1

Security Risk Management Jobs in Arizona (NOW HIRING)

Risk and Vulnerability Analyst

Chandler, AZ ยท On-site

$80K - $128K/yr

Minimum of 2 years of experience in security operations, vulnerability management, or risk analysis. * Hands-on experience with industry vulnerability scanning tools, cloud compliance platforms, ISVM ...

Minimum of 2 years of experience in security operations, vulnerability management, or risk analysis. * Hands-on experience with industry vulnerability scanning tools, cloud compliance platforms, ISVM ...

Risk and Vulnerability Analyst

Chandler, AZ ยท On-site

$80K - $128K/yr

Minimum of 2 years of experience in security operations, vulnerability management, or risk analysis. * Hands-on experience with industry vulnerability scanning tools, cloud compliance platforms, ISVM ...

Security Manager

Phoenix, AZ ยท On-site

$37 - $40/hr

Knowledge of security operations, risk management, compliance, and contract management. * Proficiency with Microsoft Office, including Word, Excel, Outlook, PowerPoint, Teams, SharePoint, and Visio.

New

next page

Showing results 1-20

Security Risk Management information

See Arizona salary details

$9

$46

$65

How much do security risk management jobs pay per hour?

As of Jul 10, 2026, the average hourly pay for security risk management in Arizona is $46.97, according to ZipRecruiter salary data. Most workers in this role earn between $38.08 and $56.01 per hour, depending on experience, location, and employer.

What are the typical challenges faced by professionals in Security Risk Management, and how can they be addressed?

Professionals in Security Risk Management often encounter challenges such as rapidly evolving threats, balancing security with business operations, and ensuring organization-wide compliance with regulations. Staying current with the latest risk trends and fostering cross-department collaboration are key strategies for overcoming these obstacles. Additionally, clear communication of risks to non-technical stakeholders and ongoing training are essential for building a proactive security culture and effective risk mitigation.

What is Security Risk Management?

Security Risk Management is the process of identifying, assessing, and mitigating risks to an organization's information, assets, and operations. It involves evaluating potential threats and vulnerabilities, determining their potential impact, and implementing strategies to minimize or control these risks. The goal is to protect the organization from security breaches, data loss, and other threats while ensuring compliance with legal and regulatory requirements. Security Risk Management is essential for maintaining business continuity and safeguarding reputation.

What are the key skills and qualifications needed to thrive in Security Risk Management, and why are they important?

To excel in Security Risk Management, you need a solid understanding of risk assessment frameworks, cybersecurity principles, and compliance standards, often supported by a degree in information security or related fields. Familiarity with risk management tools, security incident response systems, and certifications such as CISSP or CISM is typically required. Strong analytical thinking, communication, and decision-making skills help professionals navigate complex threats and collaborate across departments. These competencies are crucial for effectively identifying, mitigating, and communicating risks to protect organizational assets and ensure regulatory compliance.

What is the difference between Security Risk Management vs Security Analyst?

AspectSecurity Risk ManagementSecurity Analyst
CertificationsCRISC, CISSP, CISMCompTIA Security+, CISSP, CEH
Work EnvironmentStrategic, policy-focused, risk assessmentOperational, monitoring, incident response
Employer & Industry UsageOrganizations managing enterprise security risksSecurity teams, cybersecurity firms, IT departments

Security Risk Management focuses on identifying, assessing, and mitigating security risks at an organizational level, often involving policy development and strategic planning. In contrast, Security Analysts primarily monitor security systems, analyze threats, and respond to incidents. Both roles are essential but differ in scope and responsibilities within the cybersecurity field.

What job categories do people searching Security Risk Management jobs in Arizona look for? The top searched job categories for Security Risk Management jobs in Arizona are:
What cities in Arizona are hiring for Security Risk Management jobs? Cities in Arizona with the most Security Risk Management job openings:
Infographic showing various Security Risk Management job openings in Arizona as of July 2026, with employment types broken down into 1% As Needed, 83% Full Time, 13% Part Time, 1% Temporary, and 2% Contract. Highlights an 87% Physical, 3% Hybrid, and 10% Remote job distribution, with an average salary of $97,706 per year, or $47 per hour.
Director, Enterprise Security

Director, Enterprise Security

Tucson Electric Power

Tucson, AZ โ€ข On-site

Full-time

Posted 13 hours ago

Posted today


Job description

We are looking for talented individuals who are passionate about making an impact in the company and the community. Apply now and become part of the dynamic energy industry!

Are you a strategic security leader who can balance risk, reliability, compliance, and innovation? Join Tucson Electric Power as our Director of Enterprise Security and help protect the critical technology, infrastructure, and operations that power our communities every day.

As a member of the IT Leadership Team, you will shape enterprise security strategy, influence technology decisions, and lead multidisciplinary teams responsible for cybersecurity, operational technology (OT) security, physical security, identity and access management, and governance, risk, and compliance.

What You Will Do

  • Lead TEP's enterprise security strategy and roadmap across cybersecurity, OT security, physical security, IAM, and compliance.
  • Partner with executive leadership to align security investments and priorities with business objectives.
  • Strengthen cyber resilience, incident response capabilities, and enterprise risk management programs.
  • Advance cloud security, Zero Trust initiatives, and secure-by-design technology practices.
  • Collaborate with operations and engineering leaders to protect critical infrastructure while supporting reliability and operational excellence.
  • Lead and develop high-performing teams while overseeing budgets, vendors, and strategic security investments.

What You Bring

  • Bachelor's degree in Information Security, Computer Science, Engineering, Business, or a related field, or equivalent experience.
  • 8+ years of progressive leadership experience in enterprise security, risk, technology, or critical infrastructure environments.
  • Experience leading enterprise security programs and influencing executive stakeholders.
  • Knowledge of regulatory, compliance, and audit requirements.
  • Experience working across both IT and operational technology (OT) environments.
  • Strong executive communication, collaboration, and leadership skills.

Preferred: Utility, energy, or critical infrastructure experience; cloud security and Zero Trust transformation expertise; relevant certifications such as CISSP, CISM, CRISC, CCSP, GICSP, or PMP.

Help shape the future of secure, reliable energy delivery while leading enterprise-wide security strategy for one of Arizona's premier energy providers.

Position Description

The Director of Enterprise Security is the senior-most authority responsible for the organization's enterprise security posture. This role provides strategic leadership, governance, and execution across Cybersecurity (IT and OT), Physical Security, Identity & Access Management, and Enterprise Compliance in a highly regulated utility environment.

This role is a key member of the IT Leadership Team, serving as a strategic partner to the CIO and a peer to other senior IT leaders. The Director collaborates in establishing and executing the enterprise IT vision, strategy, architecture, and investment priorities, ensuring security is embedded into all technology decisions and initiatives. As a member of the IT Leadership Team, this role shares accountability for delivering secure, reliable, resilient, and compliant technology capabilities aligned with company strategy and operational priorities.

The Director defines and executes a comprehensive enterprise security strategy that protects critical infrastructure, ensures regulatory compliance, enables a CloudFirst operating model, and maintains customer, regulator, and stakeholder trust. The role partners closely with executive leadership, operational organizations, and business stakeholders to balance security, reliability, safety, cost, and innovation, ensuring that security investments are risk-informed, financially responsible, and clearly tied to business value, regulatory obligations, operational resilience, and measurable risk reduction.

Key Responsibilities

Enterprise Security Leadership & Strategy

  • Serve as the enterprise leader accountable for all security domains, including IT cybersecurity, OT cybersecurity, physical security, identity and access management, and compliance.
  • Define, maintain, and execute a multiyear Enterprise Security Strategy and roadmap aligned with company strategy, IT strategy, regulatory requirements, and operational priorities.
  • Establish enterprise security governance, metrics, and executive reporting, including risk posture, maturity indicators, and investment effectiveness.
  • Act as the primary security and risk advisor to the CIO and executive leadership. As appropriate, develop and present materials to these stakeholders in support of the security function.
  • Partner with Enterprise Risk Management to identify, quantify, communicate, and monitor enterprise security risks.

IT Leadership & Enterprise Technology Strategy

  • Serve as an active, peer-level member of the IT Leadership Team, contributing to enterprise IT strategy, operating model, and transformation roadmap.
  • Partner with senior IT leaders across infrastructure, applications, data, architecture, and operations to advance secure-by-design practices, with clear exception, risk acceptance, and prioritization processes.
  • Partner with senior leaders across the organization to amplify and achieve security goals.
  • Influence enterprise technology investment and architectural decisions through riskinformed guidance that balances security, reliability, cost, and business value.
  • Participate as a decisionmaker in IT governance forums, architecture review, and strategic planning processes.
  • Ensure security strategy and capabilities are tightly integrated with IT modernization initiatives.
  • Prepare and deliver clear, business-oriented security updates for executive, board, audit, regulatory, and governance forums as needed.

CloudFirst Security Enablement

  • Lead the design and implementation of security capabilities that enable and scale a CloudFirst enterprise architecture.
  • Establish cloud security standards, reference architectures, and guardrails, including:
    • Secure cloud landing zones
    • Cloud security posture management (CSPM)
    • Cloud workload, container, and API security
    • Data protection and encryption strategies
  • Embed security into application delivery through DevSecOps secure SDLC practices.
  • Govern thirdparty and cloud service provider risk through standardized assessments and monitoring.

Operational Technology (OT) Cybersecurity Maturity

  • Provide leadership for OT cybersecurity across generation, transmission, distribution, and field operations.
  • Partner with Operations, Engineering, and Reliability teams to advance OT cyber maturity while preserving safety and system reliability.
  • Establish OT cybersecurity governance covering:
    • Asset visibility and classification
    • Network segmentation and secure remote access
    • Vendor and contractor access controls
    • OTappropriate vulnerability and patch management
  • Develop, test, and maintain OTspecific incident response plans and conduct exercises.

IT Cybersecurity Maturity & Resilience

  • Maintain and continuously improve enterprise IT cybersecurity maturity, including:
    • Security operations (SOC), monitoring, and SIEM/SOAR
    • Vulnerability management and configuration compliance
    • Endpoint, network, and email security
    • Data protection, privacy controls, and encryption
  • Partner with business continuity, disaster recovery, operations, and risk leaders to strengthen cyber resilience.

Integrated Governance, Risk & Compliance (GRC)

  • Implement and operate a fully integrated enterprise GRC program spanning cybersecurity, physical security, privacy, and operational risk.
  • Establish cloud, identity, infrastructure, application, data, and third-party security standards, guardrails, and governance practices that enable secure enterprise modernization.
  • Maintain an enterprise security risk register with formal risk acceptance and exception governance.
  • Support internal, external, and regulatory audits; ensure audit readiness and timely remediation.
  • Serve as executive sponsor of internal and external security assessments.

Zero Trust Strategy & Implementation

  • Own and execute the enterprise Zero Trust strategy and roadmap.
  • Implement Zero Trust principles across:
    • Identityfirst access controls and strong authentication
    • Least privilege and privileged access management (PAM)
    • Network segmentation and microsegmentation
    • Continuous verification based on user, device, and risk context
  • Establish metrics to measure Zero Trust adoption and reduction in attack surface.

Physical Security

  • Provide strategic oversight for physical security programs protecting personnel, facilities, substations, and critical infrastructure.
  • Ensure alignment between physical access controls, identity systems, and enterprise risk posture.
  • Coordinate with internal stakeholders and external partners as appropriate.
  • Appropriately, leverage guard force and physical security technology to reduce physical security risk.

Incident Response & Crisis Leadership

  • Lead enterprise security incident response governance and coordinate cyber/physical security response capabilities
  • Ensure clear command structure, escalation protocols, and coordination with Legal, Communications, HR, Operations, and executive leadership.
  • Ensure security lessons learned are captured and incorporated into continuous improvement efforts.

People, Budget, and Vendor Management

  • Lead a multidisciplinary organization spanning cybersecurity, OT security, IAM, GRC, and physical security.
  • Manage budgets, prioritize investments, and oversee vendor and partner relationships.
  • Establish operating model, decision rights, and accountability across security domains.
  • Own workforce planning, budgeting, and vendor strategy.
  • Ensure security capabilities scale with business growth and transformation.

Management Responsibilities

  • Ensure that the Company's management principles, policies and programs are consistently practiced and continually support the Affirmative Action Plan.
  • Assume fiduciary responsibility for operating the business and provide recommendations on cost improvement measures.
  • Ensure that the Performance Management program is administered uniformly and effectively.
  • Comply with and administer the terms and conditions of the Collective Bargaining Agreement when applicable.
  • Administers personnel functions, including recruiting, review and approval of job descriptions and salary classifications, and selection and placement of personnel. Participates in hiring, termination, promoting, assignment and direction of staff. Ensure compliance with all applicable local, state and federal laws, regulations and standards, company policies, practices and ethical obligations to investigate, evaluate and recommend appropriate resolution to employee complaints.
  • Promotes and participates in the professional development, personal growth and career planning of staff. Motivate, recognize and reward, coach, counsel, train; provide feedback to employees during performance reviews. Participates in Leadership Development programs.
  • Addresses disciplinary and/or performance issues, according to company policy, and communicates effectively with employees regarding corrective action. Has input into the adjustment of grievances and administration of discipline.
  • Plans day-to-day operations, estimates personnel needs and schedules and assigns work. Evaluate the structure and team plan for continual improvement of the efficiency and effectiveness of the group.

Knowledge, Skills & Abilities

(Equivalent combination of education and experience will be considered.)

Minimum Qualifications

Bachelor's degree in Information Security, Computer Science, Engineering, Business, or related field (or equivalent experience).

8+ years of progressive leadership experience in enterprise security, risk, technology, or critical infrastructure roles, including experience leading cross-functional security programs.

Strong understanding of regulated environments and audit programs.

Experience working across both IT and OT environments.

Proven executive communication and stakeholder engagement skills.

Preferred Qualifications

Experience functioning as the seniormost security leader

Experience in utilities, energy, or critical infrastructure industries.

Demonstrated success with cloud security and Zero Trust transformations.

Deep experience implementing integrated GRC programs.

SOC and incident response modernization experience.

Relevant certifications (preferred): CISSP, CISM, CRISC, CCSP, GIAC (GICSP), PMP.

Master's degree (MBA, MS Cybersecurity, or related).

ADA Requirements and Physical Demands: Update below to match physical demands of the role.

The physical demands as described are representative of those that must be met by the person in this position to successfully perform the essential functions of the job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

  • Office Work:
    • Sit, Stand, Walk and Bend: This position regularly requires prolonged periods of sitting. Occasionally requires standing, walking, or bending for short periods of time.
    • Use of Hands/Fingers: To operate a computer, keyboard, mouse, and other office equipment.
    • Speech/Hearing: This position frequently communicates with others via phone and in-person.
    • Visual Acuity: For reviewing detailed operational reports.
  • Lifting: Ability to lift and carry items weighing up to 15 pounds, as needed.