Apply

Ready to go for it?

AI Apply speeds things up—apply directly if you prefer.

FREE ACCESS
5,000–10,000 jobs/day
JobTailor Logo

See all jobs on JobTailor

Search thousands of fresh jobs every day.

Discover
  • Fresh listings
  • Fast filters
  • No subscription required
Create a free account and start exploring right away.
Asurion

Director, Cyber Risk

Asurion

Director of Cyber Risk overseeing cyber risk management and enterprise impact at Asurion. Guiding the development of a multi-year maturity uplift in risk management practices.

Posted 6/29/2026full-timeSterling • Virginia • 🇺🇸 United StatesLeadWebsite

Tech Stack

Tools & technologies
Cyber SecurityServiceNow

About the role

Key responsibilities & impact
  • Own and continuously improve the cyber and technology risk management framework, methodology, taxonomy, and lifecycle aligned to NIST CSF 2.0, ISO 27001/27005, and applicable regulatory obligations.
  • Define standards, procedures, and rating scales for consistent enterprise-wide risk identification, assessment, and reporting; partner with the PISO model to ensure common language and practices across portfolios.
  • Lead enterprise cyber risk assessments across technology, business, regulatory, and emerging-risk domains to produce consistent, defensible determinations.
  • Establish and operate a cyber risk quantification capability (e.g., FAIR-based) to express risk in business and financial terms and inform prioritization and investment decisions.
  • Maintain the enterprise cyber risk register; ensure risks are well-described, owned, rated, and tracked to acceptable residual levels; develop and manage KRI/KCI programs for forward-looking posture.
  • Operationalize the risk appetite and tolerance framework with the CISO and senior leadership; own risk acceptance and exception governance with clear, auditable documentation and time-bound approvals.
  • Govern cyber risk policy structure, ownership, review cadence, and exception handling; chair or support cyber risk forums and escalate decisions to appropriate authority levels.
  • Lead second-line, risk-based assurance over design and operating effectiveness of key cyber controls in coordination with first-line and Internal Audit; identify thematic weaknesses and drive structural remediation.
  • Own issues and remediation management—intake, prioritization, owner assignment, tracking to closure, and escalation of aging items.
  • Define and report outcome-focused metrics (e.g., residual risk trends, out-of-appetite reduction, early-versus-late finding ratios, incidents tied to accepted risk) in executive- and board-ready formats.
  • Serve as primary point of contact for cyber risk in regulatory exams, audits, and carrier-partner due diligence.
  • Integrate cyber risk into Enterprise Risk Management to ensure consistency in enterprise risk reporting and governance; partner with Legal, Privacy, Procurement, and technology leaders to embed risk-informed decisions.
  • Oversee vendor/third-party risk within the cyber risk portfolio to ensure supply-chain risk is governed in line with enterprise practices.
  • Build, lead, and develop a team of senior managers and analysts; set objectives, manage performance, and scale capacity through process improvement, tooling, and appropriate AI-assisted workflows.

Requirements

What you’ll need
  • Bachelor’s degree in a related field or equivalent professional experience.
  • 10+ years in cybersecurity, IT/technology risk, or GRC, including 5+ years leading managers or multiple teams/domains.
  • Proven experience designing, leading, or substantially maturing an end-to-end enterprise cyber/IT risk management program.
  • Deep knowledge of NIST CSF 2.0, ISO 27001/27005, relevant regulatory regimes, and the three-lines-of-defense model.
  • Experience operating a risk register, risk appetite/tolerance framework, and risk acceptance/exception governance.
  • Hands-on experience with GRC/IRM platforms (e.g., ServiceNow IRM, Archer, OneTrust, or comparable).
  • Excellent executive communication skills with a track record of briefing senior leadership and boards.
  • Strong cross-functional influence partnering across security, technology, legal, privacy, and business teams.

Benefits

Comp & perks
  • N/A 📊 Check your resume score for this job Improve your chances of getting an interview by checking your resume score before you apply. Check Resume Score

ATS Keywords

✓ Tailor your resume
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
Risk IdentificationRisk AssessmentRisk ReportingRisk QuantificationKRI/KCI DevelopmentRisk Appetite FrameworkRisk Acceptance GovernanceCyber Controls AssuranceRemediation ManagementEnterprise Risk Integration
Soft Skills
Cross-Functional InfluenceTeam LeadershipPerformance ManagementProcess ImprovementCommunication