1

Third Party Cybersecurity Risk Jobs in California

Required Qualifications 7+ years in cybersecurity with at least 3 years of dedicated third-party or supply chain risk management experience Demonstrated hands-on proficiency with BitSight or an ...

As our new Third Party Risk Analyst , you will play a critical role in protecting Anaplan by managing the risks associated with our third-party suppliers and reporting to our legal team. You will be ...

As our new Third Party Risk Analyst , you will play a critical role in protecting Anaplan by managing the risks associated with our third-party suppliers and reporting to our legal team. You will be ...

Required Qualifications • 7+ years in cybersecurity with at least 3 years of dedicated third-party or supply chain risk management experience • Demonstrated hands-on proficiency with BitSight or ...

next page

Showing results 1-20

Third Party Cybersecurity Risk information

How much does a third party risk analyst make?

A third party risk analyst typically earns between $70,000 and $110,000 annually, depending on experience, location, and industry. Professionals in cybersecurity risk management often hold certifications like CISSP or CRISC, which can influence salary levels.

Is third party risk management a good career?

Third Party Cybersecurity Risk management is a growing field that involves assessing and mitigating risks from external vendors and partners. It requires knowledge of cybersecurity principles, risk assessment tools, and often certifications like CISSP or CISM. The role offers opportunities in various industries with increasing demand due to the importance of supply chain security.

What is third-party risk management in cybersecurity?

Third-party risk management in cybersecurity involves identifying, assessing, and mitigating risks posed by external vendors, suppliers, or partners that have access to an organization’s systems or data. For cybersecurity professionals, this includes evaluating third-party security controls, conducting audits, and ensuring compliance with standards like ISO 27001 or NIST frameworks to reduce potential vulnerabilities. Effective management helps prevent data breaches and maintains the organization’s security posture.

What is the difference between Third Party Cybersecurity Risk vs Cybersecurity Analyst?

AspectThird Party Cybersecurity RiskCybersecurity Analyst
CertificationsISO 27001, CISSP, CISACISSP, CompTIA Security+, CEH
Work EnvironmentVendor assessments, risk management teams, client organizationsSecurity operations centers, IT departments, consulting firms
Industry UsageSupply chain, vendor management, complianceNetwork security, incident response, vulnerability assessment

Third Party Cybersecurity Risk professionals focus on evaluating and managing risks from external vendors and partners, ensuring compliance and reducing supply chain vulnerabilities. Cybersecurity Analysts primarily monitor, analyze, and respond to security threats within an organization’s own systems. While both roles require security certifications and involve risk assessment, their focus areas and work environments differ significantly.

Can you make $500,000 a year in cyber security?

Third Party Cybersecurity Risk professionals can potentially earn $500,000 annually, especially at senior levels or in executive roles such as Chief Information Security Officer (CISO). Achieving this salary typically requires extensive experience, advanced certifications like CISSP or CISM, and leadership responsibilities overseeing large security programs. Compensation varies based on industry, company size, location, and individual expertise.
What job categories do people searching Third Party Cybersecurity Risk jobs in California look for? The top searched job categories for Third Party Cybersecurity Risk jobs in California are:
What cities in California are hiring for Third Party Cybersecurity Risk jobs? Cities in California with the most Third Party Cybersecurity Risk job openings:
Director, Cybersecurity Governance, Risk and Compliance

Director, Cybersecurity Governance, Risk and Compliance

Directv

El Segundo, CA • On-site

$118K - $159K/yr

Full-time

Posted 11 days ago


DIRECTV rating

7.2

Company rating: 7.2 out of 10

Based on 37 frontline employees who took The Breakroom Quiz

47th of 80 rated telecommunications companies


Job description

The Director, Cybersecurity Governance, Risk and Compliance (GRC) is responsible for leading DIRECTV's enterprise cybersecurity governance, risk management, compliance, policy, and security assurance programs. This role provides strategic leadership and operational oversight across cybersecurity governance functions, ensuring cybersecurity risks are effectively managed, regulatory and contractual obligations are met, and cybersecurity initiatives align with business objectives.

The Director serves as the primary leader for cybersecurity governance activities, executive cybersecurity reporting, risk management, compliance programs, security awareness initiatives, supplier security oversight, and security assurance testing programs.

This position manages a team of cybersecurity professionals and contractors and serves as a key partner to technology, business, audit, legal, procurement, privacy, and executive leadership teams.

Here's what you'll do:

Cybersecurity Governance

  • Lead the enterprise Cybersecurity Governance Program.
  • Develop and maintain cybersecurity KPIs, KRIs, scorecards, and executive reporting.
  • Prepare and facilitate monthly Cybersecurity Governance Reviews and executive presentations.
  • Track cybersecurity initiatives, remediation activities, and strategic priorities.
  • Drive accountability for cybersecurity performance across the organization.

Cyber Risk Management

  • Lead enterprise cyber risk identification, assessment, reporting, and remediation programs.
  • Maintain cybersecurity risk registers and risk treatment plans.
  • Facilitate risk reviews with business and technology stakeholders.
  • Present cybersecurity risk posture to senior leadership.

Policy, Standards and Governance

  • Own cybersecurity policies, standards, procedures, and governance frameworks.
  • Ensure alignment with industry standards and regulatory requirements.
  • Maintain governance processes supporting cybersecurity decision-making.

Compliance and Audit

  • Lead cybersecurity compliance activities supporting PCI DSS, SOX, regulatory, and contractual requirements.
  • Coordinate internal and external audits.
  • Manage remediation efforts resulting from audit findings and assessments.
  • Maintain cybersecurity control documentation and evidence repositories.

Third-Party and Supplier Security

  • Lead Supplier Information Security Requirement (SISR) governance and oversight.
  • Manage third-party cybersecurity risk assessments and monitoring.
  • Partner with Procurement, Legal, and Vendor Management organizations to ensure supplier security compliance.

Security Awareness and Training

  • Lead enterprise cybersecurity awareness, training, and phishing simulation programs.
  • Establish metrics to measure effectiveness and maturity.
  • Drive continuous improvement of employee cybersecurity culture.

Security Assurance and Testing Programs

  • Provide governance oversight of:
    • Static Application Security Testing (SAST)
    • Dynamic Application Security Testing (DAST)
    • Application Penetration Testing
    • Infrastructure Penetration Testing
    • Vulnerability Assessment Programs
  • Ensure testing results are tracked, reported, and remediated appropriately.

Leadership and People Management

  • Lead and develop cybersecurity governance personnel and contractors.
  • Manage vendor and consulting relationships supporting GRC activities.
  • Establish goals, objectives, and performance measures for the organization.
  • Build a scalable governance function supporting DIRECTV's cybersecurity strategy.

What you'll need to be successful:

Required

  • Bachelor's degree in Cybersecurity, Information Technology, Business, Engineering, or related field.
  • 5 - 7 years required, 10+ years desired progressive cybersecurity experience.
  • 5+ years of leadership experience managing cybersecurity programs and teams.
  • Deep knowledge of cybersecurity governance, risk management, compliance, and security frameworks.
  • Experience with PCI DSS, NIST Cybersecurity Framework, ISO 27001, CIS Controls, and risk management methodologies.
  • Experience presenting cybersecurity metrics and risk information to executive leadership.
  • Strong written and verbal communication skills.

Preferred

  • CISSP, CISM, CRISC, CGEIT, PCI ISA, or equivalent certifications.
  • Experience leading enterprise cybersecurity governance programs.
  • Experience in telecommunications, media, technology, or highly regulated industries.
  • Experience building cybersecurity governance organizations during periods of transformation or separation activities.

Reporting Relationship

Reports to: Senior Director, IT & Corporate Cybersecurity

Organization Scope

  • Direct leadership responsibility for Cybersecurity Governance, Risk and Compliance functions.
  • Oversight of approximately six contractor resources and future employee growth within the GRC organization.
  • Enterprise-wide responsibility for cybersecurity governance, risk management, compliance, policy, awareness, supplier security, and security assurance oversight.

May require a background check due to job duties requiring routine access to DIRECTV and DIRECTV customer's proprietary data. Qualified applicants with arrest and conviction will be considered for employment in accordance with local ordinances and state law.

This is a remote position that can be located anywhere in the contiguous United States. #LI-Remote

A career with us comes with big rewards:

DIRECTV's compensation structure is designed to be market-competitive and fully supports efforts to attract and retain employees. It is the company's policy to offer pay that is competitive with other employers in the local market. Our salary ranges are determined by role, level, and location.

The Base Salary range displayed below reflects the minimum and maximum target salary for each of DIRECTV's 4 (four) US Labor Market Zones. Within the range, individual pay is determined by work location and additional factors, including job-related skills, experience, and relevant education or training.

DIRECTV WAGE ZONES: $147,830 - $268,307

Low (N1): $147,830 - $221,645

Mid (N2): $155,610 - $233,310

High (N3): $171,171 - $256,641

Top (N4): $178,952 - $268,307

Click HERE to review information on some of the largest Designated Market Areas (DMAs). Your recruiter can share more about the specific salary range for your preferred location during the hiring process.

Please note that the salary ranges reflect base salary only and do not include bonus or benefits - when you consider all of these together, it represents a pretty impressive total compensation package.

Apply today!

Fair Chance Ordinance Notice for Los Angeles County applying for jobs at DIRECTVCompliance Notice Regarding Use of Automated Decision-Making Tools in Hiring Process

What DIRECTV employees say

Pay

Benefits

Hours and flexibility

Workplace

Get the full story on Breakroom