Cybersecurity Risk Management Manager

Nonstore WARNERCROS TEMPE AZ, United States

Full Time Mid-level / Intermediate USD 117K - 218K *

Circle K

Circle K is a convenience store and gas station chain offering a wide variety of products for people on the go. Visit us today!

View all jobs at Circle K

Apply now Apply later

Posted 7 hours ago

Job Title: Cybersecurity Risk Management Manager

Location: Remote

Job Type: Full-Time

Reports to: Head of Cybersecurity GRC

Job Overview:

We are seeking an experienced Cybersecurity Risk Management Manager to lead our risk management initiatives within the cybersecurity function. This role will focus on developing and maintaining a robust risk management framework, managing risk exceptions, and collaborating with stakeholders to mitigate security risks effectively. The ideal candidate has strong experience in cybersecurity risk assessment, developing risk mitigation strategies, and stakeholder management.

Key Responsibilities:

Risk Framework Development & Management
- Design, implement, and maintain a comprehensive cybersecurity risk management framework aligned with industry standards (e.g., NIST, ISO 27001).
- Develop policies and procedures for identifying, assessing, and mitigating cybersecurity risks.
- Conduct regular reviews and updates of the risk framework to ensure its relevance and effectiveness in response to the evolving threat landscape.
Risk Assessment & Mitigation
- Lead periodic cybersecurity risk assessments for new and existing assets, projects, and processes, prioritizing risks based on potential business impact.
- Develop and recommend risk mitigation strategies and action plans, balancing business objectives with security requirements.
Risk Exception Management
- Review and manage requests for risk exceptions, evaluating potential risks and compensating controls.
- Collaborate with technical teams and business units to ensure appropriate and effective compensating controls are implemented for accepted risks.
- Maintain a risk exception register, monitoring expiration dates, and following up with stakeholders to address outstanding risk items.
Stakeholder & Business Collaboration
- Work closely with cross-functional teams, including IT, Legal, Compliance, and business units, to understand and address cybersecurity risks across the organization.
- Provide guidance and recommendations to stakeholders on cybersecurity risk matters, ensuring alignment between security and business objectives.
- Lead regular meetings with stakeholders to report on risk assessment outcomes, exception statuses, and action items.
Monitoring & Reporting
- Develop and maintain key risk indicators (KRIs) and metrics to track the organization's cybersecurity risk posture.
- Generate and present regular risk reports to leadership, providing insights into key risk areas and trends.
- Ensure timely communication of high-risk findings and remediation progress to senior management.
Continuous Improvement
- Stay up-to-date with the latest cybersecurity threats, vulnerabilities, and regulatory requirements, incorporating relevant changes into the risk framework.
- Promote a risk-aware culture by providing training and guidance on cybersecurity risks and best practices.

Qualifications:

Bachelor’s degree in Cybersecurity, Information Technology, Risk Management, or related field; advanced degree preferred.
5+ years of experience in cybersecurity risk management or a related field, with a proven track record of developing and managing risk frameworks.
Strong knowledge of cybersecurity frameworks and standards (e.g., NIST, ISO 27001, CIS).
Experience in managing risk exceptions, conducting risk assessments, and working with cross-functional teams.
Certifications such as CISSP, CISM, CRISC, or similar are highly preferred.
Excellent communication and interpersonal skills, with the ability to effectively engage and influence stakeholders at various levels.
Proficiency in risk management tools and software is a plus.

#LI-CQ1