Oversee completion of the FFIEC Cybersecurity Assessment Tool (CAT) or equivalent framework; conduct technology and security risk assessments; and provide independent oversight of technology and ...
OR · On-site
Cover security, operational, regulatory, and counterparty risk, including the risk register, annual assessments, scenario analyses, and escalation framework across all entities. * Own the Information ...
Manager, Third Party Risk Management
OR · On-site +1
... assessment templates, and governance processes to support a scalable, risk-based program. * Partner with Legal, Compliance, Information Security, Affiliate Risk, and business stakeholders to ensure ...
Manager, Third Party Risk Management
OR · On-site +1
... assessment templates, and governance processes to support a scalable, risk-based program. * Partner with Legal, Compliance, Information Security, Affiliate Risk, and business stakeholders to ensure ...
Lead Information Security Architect - Governance, Risk & Compliance
OR · Remote
$105K - $141K/yr
Lead comprehensive risk assessments of information systems, infrastructure, and business processes. Identify, quantify, and prioritize security risks utilizing industry-standard methodologies such as ...
Lead Information Security Architect - Governance, Risk & Compliance
OR · Remote
$105K - $141K/yr
Lead comprehensive risk assessments of information systems, infrastructure, and business processes. Identify, quantify, and prioritize security risks utilizing industry-standard methodologies such as ...
Third-Party Risk Management Program Officer
Hillsboro, OR · On-site
$100K - $126K/yr
Ensures alignment of the TPRM program with enterprise risk management (ERM), information security, compliance, and legal frameworks. Oversees execution of inherent risk assessments, due diligence ...
Third-Party Risk Management Program Officer
Hillsboro, OR · On-site
$100K - $126K/yr
Ensures alignment of the TPRM program with enterprise risk management (ERM), information security, compliance, and legal frameworks. Oversees execution of inherent risk assessments, due diligence ...
Security Compliance Manager
OR · Remote
$140K - $170K/yr
Strong competency in gap analysis and risk assessment methodologies; able to translate results into prioritized remediation plans. * Working knowledge of security policy, procedure, and enforcement ...
Security Compliance Manager
OR · Remote
$140K - $170K/yr
Strong competency in gap analysis and risk assessment methodologies; able to translate results into prioritized remediation plans. * Working knowledge of security policy, procedure, and enforcement ...
Information Risk Analyst - AI
Portland, OR · On-site
... * 5 IRM team members whoperform Risk assessments for applications and projects ... A Security Analyst orInformation Risk Analyst with exposure, training, and maybe 1-2 projectscould ...
Information Risk Analyst - AI
Portland, OR · On-site
... * 5 IRM team members whoperform Risk assessments for applications and projects ... A Security Analyst orInformation Risk Analyst with exposure, training, and maybe 1-2 projectscould ...
Physical Security Engineer PE
Portland, OR · On-site +1
$57/hr
Conduct security vulnerability and risk assessments * Evaluate emerging security technologies and recommend appropriate solutions * Coordinate with architectural, civil, electrical, and technology ...
Physical Security Engineer PE
Portland, OR · On-site +1
$57/hr
Conduct security vulnerability and risk assessments * Evaluate emerging security technologies and recommend appropriate solutions * Coordinate with architectural, civil, electrical, and technology ...
Risk assessment and mitigation: Work closely with risk owners across the Group to conduct risk ... Business Resiliency and Physical Security: Oversee and support the Senior Director, Physical ...
Risk assessment and mitigation: Work closely with risk owners across the Group to conduct risk ... Business Resiliency and Physical Security: Oversee and support the Senior Director, Physical ...
Info Security Engineer II
$87K - $134K/yr
System security assessments * Vulnerability management * Security risk management * Experience with FIPS, NIST 800-53/CSF, or other relevant frameworks * Notable cloud security experience * Relevant ...
Info Security Engineer II
$87K - $134K/yr
System security assessments * Vulnerability management * Security risk management * Experience with FIPS, NIST 800-53/CSF, or other relevant frameworks * Notable cloud security experience * Relevant ...
IT Risk Analyst II
Bend, OR · On-site
SUMMARY The IT Risk Analyst II is responsible for measuring and identifying technical risks within ... Performs technical security assessments against FIB's existing infrastructure and products to ...
IT Risk Analyst II
Bend, OR · On-site
SUMMARY The IT Risk Analyst II is responsible for measuring and identifying technical risks within ... Performs technical security assessments against FIB's existing infrastructure and products to ...
Manager, Treasury Risk
OR · On-site +1
... security risk, and compliance risk. We partner with first-line business functions, senior and executive leadership, and the board of directors to ensure effective identification, assessment ...
Manager, Treasury Risk
OR · On-site +1
... security risk, and compliance risk. We partner with first-line business functions, senior and executive leadership, and the board of directors to ensure effective identification, assessment ...
Director of Security
OR · Remote
$190K - $240K/yr
The scope includes third party risk, vendor assessment and qualification, security architecture oversight, AI related security assessments and guidance, incident response leadership, and budget ...
Director of Security
OR · Remote
$190K - $240K/yr
The scope includes third party risk, vendor assessment and qualification, security architecture oversight, AI related security assessments and guidance, incident response leadership, and budget ...
Provide system-level risk assessments and actionable recommendations, including impact and ... Support security assessments, audits, and inspections as the ISSO representative, including direct ...
Provide system-level risk assessments and actionable recommendations, including impact and ... Support security assessments, audits, and inspections as the ISSO representative, including direct ...
Guide the Discovery, Assessment, Risk Validation, and Finalization stages, including Security Assessment Plan development, evidence collection, control assessment meetings, and Security Assessment ...
Guide the Discovery, Assessment, Risk Validation, and Finalization stages, including Security Assessment Plan development, evidence collection, control assessment meetings, and Security Assessment ...
Conduct security risk assessments and oversee vulnerability scanning and penetration testing activities * Manage security incident response coordination and reporting * Maintain continuous monitoring ...
Conduct security risk assessments and oversee vulnerability scanning and penetration testing activities * Manage security incident response coordination and reporting * Maintain continuous monitoring ...
Assess and manage security risk associated with vendors, contractors, and third-party service providers. * Future team leadership: Lay the groundwork to scale the function. As the program matures ...
Assess and manage security risk associated with vendors, contractors, and third-party service providers. * Future team leadership: Lay the groundwork to scale the function. As the program matures ...
Security Architect
OR · Remote
$65 - $84/hr
Conduct regular risk assessments to identify control gaps and ensure technical alignment with SOC2, HITRUST, and PCI DSS requirements. Your Professional Qualifications * Experience: 7+ years of ...
Security Architect
OR · Remote
$65 - $84/hr
Conduct regular risk assessments to identify control gaps and ensure technical alignment with SOC2, HITRUST, and PCI DSS requirements. Your Professional Qualifications * Experience: 7+ years of ...
Assess physical security risk and recommend/implement appropriate and risk-based mitigations, including but not limited to upscaling physical security capabilities at Telix sites, implementing travel ...
Assess physical security risk and recommend/implement appropriate and risk-based mitigations, including but not limited to upscaling physical security capabilities at Telix sites, implementing travel ...
Conducting risk assessments across privacy, security, model risk, and misuse scenarios, including prompt injection, sensitive data exposure, excessive agency, and overreliance, and translating ...
Conducting risk assessments across privacy, security, model risk, and misuse scenarios, including prompt injection, sensitive data exposure, excessive agency, and overreliance, and translating ...
Security Risk Assessment information
See Oregon salary details
$10.93 - $16.66
2% of jobs
$16.66 - $22.39
0% of jobs
$22.39 - $28.12
1% of jobs
$28.12 - $33.85
1% of jobs
$33.85 - $39.58
1% of jobs
$43.88 is the 25th percentile. Wages below this are outliers.
$39.58 - $45.31
26% of jobs
$45.31 - $51.04
11% of jobs
The median wage is $53.09 / hr.
$51.04 - $56.77
22% of jobs
$56.77 - $62.50
9% of jobs
$62.95 is the 75th percentile. Wages above this are outliers.
$62.50 - $68.23
17% of jobs
$68.23 - $73.96
9% of jobs
$10
$53
$73
How much do security risk assessment jobs pay per hour?
What is a Security Risk Assessment job?
A Security Risk Assessment job involves identifying, analyzing, and mitigating potential security threats to an organization's systems, data, and operations. Professionals in this role evaluate vulnerabilities, assess risks, and recommend security controls to protect against cyber threats, fraud, and compliance issues. They work with IT teams, management, and stakeholders to ensure security measures align with business objectives and regulatory requirements. This job often requires knowledge of cybersecurity frameworks, risk management methodologies, and relevant industry standards.
What are the key skills and qualifications needed to thrive in the Security Risk Assessment position, and why are they important?
To thrive in Security Risk Assessment, a strong background in risk analysis, information security principles, and regulatory compliance is essential, often supported by a degree in cybersecurity or related fields. Familiarity with risk assessment tools, frameworks like NIST or ISO 27001, and certifications such as CISSP or CISA are highly valued. Exceptional attention to detail, analytical thinking, and effective communication skills set top professionals apart in this role. These competencies enable accurate identification of potential security threats and development of strategic mitigation plans, which are crucial for safeguarding organizational assets.
What are some common challenges faced in a Security Risk Assessment role?
Professionals in Security Risk Assessment often face the challenge of keeping up with constantly evolving cyber threats and adapting assessment methodologies accordingly. Balancing thorough analysis with the need to provide timely recommendations can be demanding, especially when collaborating with multiple departments or stakeholders. Additionally, communicating complex risk findings to non-technical audiences requires both clarity and diplomacy. Overcoming these challenges is critical for delivering actionable insights that drive effective security decision-making and protect organizational assets.
Job description
The Team:Â
Upstart's Risk team is enhancing its second line of defense function in support of our application to establish Upstart Bank, N.A., a de novo national bank. The Risk team is responsible for Upstart's enterprise risk management program and risk governance, and for providing independent oversight and credible challenge across all core risk categories- including operational risk, third party risk, technology and information security risk, and treasury risk. We partner with first-line business functions, senior and executive leadership, and the board of directors to ensure effective identification, assessment, monitoring, reporting, and control of material risks, in alignment with OCC, FDIC, and FFIEC regulatory expectations.
As the Senior Manager, Technology Risk you will lead the second-line technology and information security risk oversight program for Upstart Bank. You will establish the bank's 2LOD technology risk framework- leveraging and enhancing Upstart's existing technology and information security risk infrastructure to meet bank regulatory standards- and will provide independent oversight and credible challenge of the first-line technology and information security functions across all technology domains, including IT operations, cybersecurity, cloud infrastructure, affiliate-provided technology, and core banking systems. This role reports to the head of third party and technology risk and manages a team of two technology and security risk professionals.Â
How you'll make an impact
- Provide independent second-line review and credible challenge of first-line technology and information security activities, including but not limited to: cybersecurity controls, software development lifecycle (SDLC) and incident response programs, technology resiliency and third-party arrangements
- Oversee completion of the FFIEC Cybersecurity Assessment Tool (CAT) or equivalent framework; conduct technology and security risk assessments; and provide independent oversight of technology and security risks in alignment with OCC guidance on cloud computing
- Serve as a primary second-line point of contact for OCC examiners, internal audit, and other external stakeholders on technology risk and information security program topics and inquiries; prepare and deliver technology risk reporting to risk committees, the CRO, and the board.Â
- Build and lead a growing Technology Risk team, shaping how the bank identifies, prioritizes, and responds to its most important technology and security risks in alignment with applicable industry regulations
- Partner with first-line IT and cybersecurity teams, TPRM, ERM, Legal, and Compliance to ensure technology and information security risk is integrated into enterprise risk programs, cross-functional risk assessments, and the bank's overall 2LOD reporting and governance structure
Minimum QualificationsÂ
- Bachelor's degree or equivalent practical experience in information technology, cybersecurity, or a related field
- 8+ years of experience in technology risk, information security risk management, IT audit, or GRC in a banking or financial services environment
- 3+ years of direct people management experience leading technology risk, information security governance, risk, and compliance, or information technology audit professionals
- Demonstrated experience applying FFIEC IT Examination Handbook standards and OCC guidance on technology risk and information security in a bank or federally regulated institution
- Experience engaging banking regulators (OCC, FDIC, or Federal Reserve) on technology risk, cybersecurity, or IT controls examination matters
Preferred Qualifications
- Experience building or significantly enhancing a technology risk or information security GRC program in a de novo bank, early-stage bank, or similar environment where the program required meaningful design and build-out
- Knowledge of cloud risk management and OCC/FFIEC guidance on cloud computing (OCC Bulletin 2020-46), particularly in cloud-native or fintech-adjacent technology environments
- Familiarity with affiliate technology risk oversight, including independent oversight of bank-affiliate technology service arrangements, associated data segregation requirements, and Regulation W implications
- Experience with GRC tool implementation or administration in a bank regulatory context
- Current professional certification in information security or technology risk management (CISSP, CISA, CRISC, CISM, or comparable)
- Knowledge of AI/ML technology risk and related governance considerations in a fintech, lending, or model-intensive operating environment
Position location This role is available in the following locations: RemoteÂ
Travel requirements As a digital first company, the majority of your work can be accomplished remotely. The majority of our employees can live and work anywhere in the U.S but are encouraged to to still spend high quality time in-person collaborating via regular onsites. The in-person sessions' cadence varies depending on the team and role; most teams meet once or twice per quarter for 2-4 consecutive days at a time.
#LI-REMOTE
#LI-MidSeniorÂ