Proficiency with quantitative and qualitative analysis supporting data-driven decisions.
Other Requirements
• Strong verbal, written, and analytical communication skills.
• Ability to collaborate across diverse teams and influence through clarity and insight.
• Ability to work independently and in team settings on complex, fast-moving projects.
Be Bold
As Senior Program Manager, you will help drive the strategic maturity of Duke's information security program guided by the CI Security Critical Controls. This means providing insight into cyber risk trends, enabling data-driven decision-making, and ensuring the security program evolves with the regulatory landscape, including NIST SP 800-171.
• Assess the cyber risk landscape using metrics dashboards and advise on enhancements to improve clarity and risk quantification.
• Advise on development of inventory, tracking, and measurement tools, including dashboards covering accounts, devices, servers, network activity, websites, and adoption of key controls such as MFA, endpoint management, patching, and automated IP blocking.
• Identify strategic priorities for ITSO initiatives based on metrics, analysis, potential impact, and risk.
• Provide briefings to the security community, highlighting trends and implications for operational and strategic decisions.
• Lead project work to align the program with actionable industry best practices.
• Manage embedded security roles to ensure alignment with program priorities.
• Develop materials articulating policies, positions, and security guidance.
• Create innovative approaches to enhance the efficiency and value of ITSO's risk management programs-including vendor reviews.
• Coordinate response efforts on cross-functional issues involving groups such as Privacy and Audit, the Duke Health Information Security Office, and other departmental IT groups.
Supervisory Responsibilities
• Manage a team of 3-7 direct reports, 5 indirect reports, and graduate student interns.
• Perform all aspects of staff management including hiring, performance management, professional development, recognition, and staffing alignment for services provided by the team.
Choose Duke
Join an innovative, mission-driven security organization supporting a world-class research university. At Duke, your work will directly enhance the resilience of the institution while contributing to a collaborative and intellectually rich environment.
Why Duke?
• Reputation: Duke is a global leader in research, education, and cybersecurity, offering an environment committed to excellence.
• Professional Growth: Opportunities to shape strategy, influence outcomes, and work with cutting-edge technologies.
• Work-Life Balance: A supportive culture that values flexibility and well-being.
• Benefits: A competitive benefits package including health insurance, retirement plans, and additional perks.
Duke is an Equal Opportunity Employer committed to providing employment opportunity without regard to an individual's age, color, disability, gender, gender expression, gender identity, genetic information, national origin, race, religion, sex (including pregnancy and pregnancy related conditions), sexual orientation or military status.
Duke aspires to create a community built on collaboration, innovation, creativity, and belonging. Our collective success depends on the robust exchange of ideas-an exchange that is best when the rich diversity of our perspectives, backgrounds, and experiences flourishes. To achieve this exchange, it is essential that all members of the community feel secure and welcome, that the contributions of all individuals are respected, and that all voices are heard. All members of our community have a responsibility to uphold these values.
Essential Physical Job Functions:
Certain jobs at Duke University and Duke University Health System may include essential job functions that require specific physical and/or mental abilities. Additional information and provision for requests for reasonable accommodation will be provided by each hiring department.