1

Senior Technology Risk Management Jobs in Colorado

Reporting to the Senior Enterprise Risk Manager, you will play a hands-on role in executing risk ... Background in startup, aerospace, defense technology, or SaaS companies operating in regulated ...

Lead end-to-end risk-based IT operational audit engagements, including planning, fieldwork ... Assess key cybersecurity controls, including access management, logging and monitoring, and ...

... technology risk management domains such as but not limited to: application security, infrastructure security, identity and access management, vulnerability and cyber threat management, security ...

Director of Enterprise Risk

Westminster, CO ยท On-site

$160K - $221K/yr

... management playbooks. * Provide strategic executive oversight for global safety, security standards, and the company's macro insurance and risk transfer strategy. * Build a technology-enabled risk ...

Director of Enterprise Risk

Westminster, CO ยท On-site

$160K - $221K/yr

... management playbooks. * Provide strategic executive oversight for global safety, security standards, and the company's macro insurance and risk transfer strategy. * Build a technology-enabled risk ...

Financial Risk Senior Consultant

Denver, CO ยท On-site

$119K/yr

... technology, or risk management Required Qualifications * Bachelor's degree in Finance, Economics ... Financial Services Senior Consultant - Financial Risk Our Deloitte Regulatory, Risk & Forensic team ...

Senior Internal Auditor

Denver, CO ยท On-site

$77K - $92K/yr

Coordinates with assurance functions such as Compliance, Legal, Quality Assurance, IT Risk, and ... Effective project management, organizational, and presentation skills * Strong communication and ...

next page

Showing results 1-20

Senior Technology Risk Management information

What does a technology risk manager do?

A technology risk manager identifies, assesses, and mitigates risks related to information technology and cybersecurity within an organization. They develop policies, implement controls, and monitor systems to ensure data security and compliance, often using tools like risk assessment frameworks and security protocols. Strong analytical skills and knowledge of industry standards such as ISO 27001 or NIST are essential for this role.

How much does a senior technology risk analyst make at Fidelity?

A senior technology risk analyst at Fidelity typically earns between $90,000 and $130,000 annually, depending on experience, location, and certifications. The role often requires knowledge of risk assessment tools and regulatory compliance standards.

What is the highest salary for a risk manager?

Senior Technology Risk Management professionals can earn salaries up to $150,000 or higher annually, depending on experience, certifications, and the size of the organization. Top earners in this field often have advanced skills in cybersecurity, compliance, and risk assessment, and may receive bonuses or other incentives.

How does a Senior Technology Risk Management professional typically collaborate with other departments within an organization?

A Senior Technology Risk Management professional regularly works with teams across IT, compliance, internal audit, and business units to identify, assess, and mitigate technology-related risks. This collaboration often involves participating in cross-functional meetings, providing guidance on risk controls, and ensuring that technology initiatives align with the overall risk appetite of the organization. Strong communication skills are essential, as the role requires translating complex technical risks into actionable recommendations for non-technical stakeholders. Building solid relationships with various departments is crucial to effectively manage and respond to emerging risks.

What are the key skills and qualifications needed to thrive as a Senior Technology Risk Management professional, and why are they important?

To thrive as a Senior Technology Risk Management professional, you need a deep understanding of IT risk frameworks, cybersecurity principles, and regulatory requirements, often supported by a degree in information security or related fields and certifications like CISA, CISSP, or CRISC. Familiarity with risk assessment tools, GRC (Governance, Risk, and Compliance) platforms, and incident management systems is typically required. Strong analytical thinking, communication skills, and stakeholder management abilities help professionals excel in this role. These skills and qualities are vital for effectively identifying, assessing, and mitigating technology risks to protect organizational assets and ensure regulatory compliance.

What is the difference between Senior Technology Risk Management vs Cybersecurity Analyst?

AspectSenior Technology Risk ManagementCybersecurity Analyst
Required CredentialsCertifications like CRISC, CISSP, CISACertifications like CompTIA Security+, CISSP, CEH
Work EnvironmentRisk assessment, policy development, strategic planningMonitoring security systems, incident response, vulnerability assessment
Employer & Industry UsageFinancial, healthcare, large enterprisesIT firms, government agencies, tech companies

While both roles focus on security, Senior Technology Risk Management emphasizes strategic risk assessment and mitigation planning, whereas Cybersecurity Analysts focus on technical security operations and incident response. The roles often collaborate but differ in scope and daily responsibilities.

What is the highest paying risk management job?

In risk management, senior roles such as Chief Risk Officer (CRO) or Director of Risk Management tend to have the highest salaries, often exceeding six figures annually. These positions require extensive experience, advanced certifications like FRM or CRM, and strong leadership skills, especially in financial services, insurance, or large corporations.

What is Senior Technology Risk Management?

Senior Technology Risk Management refers to a leadership role responsible for identifying, assessing, and mitigating technology-related risks within an organization. Professionals in this position develop risk management strategies, ensure compliance with regulations, and oversee the implementation of security controls to protect information systems. They collaborate with IT, business, and compliance teams to address vulnerabilities and respond to emerging threats. Their work helps safeguard critical assets and supports the organization's overall risk management framework.
What are the most commonly searched types of Technology Risk Management jobs in Colorado? The most popular types of Technology Risk Management jobs in Colorado are:
What are popular job titles related to Senior Technology Risk Management jobs in Colorado? For Senior Technology Risk Management jobs in Colorado, the most frequently searched job titles are:
What job categories do people searching Senior Technology Risk Management jobs in Colorado look for? The top searched job categories for Senior Technology Risk Management jobs in Colorado are:
What cities in Colorado are hiring for Senior Technology Risk Management jobs? Cities in Colorado with the most Senior Technology Risk Management job openings:
Enterprise Risk Analyst

Enterprise Risk Analyst

True Anomaly

Denver, CO โ€ข On-site

Full-time

Medical, Dental, Vision, Retirement, PTO

Re-posted 18 days ago


Job description

Space is a warfighting domain. True Anomaly seeks those with the talent and ambition to build the technology that secures it.
OUR MISSION
True Anomaly delivers decisive capabilities for space superiority. We build autonomous spacecraft, advanced payloads, mission software, and space-based interceptors - enabling the U.S. and its Allies to secure the space environment and counter threats from the ultimate high ground.
OUR VALUES
  • Be the offset. We create asymmetric advantages with creativity and ingenuity.
  • What would it take? We challenge assumptions to deliver ambitious results.
  • It's the people. Our team is our competitive advantage and we are better together.

Your Mission
We are seeking a driven and detail-oriented Enterprise Risk Analyst to support two distinct but interconnected lines of effort: Enterprise Risk Management (ERM) and Third-Party Vendor Risk Management (TPVRM). Reporting to the Senior Enterprise Risk Manager, you will play a hands-on role in executing risk assessments, maintaining program documentation, tracking remediation activities, and building the data foundation that powers executive-level risk decision-making.
This role is ideal for a mid-career risk professional who is fluent in frameworks such as NIST RMF and CMMC, is developing practical experience with risk quantification methodologies like FAIR and OCTAVE, and is eager to grow within a fast-paced aerospace and defense SaaS environment. You will work closely with engineering, security, legal, compliance, and operations teams to help identify, document, and track risk across the enterprise and its third-party supply chain.
Responsibilities:
Enterprise Risk Management
  • Support the design, execution, and continuous improvement of the enterprise risk management program under the direction of the Senior Enterprise Risk Manager.
  • Assist in conducting structured risk assessments using OCTAVE or similar threat-and-asset-centric methodologies, documenting findings, threat profiles, and recommended mitigations.
  • Support the application of FAIR methodology to help quantify risks in financial terms and contribute to risk prioritization analyses for leadership.
  • Maintain and update the enterprise risk register, ensuring accuracy of risk ratings, ownership assignments, remediation status, and residual risk tracking.
  • Build and maintain program dashboards, KPI/KRI reports, and status tracking using tools such as Jira, Confluence, enterprise GRC platforms, and MS Project.
  • Assist with audit readiness activities including evidence collection, pre-assessment preparation, control documentation, and post-audit remediation tracking.
  • Support POA&M management for IL5 and IL6 environments, tracking open items to closure and escalating blockers to the Enterprise Risk Manager.
  • Contribute to the development and maintenance of risk policies, standards, and guidelines aligned to NIST SP 800-53 Rev. 5, NIST SP 800-171, RMF, and CMMC Level 3.
  • Coordinate and track internal audit schedules, findings, and corrective action plans across business units.

Third-Party Vendor Risk Management
  • Execute vendor risk assessments as part of the onboarding and periodic review lifecycle, including security questionnaire administration, documentation review, and risk scoring.
  • Maintain the vendor risk inventory and lifecycle tracking records, ensuring all vendors are appropriately tiered and assessed on schedule.
  • Monitor vendor risk signals including cybersecurity advisories, regulatory actions, and contractual compliance status, escalating material changes to the Enterprise Risk Manager.
  • Support contract and procurement teams by providing vendor risk assessment findings and recommended risk mitigation language.
  • Assist in ensuring TPVRM program alignment with CMMC supply chain requirements, DFARS clauses, and ITAR/export control considerations for critical suppliers.
  • Develop and maintain vendor risk reporting inputs and dashboard content to support executive-level visibility into third-party risk exposure.

Cross-Functional Collaboration
  • Serve as a reliable day-to-day point of contact for risk-related inquiries from internal stakeholders across engineering, security, operations, and legal teams.
  • Track program milestones, action items, and deliverables, proactively communicating status and flagging risks or dependencies to the Enterprise Risk Manager.
  • Continuously improve risk program workflows, documentation templates, and reporting processes to support scalable and repeatable execution.
  • Support the preparation of materials for internal leadership briefings, external assessor interactions, and government partner reviews.

Qualifications
  • 5+ years of experience in enterprise risk management, GRC, cybersecurity risk, compliance, or a closely related discipline.
  • Working knowledge of NIST SP 800-53, NIST SP 800-171, DoD RMF (IL5/IL6), and CMMC, with direct experience supporting assessments or audits under one or more of these frameworks.
  • Familiarity with risk assessment methodologies including FAIR and/or OCTAVE, with a desire to deepen applied expertise in risk quantification.
  • Experience supporting or executing third-party/vendor risk assessments, including questionnaire administration, documentation review, and risk tracking.
  • Hands-on experience with program management and GRC documentation tools including Jira, Confluence (Atlassian suite), MS Project, enterprise GRC platforms, and MS Visio or Lucidchart.
  • Strong written and verbal communication skills, with the ability to clearly document findings and translate risk concepts for both technical and non-technical audiences.
  • Highly organized, self-directed, and comfortable managing multiple workstreams simultaneously in a fast-paced, regulated environment.
  • Active or ability to obtain SECRET, TS/SCI security clearance.
  • Must be a U.S. citizen, lawful permanent resident, or protected individual per ITAR requirements (8 U.S.C. 1324b(a)(3)).

Preferred Qualifications
  • Background in startup, aerospace, defense technology, or SaaS companies operating in regulated government markets.
  • Industry certifications such as:
  • Certified in Risk and Information Systems Control (CRISC)
  • Certified Information Systems Auditor (CISA)
  • Open FAIR Certification (The Open Group)
  • CompTIA Security+ or equivalent
  • Certified ScrumMaster (CSM) or similar Agile certification
  • Experience with cloud environments, particularly Azure Government and/or AWS GovCloud.
  • Familiarity with POA&M management, SSP documentation, and audit evidence collection in DoD authorization contexts.
  • Working knowledge of ITAR, EAR, DFARS, and export control considerations as they relate to vendor and supply chain risk.
  • Familiarity with Agile/Scrum and hybrid project delivery models.

Compensation
  • Base Salary: Denver - $115,000 to $155,000, Long Beach - $120,000 to $165,000, Washington, DC - $120,000 to $165,000, SF Bay Area - $132,000 to $178,000
  • Equity + Benefits including Health, Dental, Vision, HRA/HSA options, PTO and paid holidays, 401K, Parental Leave

Your actual level and base salary will be determined on a case-by-case basis and may vary based on the following considerations: job-related knowledge and skills, education, location, and experience.
Additional Requirements
  • Work Location: This role will be onsite at one of our office locations: Centennial, CO, Long Beach, CA, SF Bay Area, or Washington, DC #LI-Onsite
  • Work Environment: Standard office setting, working at a desk or in a production factory environment
  • Physical Demands: May include frequent standing, sitting, walking, bending, and lifting or carrying items up to 20 lbs.

This position will be open until it is successfully filled.
To conform to U.S. Government space technology export regulations, including the International Traffic in Arms Regulations (ITAR), you must be a U.S. citizen, lawful permanent resident of the U.S., protected individual as defined by 8 U.S.C. 1324b(a)(3), or eligible to obtain the required authorizations from the U.S. Department of State.
We value diversity of experience, knowledge, backgrounds, and perspectives and harness these qualities to create extraordinary impact. True Anomaly is committed to equal employment opportunity regardless of sex, race, religion or belief, ethnic or national origin, disability, age, citizenship, marital, domestic or civil partnership status, sexual orientation, gender identity, pregnancy, maternity or related condition (including breastfeeding) or any other basis as protected by applicable law. If you have a disability or additional need that requires accommodation, please do not hesitate to let us know.
To conform to U.S. Government space technology export regulations, including the International Traffic in Arms Regulations (ITAR) you must be a U.S. citizen, lawful permanent resident of the U.S., protected individual as defined by 8 U.S.C. 1324b(a)(3), or eligible to obtain the required authorizations from the U.S. Department of State.
True Anomaly is committed to equal employment opportunity on any basis protected by applicable state and federal laws. If you have a disability or additional need that requires accommodation, please do not hesitate to let us.