1

Security Risk Compliance Jobs in Raleigh, NC (NOW HIRING)

M365 AI SME, Senior

Raleigh, NC ยท On-site

$112K - $113K/yr

The engineer in this role will partner with Security, Compliance, Architecture, Legal, Risk and Business stakeholders to establish AI guardrails, manage service performance, support adoption, and ...

Partner with IT, HR, Finance, Audit, Risk, and Compliance to align security design with business and regulatory requirements. * Translate business and functional requirements into effective Workday ...

The Compliance Officer will be familiar with risk management, comfortable leading internal risk assessments, and possess knowledge of HIPAA and NIST privacy and security requirements for health ...

next page

Showing results 1-20

Security Risk Compliance information

See Raleigh, NC salary details

$31.6K

$78.9K

$120.1K

How much do security risk compliance jobs pay per year?

As of Jul 3, 2026, the average yearly pay for security risk compliance in Raleigh, NC is $78,878.00, according to ZipRecruiter salary data. Most workers in this role earn between $58,800.00 and $97,200.00 per year, depending on experience, location, and employer.

What is the difference between Security Risk Compliance vs Security Analyst?

AspectSecurity Risk ComplianceSecurity Analyst
CertificationsISO 27001 Lead Implementer, CISSP, CISACISSP, CompTIA Security+, GIAC Security Certifications
Work EnvironmentPolicy development, compliance audits, risk assessmentsMonitoring security systems, incident response, vulnerability analysis
Employer & Industry UsageFinancial, healthcare, government sectors focusing on regulatory adherenceIT departments across various industries focusing on security operations

Security Risk Compliance professionals focus on ensuring organizations meet regulatory standards and manage security risks through policies and audits. Security Analysts primarily monitor security systems, analyze threats, and respond to incidents. While both roles require security certifications and work within similar environments, their core responsibilities differ: compliance versus active security monitoring.

What are some common challenges faced by Security Risk Compliance professionals when balancing regulatory requirements with business objectives?

Security Risk Compliance professionals often need to navigate the delicate balance between adhering to complex regulatory standards and supporting the organization's operational goals. A major challenge is ensuring compliance without hindering business innovation or efficiency. This involves working closely with various departments to interpret regulations, communicate risks, and implement pragmatic controls that satisfy both legal requirements and business needs. Effective collaboration and ongoing education are key to overcoming these challenges and maintaining a strong security posture.

What are the key skills and qualifications needed to thrive as a Security Risk Compliance professional, and why are they important?

To thrive as a Security Risk Compliance professional, you need a solid understanding of information security frameworks, risk assessment methodologies, and relevant regulations, often supported by a degree in cybersecurity or a related field. Familiarity with tools such as GRC (Governance, Risk, and Compliance) platforms, vulnerability scanners, and certifications like CISSP, CISA, or CRISC is typically required. Strong analytical thinking, attention to detail, and effective communication skills help you identify risks and collaborate with stakeholders. These skills are vital to ensure organizations meet compliance requirements, mitigate risks, and maintain trust with clients and regulators.

What is Security Risk Compliance?

Security Risk Compliance refers to the process of identifying, assessing, and managing risks to an organization's information systems while ensuring adherence to relevant laws, regulations, and industry standards. Professionals in this field develop policies, conduct risk assessments, and implement controls to protect sensitive data from threats. Their work helps organizations minimize security vulnerabilities and avoid legal or financial consequences related to non-compliance.
What are popular job titles related to Security Risk Compliance jobs in Raleigh, NC? For Security Risk Compliance jobs in Raleigh, NC, the most frequently searched job titles are:
What job categories do people searching Security Risk Compliance jobs in Raleigh, NC look for? The top searched job categories for Security Risk Compliance jobs in Raleigh, NC are:
What cities near Raleigh, NC are hiring for Security Risk Compliance jobs? Cities near Raleigh, NC with the most Security Risk Compliance job openings:
Infographic showing various Security Risk Compliance job openings in Raleigh, NC as of June 2026, with employment types broken down into 1% As Needed, 79% Full Time, 17% Part Time, 1% Temporary, and 2% Contract. Highlights an 93% Physical, 3% Hybrid, and 4% Remote job distribution, with an average salary of $78,878 per year, or $37.9 per hour.
Information Security Manager

Information Security Manager

Cypress Creek Renewables

Durham, NC โ€ข On-site

Other

Medical, Dental, Vision, Retirement, PTO

Posted 4 days ago


Job description

The Company
The energy industry is entering one of the most significant periods of growth and transformation in its history. Meeting the nation's growing demand for reliable electricity will require new ideas, new infrastructure, and talented people committed to building for the future.
At Cypress Creek Energy, we're meeting that challenge by developing and operating the energy infrastructure needed to power communities, support economic opportunity, and strengthen resilience. We believe our responsibility extends beyond the grid and that how we build matters just as much as what we build.
That same commitment extends to our employees. We invest in professional growth, encourage collaboration across teams, and provide opportunities to take ownership, expand your expertise, and advance your career. Our culture is grounded in safety, accountability, respect, and a shared commitment to deliver results. Join us and help meet one of the most important energy challenges of our time while building a rewarding career.
Overview
Cypress Creek Energy is hiring an Information Security Manager to lead the company's security operations and compliance program. This is a hands-on individual contributor role designed for a senior technical security professional ready to take ownership of a complete program - with the opportunity to grow into a leader of a team as the function scales.
The successful candidate brings a balance of deep technical execution and program-level compliance maturity. You will own the day-to-day security tooling stack, lead the company's NIST-based compliance program, shape policy in emerging areas including artificial intelligence, and maintain an accurate view of every system in the environment. You will report directly to the Chief Technology Officer and partner closely with IT, Counsels, and business stakeholders across the company.
Responsibilities
Security Operations & Engineering
  • Endpoint security: Administer and tune Microsoft Defender across the endpoint estate, including policy configuration, alert triage, response, and reporting.
  • Network and access security: Manage the Zscaler platform (ZIA/ZPA), including policy development, traffic inspection, access controls, and integration with identity systems.
  • SIEM operations: Own SIEM tuning, detection engineering, log source onboarding, alerting, and incident workflows. Build dashboards and metrics that surface meaningful signals.
  • Vulnerability management: Run the vulnerability scanning program across AWS and Azure cloud environments and on-premises infrastructure. Prioritize, track, and verify remediation in partnership with IT and engineering teams.
  • Patch management: Maintain endpoint patching cadence and reporting, ensuring coverage, exception tracking, and SLA adherence.
  • Digital forensics & incident response: Lead investigations into security events, perform forensic analysis, document findings, and coordinate response with internal teams and external partners as needed.
Compliance & Governance
  • NIST-based program: Maintain and continuously improve the company's NIST Cybersecurity Framework-aligned security program, including controls mapping, evidence collection, and gap remediation.
  • Policy management: Own the security policy library - ensure policies and standards are current, reviewed on a defined cadence, approved through the right channels, and communicated to the business.
  • AI policy and guidance: Develop and maintain the company's AI usage policies, acceptable use guidance, and review process for new AI tools, in coordination with Counsels and IT.
  • System inventory: Build and maintain an authoritative inventory of systems, applications, data flows, and ownership. Keep it accurate as the environment evolves.
  • Audit and assessment support: Lead responses to internal and external audits, customer security reviews, and regulatory inquiries. Manage remediation of identified findings through closure.
  • Risk management: Identify, document, and track information security risks; propose mitigations and report on residual risk to leadership.
Leadership & Cross-Functional Partnership
  • Stakeholder engagement: Partner with IT, Counsels, HR, and business leaders on security matters, providing clear guidance that balances risk with business needs.
  • Operational Technology (OT): Act as a partner and advisor to the OT team coordinating security and compliance initiatives across the company. Manage intersection of IT and OT endpoints, systems, and networks.
  • Security awareness: Drive the security awareness program, including phishing simulations, training content, and ongoing communications.
  • Vendor and third-party risk: Assess and manage security risk associated with vendors, contractors, and third-party service providers.
  • Future team leadership: Lay the groundwork to scale the function. As the program matures, hire, mentor, and lead a team of security professionals.
Education & Experience Required
  • Use of AI to enhance and scale security operations - establish AI first Security Ops
  • Bachelor's degree in computer science, information systems, cybersecurity, or related field - or equivalent professional experience.
  • 5+ years of progressive experience in information security, with demonstrated depth in security operations, engineering, or a combination of both.
  • Hands-on administration and tuning experience with Microsoft Defender (Endpoint, Identity, Cloud).
  • Production experience operating Zscaler (ZIA and/or ZPA), including policy management and troubleshooting.
  • Strong SIEM experience - building detections, tuning alerts, investigating incidents, and onboarding log sources.
  • Vulnerability management experience across cloud environments, specifically AWS and Azure.
  • Working knowledge of digital forensics and incident response methodology.
  • Demonstrated experience operating a security program aligned to the NIST Cybersecurity Framework or NIST 800-53.
  • Track record of writing, maintaining, and operationalizing security policies and standards.
  • Clear written and verbal communication, including the ability to explain technical risk to non-technical audiences.
  • Ability to work from the Durham, NC or Washington, DC office three days per week.
  • Embrace and live by the mission and values of Cypress Creek Energy
Preferred Qualifications
  • Industry certifications such as CISSP, CISM, GIAC (GCIH, GCFA, GCIA), or equivalent.
  • Experience operating in the energy, utility, or critical infrastructure sector.
  • Familiarity with NERC CIP or other regulatory frameworks relevant to the power sector.
  • Experience scripting or automating security workflows (Python, PowerShell, KQL).
  • Prior experience as a senior technical lead preparing to step into a manager role.
Location: The preferred location for this role is for our offices in Durham, NC and Washington, DC. Our team operates on a hybrid schedule, with in-office schedule of three days per week.
Compensation: The salary range for the position is $140,000 - $170,000 plus bonus and benefits. Compensation may vary outside of this range depending on a number of factors, including a candidate's qualifications, skills, competencies and experience, and location.
Benefits:
  • 15 days of Paid Time Off, accrual up to 20 days, 11 observed holidays.
  • 401(k) Match
  • Comprehensive package including medical, dental, vision and health insurance
  • Wellness stipend, family planning stipend, and generous parental leave
  • Tuition Reimbursement
  • Phone Bill Reimbursement
  • Company Swag

A note to Recruiting Agencies Cypress Creek Energy Human Resources team does not accept unsolicited resumes from third party recruiters, staffing firms, or related agencies. The Human Resources team coordinates all recruiting and hiring at our company. We do not accept resumes from third-party recruiters unless authorized by the Human Resources team and if a signed agreement is in place. Any unsolicited resumes will be considered property of CCE and we are not responsible for any related fees. All communication related to recruiting partnerships should ONLY be directed to the Human Resources team.
Cypress Creek Energy is an equal opportunity employer and considers all qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or veteran status. We are committed to providing a workplace that is inclusive and values diversity, and we encourage candidates from all backgrounds to apply.
Please be aware of recruiting scams-official communications will only come from @ccrenew.com, we will never request personal or financial information, and any suspicious activity should be reported to HR@ccrenew.com.