Oversee the enterprise Vulnerability Management Risk Program, ensuring effective governance, prioritization, and risk-based decision-making
Partner with technology and cybersecurity owners to review findings, validate risk severity, develop remediation plans, and manage risk acceptances
Track, analyze, and report key risk indicators (KRIs), metrics, and trends, delivering clear, actionable insights to senior leadership and executive stakeholders
Ensure cybersecurity risk management practices align with industry frameworks and regulatory expectations (e.g., NIST, ISO, FAIR, COBIT)
Act as a liaison to 2nd line (Enterprise Risk Management, Compliance) and 3rd line (Internal Audit) teams, supporting risk assessments, exams, and audits
Drive continuous improvement of risk processes, tooling, metrics, and governance to enhance cybersecurity risk posture
Support risk-based decision-making by facilitating risk acceptances, exceptions, and remediation timelines in alignment with risk appetite

Requirements

5+ years of formal Technology Risk or Cybersecurity Risk Management experience
Strong background in Cybersecurity and Vulnerability Management, including vulnerability lifecycle management and risk prioritization
Strong understanding of controls and risks aligned to Identity and Access Management, Cyber Operations, Data security, Cloud Security, and Gen AI Security
Demonstrated experience partnering with technology, infrastructure, application, and cloud teams
Proven ability to communicate complex technical risk concepts to non-technical and executive audiences
Experience developing and reporting risk metrics, dashboards, and executive-level reporting
Solid understanding of risk management frameworks and standards (e.g., NIST CSF, NIST 800-53, ISO 27001, FAIR, COBIT)
Experience operating within a three lines of defense model
Strong leadership, influence, and stakeholder management skills
Insurance industry or broader financial services experience preferred
Prior experience supporting regulatory exams, internal audits, and external assessments
Familiarity with vulnerability scanning tools and risk governance platforms
Relevant certifications such as CISSP, CISM, CRISC, or CISA
Experience operating in large, complex, or highly regulated enterprise environments
Candidate must be authorized to work in the US without company sponsorship.

Benefits

Short-term or annual bonuses
Long-term incentives
On-the-spot recognition

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

Vulnerability ManagementRisk ManagementCybersecurityIdentity and Access ManagementData SecurityCloud SecurityRisk MetricsRisk PrioritizationRisk AssessmentGovernance

Soft Skills

LeadershipStakeholder ManagementCommunicationInfluenceCollaborationAnalytical ThinkingDecision-MakingProblem-SolvingInterpersonal SkillsReporting

Certifications

CISSPCISMCRISCCISA