Lead the execution of cybersecurity risk assessments across products, SaaS platforms, infrastructure, cloud environments, vendors, and business processes
Apply NIST RMF (800‑37, 800‑30, 800‑53), ISO 27001/27701/22301, and internal Blue Yonder cybersecurity standards in all assessments
Maintain and enhance the enterprise risk register, ensuring all risks are documented, categorized, and monitored
Develop and drive risk‑response plans, collaborating with system owners, product teams, engineering, and cloud operations
Validate mitigation effectiveness and track remediations through closure
Provide expert recommendations on security controls, configuration standards, and compensating controls
Build KPIs, KRIs, dashboards, and reporting mechanisms to measure risk posture and program performance
Present risk trends, escalations, and mitigation progress to senior leadership
Ensure compliance with internal policies such as Cybersecurity Policy, Access Control Policy, Acceptable Use, and Information Classification Standards
Partner with Threat & Vulnerability Management, Application Security, Security Architecture, and GRC teams to ensure unified risk strategy and visibility
Collaborate with Legal, Compliance, and Commercial teams on contract risk requirements and customer security obligations
Promote a risk‑aware culture by educating stakeholders on risk principles, threat landscapes, and security responsibilities
Contribute to ongoing training and awareness initiatives aligned with Blue Yonder’s enterprise security program

Requirements

5+ years in cybersecurity risk management, governance, or security engineering in a complex enterprise (cloud and on‑prem environment)
Deep familiarity with NIST CSF, NIST RMF, ISO 27001/27701, SOC 2, and related frameworks
Experience performing and maturing risk assessments across technology stacks and business processes
Strong understanding of cloud platforms (AWS, Azure, GCP), SaaS environments, and modern enterprise architectures
Ability to translate technical risks into business‑level insights for executive stakeholders
Experience assessing risk associated with AI and Machine Learning.
CRISC certification or other relevant certification

Benefits

Comprehensive Medical, Dental and Vision
401K with Matching
Flexible Time Off
Corporate Fitness Program
A variety of voluntary benefits such as; Legal Plans, Accident and Hospital Indemnity, Pet Insurance and much more

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

cybersecurity risk assessmentsNIST RMFISO 27001ISO 27701ISO 22301risk-response planssecurity controlsKPI developmentrisk assessmentcloud security

Soft Skills

collaborationcommunicationleadershiprisk awarenessstakeholder educationanalytical thinkingproblem-solvingpresentation skillsstrategic thinkingadaptability

Certifications

CRISC