1

Security Risk Assessment Jobs in Oregon (NOW HIRING)

Oversee completion of the FFIEC Cybersecurity Assessment Tool (CAT) or equivalent framework; conduct technology and security risk assessments; and provide independent oversight of technology and ...

OR · On-site

Cover security, operational, regulatory, and counterparty risk, including the risk register, annual assessments, scenario analyses, and escalation framework across all entities. * Own the Information ...

... assessment templates, and governance processes to support a scalable, risk-based program. * Partner with Legal, Compliance, Information Security, Affiliate Risk, and business stakeholders to ensure ...

Security Compliance Manager

OR · Remote

$140K - $170K/yr

Strong competency in gap analysis and risk assessment methodologies; able to translate results into prioritized remediation plans. * Working knowledge of security policy, procedure, and enforcement ...

Risk assessment and mitigation: Work closely with risk owners across the Group to conduct risk ... Business Resiliency and Physical Security: Oversee and support the Senior Director, Physical ...

System security assessments * Vulnerability management * Security risk management * Experience with FIPS, NIST 800-53/CSF, or other relevant frameworks * Notable cloud security experience * Relevant ...

SUMMARY The IT Risk Analyst II is responsible for measuring and identifying technical risks within ... Performs technical security assessments against FIB's existing infrastructure and products to ...

Manager, Treasury Risk

OR · On-site +1

... security risk, and compliance risk. We partner with first-line business functions, senior and executive leadership, and the board of directors to ensure effective identification, assessment ...

Director of Security

OR · Remote

$190K - $240K/yr

The scope includes third party risk, vendor assessment and qualification, security architecture oversight, AI related security assessments and guidance, incident response leadership, and budget ...

Guide the Discovery, Assessment, Risk Validation, and Finalization stages, including Security Assessment Plan development, evidence collection, control assessment meetings, and Security Assessment ...

Conduct security risk assessments and oversee vulnerability scanning and penetration testing activities * Manage security incident response coordination and reporting * Maintain continuous monitoring ...

Security Architect

OR · Remote

$65 - $84/hr

Conduct regular risk assessments to identify control gaps and ensure technical alignment with SOC2, HITRUST, and PCI DSS requirements. Your Professional Qualifications * Experience: 7+ years of ...

Assess physical security risk and recommend/implement appropriate and risk-based mitigations, including but not limited to upscaling physical security capabilities at Telix sites, implementing travel ...

next page

Showing results 1-20

Security Risk Assessment information

See Oregon salary details

$10

$53

$73

How much do security risk assessment jobs pay per hour?

As of Jul 4, 2026, the average hourly pay for security risk assessment in Oregon is $53.30, according to ZipRecruiter salary data. Most workers in this role earn between $43.22 and $63.56 per hour, depending on experience, location, and employer.

What is a Security Risk Assessment job?

A Security Risk Assessment job involves identifying, analyzing, and mitigating potential security threats to an organization's systems, data, and operations. Professionals in this role evaluate vulnerabilities, assess risks, and recommend security controls to protect against cyber threats, fraud, and compliance issues. They work with IT teams, management, and stakeholders to ensure security measures align with business objectives and regulatory requirements. This job often requires knowledge of cybersecurity frameworks, risk management methodologies, and relevant industry standards.

What are the key skills and qualifications needed to thrive in the Security Risk Assessment position, and why are they important?

To thrive in Security Risk Assessment, a strong background in risk analysis, information security principles, and regulatory compliance is essential, often supported by a degree in cybersecurity or related fields. Familiarity with risk assessment tools, frameworks like NIST or ISO 27001, and certifications such as CISSP or CISA are highly valued. Exceptional attention to detail, analytical thinking, and effective communication skills set top professionals apart in this role. These competencies enable accurate identification of potential security threats and development of strategic mitigation plans, which are crucial for safeguarding organizational assets.

What are some common challenges faced in a Security Risk Assessment role?

Professionals in Security Risk Assessment often face the challenge of keeping up with constantly evolving cyber threats and adapting assessment methodologies accordingly. Balancing thorough analysis with the need to provide timely recommendations can be demanding, especially when collaborating with multiple departments or stakeholders. Additionally, communicating complex risk findings to non-technical audiences requires both clarity and diplomacy. Overcoming these challenges is critical for delivering actionable insights that drive effective security decision-making and protect organizational assets.

What are the most commonly searched types of Security Risk Assessment jobs in Oregon? The most popular types of Security Risk Assessment jobs in Oregon are:
What are popular job titles related to Security Risk Assessment jobs in Oregon? For Security Risk Assessment jobs in Oregon, the most frequently searched job titles are:
What job categories do people searching Security Risk Assessment jobs in Oregon look for? The top searched job categories for Security Risk Assessment jobs in Oregon are:
Senior Manager, Technology Risk

Senior Manager, Technology Risk

Upstart

OR

Other

Posted 25 days ago


Job description

The Team: 

Upstart's Risk team is enhancing its second line of defense function in support of our application to establish Upstart Bank, N.A., a de novo national bank. The Risk team is responsible for Upstart's enterprise risk management program and risk governance, and for providing independent oversight and credible challenge across all core risk categories- including operational risk, third party risk, technology and information security risk, and treasury risk. We partner with first-line business functions, senior and executive leadership, and the board of directors to ensure effective identification, assessment, monitoring, reporting, and control of material risks, in alignment with OCC, FDIC, and FFIEC regulatory expectations.

As the Senior Manager, Technology Risk you will  lead the second-line technology and information security risk oversight program for Upstart Bank. You  will establish the bank's 2LOD technology risk framework-  leveraging and enhancing Upstart's existing technology and information security risk infrastructure to meet bank regulatory standards- and will provide independent oversight and credible challenge of the first-line technology and information security functions across all technology domains, including IT operations, cybersecurity, cloud infrastructure, affiliate-provided technology, and core banking systems. This role reports to the head of third party and technology risk and manages a team of two technology and security risk professionals. 

How you'll make an impact

  • Provide independent second-line review and credible challenge of first-line technology and information security activities, including but not limited to: cybersecurity controls, software development lifecycle (SDLC) and incident response programs, technology resiliency  and third-party arrangements
  • Oversee completion of the FFIEC Cybersecurity Assessment Tool (CAT) or equivalent framework; conduct technology and security  risk assessments; and provide independent oversight of technology and security risks in alignment with OCC guidance on cloud computing
  • Serve as a primary second-line point of contact for OCC examiners, internal audit, and other external stakeholders on technology risk and information security program topics and inquiries; prepare and deliver technology risk reporting to risk committees, the CRO, and the board. 
  • Build and lead a growing Technology Risk team, shaping how the bank identifies, prioritizes, and responds to its most important technology and security risks in alignment with applicable industry regulations
  • Partner with first-line IT and cybersecurity teams, TPRM, ERM, Legal, and Compliance to ensure technology and information security risk is integrated into enterprise risk programs, cross-functional risk assessments, and the bank's overall 2LOD reporting and governance structure

Minimum Qualifications 

  • Bachelor's degree or equivalent practical experience in information technology, cybersecurity, or a related field
  • 8+ years of experience in technology risk, information security risk management, IT audit, or GRC in a banking or financial services environment
  • 3+ years of direct people management experience leading technology risk, information security governance, risk, and compliance, or information technology audit professionals
  • Demonstrated experience applying FFIEC IT Examination Handbook standards and OCC guidance on technology risk and information security in a bank or federally regulated institution
  • Experience engaging banking regulators (OCC, FDIC, or Federal Reserve) on technology risk, cybersecurity, or IT controls examination matters

Preferred Qualifications

  • Experience building or significantly enhancing a technology risk or information security GRC program in a de novo bank, early-stage bank, or similar environment where the program required meaningful design and build-out
  • Knowledge of cloud risk management and OCC/FFIEC guidance on cloud computing (OCC Bulletin 2020-46), particularly in cloud-native or fintech-adjacent technology environments
  • Familiarity with affiliate technology risk oversight, including independent oversight of bank-affiliate technology service arrangements, associated data segregation requirements, and Regulation W implications
  • Experience with GRC tool implementation or administration in a bank regulatory context
  • Current professional certification in information security or technology risk management (CISSP, CISA, CRISC, CISM, or comparable)
  • Knowledge of AI/ML technology risk and related governance considerations in a fintech, lending, or model-intensive operating environment

Position location This role is available in the following locations: Remote 

Travel requirements As a digital first company, the majority of your work can be accomplished remotely. The majority of our employees can live and work anywhere in the U.S but are encouraged to to still spend high quality time in-person collaborating via regular onsites. The in-person sessions' cadence varies depending on the team and role; most teams meet once or twice per quarter for 2-4 consecutive days at a time.

#LI-REMOTE

#LI-MidSeniorÂ