6,353 Cybersecurity Risk jobs in the United States

Overview

With the growing threats to cybersecurity for our customers and ourselves, it is more critical than ever to mature our risk-based cybersecurity management program. At Softchoice, we want to lead the way in which we manage cybersecurity internally for our business as a positive example and role model for our customers.

The Cybersecurity Risk Manager is internally facing and responsible for identifying, assessing, and mitigating risks that could affect Softchoice's financial health, legal compliance, and reputation. This role involves strategic leadership in defining and driving the cybersecurity risk management program, establishing governance structures, ensuring regulatory compliance, and championing a culture of security across the company. The position also includes developing policies, performing assessments, and leading cross-functional teams to mitigate cybersecurity risks, particularly in alignment with ISO 27001 standards.

What You'll Do

• Take ownership for, mature our Risk Management governance/process, and leverage the broader teams for execution of risk remediation based on priorities and risk appetite.
• Set strategic direction for cybersecurity risk management, and related compliance initiatives.
• Develop and maintain a cybersecurity risk framework aligned with ISO 27001.
• Establish robust governance structures to oversee risk and compliance activities.
• Guide the organization through compliance audits and engagements with auditors.
• Oversee risk assessments to define and analyze possible risks, ensuring a comprehensive approach to risk identification.
• Evaluate the gravity (risk score) of each risk by considering potential organizational impact.
• Develop, prioritize, and lead the execution of risk treatment plans and control measures.
• Monitor and ensure evidence-based implementation of controls to achieve compliance.
• Drive process changes to eliminate or mitigate potential risks.
• Drive the execution of appropriate technology platform access reviews.
• Present risk score updates for ISMS committee and recommendations for senior leadership review.
• Define and implement contingency plans and incident response playbooks to handle cybersecurity crises effectively.
• Assess existing policies and procedures, identifying gaps and opportunities for improvement as relates to risk management.
• Recommend and drive the adoption of improved policies to strengthen the organization's cybersecurity posture.
• Drive initiatives to enhance employees' understanding of cybersecurity risks and best practices.
• Provide strategic direction, mentorship, and guidance to cross-functional teams involved in cybersecurity risk activities.
• Lead, motivate, and develop direct and indirect reports to excel in their roles. (future once ICs added under)

What You'll Bring To The Table

• 10-15 years' experience in IT including security operations (SOC).
• 5 years experience managing people directly and indirectly.
• At least 5 years working in cybersecurity governance, risk, and compliance (GRC).
• Demonstrated knowledge of risk management in the context of cybersecurity, IT compliance, risk assessment, and control.
• Demonstrated understanding of security practices, trends, and compliance audits.
• Knowledge of auditing against information security management frameworks (SOC2T2, ISO 27001:2022).
• Proven project management approach to drive outcomes is mandatory.
• Experience as a Security Analyst and/or IT Infrastructure work is desirable.
• Familiarity with industry compliance standards and regulations (e.g., GDPR, Occupational Safety and Health Act).
• Strong computer and research skills; knowledge of analysis software preferred (e.g., Statistical Analysis Software, or SAS).
• Analytical mind with problem-solving aptitude.
• Bachelor's or master's degree in computer science, engineering, information security, or a related field.
• Relevant certifications such as CISSP, CISM, CISA, CRISC.
• Professional Risk Manager (PRM) certification is a plus

Not sure if you qualify? Think about applying anyway

We understand that not everyone brings 100% of the skills and experience for the role. At Softchoice, we offer opportunities to a diverse group including those with a variety of workplace experiences and backgrounds. Whether you are new to corporate tech, returning to work after a gap in employment, or looking to transition and take the next step in your career, we are excited to learn more about you and encourage you to apply.

Why You'll Love Working Here

• The People: You'll thrive in our collaborative environment, surrounded by incredible colleagues who foster support and innovation, driving our collective success
• High-Performing Culture: At Softchoice, we are dedicated to achieving our goals and committed to success for our customers and each other
• Flexibility: Plan your workdays in a way that suits you best
• Award-Winning Workplace: Proudly recognized as a Great Place to Work for 20 consecutive years
• Inclusive Culture: We are committed to an inclusive culture where every team member can be their authentic self
• Competitive Benefits: Benefit from competitive perks that start on day one

Inclusion & Equal Opportunity Employment

We are an equal opportunity employer committed to diversity, inclusion & belonging. People seeking employment at Softchoice are considered without regard to any protected category including but not limited to, race, color, religion, national origin, age, sex, marital status, ancestry, disability, veteran status, gender identity, or sexual orientation.

Require accommodation?

We are proud to provide interview & employment accommodation during the recruitment and hiring process. If you require any accommodation to apply or interview for a position, please reach out directly to . We are committed to working with you to best meet your needs.

Our Commitment To Your Experience

We are committed to the safety of all applicants and team members. With that in mind, we have implemented digital interviewing for everyone. We understand that you may need to interview with distractions around you (such as children or furry friends) and we will be doing the same.

Before you start with us, we will conduct a criminal record check, verify your education, and check your references.

When you join Softchoice, we will onboard you remotely. Don't worry. It's quick, simple and you'll be connected with your new team in no time.

Job Requisition ID: 6759

EoE/M/F/Vet/Disability

#J-18808-Ljbffr

Cybersecurity Risk Manager

The Cybersecurity Risk Manager is responsible for oversight and administration of operational and regulatory risk strategy programs for a business segment.

Looking for an experienced Cyber Engineer or Cyber Architect to work as a Risk Manager supporting Huntington's transformation and use of cybersecurity technologies. As a risk manager, you will work with the Huntington Cyber Operations and Engineering teams to help them design and build technologies utilizing best practices from FFIEC guidance, COBIT, NIST framework, and other recommended best practices. You will be responsible for identifying potential deficiencies, assisting the business segment in audit findings and responses, reviewing remediation plans, and be a trusted advisor to identify risk to the company.

Huntington is on a journey to move applications and infrastructure computing to leverage various Cloud provider services and deploy a hybrid cloud and on premises network. This cyber risk position is tasked with partnering with the cyber security segment providing risk support, control and metric design, and overall challenge on various technical implementations. This resource will help ensure cyber offerings are following defined governance processes, standards, and control requirements.

As a Cyber Security Risk Manager, you'll be a subject matter expert in cyber security solutions that will balance the need for speed and flexibility of cloud and on premises infrastructure while ensuring Huntington is protected against ongoing and potential security threats. Seeking an individual who has supported financial services and helped assess and develop their cloud strategy, information security/cybersecurity and IT risk management programs against regulatory requirements and industry best practices. This person will be influential in our transition to securing our cloud computing and on premises platforms and help build compliant governance programs.

Responsibilities:

• Provide oversight and challenge to technical configurations, solutions and implementation of cyber security tools, systems, and platforms.
• Evaluate effectiveness of controls and escalate as appropriate.
• Direct self-monitoring and testing activities to ensure that they are performed in accordance with Corporate Risk Management requirements.
• Evaluate the adequacy and effectiveness of enterprise and regulatory controls and the resulting risk and control self-assessments.
• Deliver timely escalation of all issues requiring attention to senior management.
• Work with business segment management to ensure that the overall risk function is effectively supporting strategic goals.
• Collaborate with audit/business segment/corporate risk to address issues with plausible action plans and target dates.
• Act as the central point for receipt and distribution of important risk information for the business segment and reciprocate the flow of information back to corporate risk management.
• Ensure business segment adheres to corporate and business unit policies and procedures.
• Must be aware of and keep abreast of Third-Party Risk associated with assigned business segment.

Basic Qualifications:

• Bachelor's degree in computer science, cyber security, information technology, computer engineering or equivalent.
• Five years of any of the combined experience below in Cyber Security, Audit and Risk Management
• 2 years experience Anti-Virus/Malware.
• 2 years' experience in network security, firewalls, WAF, Tufin or similar.
• 2 years' application and network segmentation.
• 2 year's breach and attack simulation with tools like MITRE ATT&CK, AttackIQ or similar.
• 2 years in threat management, vulnerability management
• 2 years using SAST, DAST, IAST, MAST or SCA tools.
• 2 years as a security engineer or architect.

Preferred Qualifications:

• Excellent communication skills required to negotiate internally, often at a senior level.
• Some external communication may be necessary.
• Understanding of FFIEC guidance, COBIT and NIST framework
• Willingness to learn, able to learn on the job and a desire to continually learn and develop new technical skills Strong written and oral communication skills.
• Organized, responsive, and highly thorough problem solver demonstrable cyber risk knowledge based on working in real-world environments & situations.
• Understanding of security requirements, best practices, and execution in various cloud implementation scenarios: IaaS, PaaS, SaaS Mid-level professional with 5-10 years of experience in consulting, financial services, technology/fintech or government regulatory agency with an IT risk-related role.
• Master's degree or relevant professional qualifications with Risk / Security management.
• CISSP, CISM, CRISC, CISA, GIAC, CIPP/US or other security/privacy certifications preferred but not required.

Yes

Office

Certain positions outside our branch network may be eligible for a flexible work arrangement. We're combining the best of both worlds: in-office and work from home. Our approach enables our teams to deepen connections, maintain a strong community, and do their best work. Remote roles will also have the opportunity to come together in our offices for moments that matter. Specific work arrangements will be provided by the hiring team.

Huntington is an Equal Opportunity Employer.

Tobacco-Free Hiring Practice: Visit Huntington's Career Web Site for more details.

Note to Agency Recruiters: Huntington Bank will not pay a fee for any placement resulting from the receipt of an unsolicited resume. All unsolicited resumes sent to any Huntington Bank colleagues, directly or indirectly, will be considered Huntington Bank property. Recruiting agencies must have a valid, written and fully executed Master Service Agreement and Statement of Work for consideration.

Job Number: R

Cybersecurity Risk Analyst

The Opportunity:

Are you looking for an opportunity to share your experience in cybersecurity and security engineering to safeguard our nation? As a systems security and network security engineer, you can identify the tools, applications, and systems needed to assess vulnerabilities and recommend the best solution and security strategy. We need your experience to lead the development and implementation of security solutions that will protect our military.

On our team, you'll troubleshoot and analyze complex challenges for customers using your knowledge of cybersecurity policy and risk management. You'll use your curiosity for technology and market trends to further research and develop security solutions. Using your knowledge and experience in ACAS, STIGging, and scanning, you'll assess security threats and implement infrastructure controls.

In this role, you'll closely impact Navy missions by championing cybersecurity, discovering cyber risks, and providing hands-on support to critical mission areas. With mentoring, challenging hands-on problem-solving, and opportunities to learn new tools and skills, we focus on growing as a team to make the best solutions for our customers.

Work with us as we secure and protect our military's cybersecurity posture for the better.

What You'll Work On:

• Develop relationships quickly and easily with other teams, communicating the complexities of security with a wide variety of audiences, including senior management.
• Implement infrastructure and cyber security controls, including enhanced detection and vulnerability capabilities and improved event correlation in large enterprises.
• Perform risk and vulnerability assessments in network, system, and application areas; leverage big data analytics and traditional security event types to identify advanced threats or indicators of compromise.

Join us. The world can't wait.

You Have:

• 5+ years of experience supporting the Information Technology (IT) systems for a DoD or government agency
• 5+ years of experience supporting Navy Risk Management Framework (RMF), including Assessment and Authorization (A&A) activities, direct development of RMF artifacts, and deliverables across all steps
• 5+ years of experience performing cybersecurity compliance testing using industry standard tools, including Assured Compliance Assessment Solution (ACAS), DoD Security Technical Implementation Guides (STIG), SCAP, and eMASS, and performing vulnerability analysis of networks, systems, and communications protocols
• Experience with eMASS including Security Plan development and hands-on processing of packages through workflows, supporting the generation and maintenance of security policies, evaluating assessment documentation, and developing written security risks, mitigations, and recommendations
• Experience with operating systems, platforms, and technologies, including Windows, Linux, cloud, or virtualization
• Ability to devise and execute client deliverables, work independently, identify problems and devise analysis and solutions, communicate results, and lead the accomplishments of client tasks from inception to completion
• Secret clearance
• HS diploma or GED
• DoD 8140 Certification

Nice If You Have:

• Experience with technologies supporting cyber activities, including Xacta, Evaluate-STIG, eMASSter, scripting, or Ansible
• Experience with cloud-based software technologies, virtualization, and containerization, and in programming languages, including C++, Python, and Java
• Experience with cyber hardening, vulnerability management, scanning, assessment, and associated tools
• Experience with network engineering functions, including Windows, Linux, and virtual operating systems, security tools, platforms, and technologies, including network and web application firewalls, web proxy, intrusion prevention systems, vulnerability scanners, and penetration tools
• Experience as a Navy Qualified Validator
• Knowledge of ship-to-shore communication architectures
• Ability to integrate and build risk assessment tools and threat mapping tools, including ESS and SIEM tools
• Top Secret clearance
• Bachelor's degree in a related technology field
• CISSP, CCNA, Linux+, or other operating system certification or vendor technology certification

Clearance:

Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information; Secret clearance is required.

Compensation

At Booz Allen, we celebrate your contributions, provide you with opportunities and choices, and support your total well-being. Our offerings include health, life, disability, financial, and retirement benefits, as well as paid leave, professional development, tuition assistance, work-life programs, and dependent care. Our recognition awards program acknowledges employees for exceptional performance and superior demonstration of our values. Full-time and part-time employees working at least 20 hours a week on a regular basis are eligible to participate in Booz Allen's benefit programs. Individuals that do not meet the threshold are only eligible for select offerings, not inclusive of health benefits. We encourage you to learn more about our total benefits by visiting the Resource page on our Careers site and reviewing Our Employee Benefits page.

Salary at Booz Allen is determined by various factors, including but not limited to location, the individual's particular combination of education, knowledge, skills, competencies, and experience, as well as contract-specific affordability and organizational requirements. The projected compensation range for this position is $77,600.00 to $176,000.00 (annualized USD). The estimate displayed represents the typical salary range for this position and is just one component of Booz Allen's total compensation package for employees. This posting will close within 90 days from the Posting Date.

Identity Statement

As part of the application process, you are expected to be on camera during interviews and assessments. We reserve the right to take your picture to verify your identity and prevent fraud.

Work Model
Our people-first culture prioritizes the benefits of flexibility and collaboration, whether that happens in person or remotely.

• If this position is listed as remote or hybrid, you'll periodically work from a Booz Allen or client site facility.
• If this position is listed as onsite, you'll work with colleagues and clients in person, as needed for the specific role.

Commitment to Non-Discrimination

All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, local, or international law.

Overview

CITGO Petroleum Corporation is a recognized leader in the refining industry and operates under the CITGO brand. The company owns and operates three refineries (Lake Charles, LA; Lemont, IL; Corpus Christi, TX) and 38 active terminals, six pipelines, and three lubricants blending/packaging plants. With approximately 3,300 employees and a crude capacity of about 807,000 bpd, CITGO is a major player in the industry. Our core values are Safety, Integrity, Respect, Accountability, and Care.

Job Summary

The Cybersecurity Risk Analyst is responsible for identifying, assessing, and managing cybersecurity risks across the organization's IT and OT environments. This role conducts risk assessments, leads vulnerability management, ensures compliance with industry frameworks and regulations, collaborates with cross-functional teams to design and implement risk mitigation strategies, evaluates third-party risks, and supports incident response and post-incident evaluations. The analyst uses data-driven methods and tracks key performance indicators to enhance the organization's security posture and align cybersecurity efforts with business objectives.

Minimum Qualifications

• Bachelor's Degree

Position: CYBERSECURITY RISK ANALYST (Finance)

Experience

• Minimum of 8 years of job-related experience

Specialized Training / Skills (preferred)

• In-depth understanding of cybersecurity frameworks such as NIST, ISO 27001, and FAIR
• Familiarity with IT and OT environments, including cloud platforms, IoT devices, data centers, and software applications
• Expertise in vulnerability management, penetration testing, and threat modeling
• Awareness of emerging technologies and their risks
• Strong analytical and problem-solving skills to assess and prioritize risks
• Effective communication to translate technical risks into business impacts
• Proficiency in creating risk reports, policies, and compliance evidence
• Preferred certifications: CISSP, CRISC, or other security certifications

Job Duties

1. Comprehensive Infrastructure Risk Assessment
   • Perform regular risk assessments of IT and OT systems (networks, cloud, IoT, software) aligned with NIST and CIS Controls
   • Ensure regulatory compliance (e.g., GDPR, CCPA, PCI DSS) and manage third-party risks
2. Vulnerability Management
   • Lead vulnerability scans, penetration tests, and threat modeling; assess and address vulnerabilities; prioritize patches
3. Risk Reporting & Communication
   • Present risk reports to stakeholders; translate technical details into business impacts; apply FAIR to prioritize risks
4. Collaboration on Risk Mitigation
   • Partner with governance and IT teams to develop and implement risk mitigation strategies aligned with security and business goals
5. Incident Response & Risk Evaluation
   • Act as a key incident response team member; conduct post-incident evaluations; participate in simulations
6. Cybersecurity Framework & Policy Development
   • Contribute to policies, standards, and procedures aligned with risk management; develop technical security standards
7. Regulatory Compliance & Audit Support
   • Ensure regulatory compliance; support audits with documentation and remediation evidence
8. KPI Tracking & Reporting
   • Monitor KPIs; use metrics and dashboards to report on security posture
9. Emerging Technology Risk Management
   • Evaluate risks of adopting emerging technologies (e.g., AI, blockchain); address risks in digital transformations

Job duties listed are not all-inclusive; site-specific responsibilities may be assigned.

Incentives & Benefits

Remote work options available for eligible positions (department/location dependent). Other benefits may include: 9/80 work schedule, paid vacations, holidays, caregiver leave, 401(k) match, pension plan, health/dental/vision, life insurance, disability coverage, flexible spending accounts, on-site health clinic and cafeteria (where available), employee discounts, gym reimbursement, educational assistance, dependent scholarships, and more. Note: Not all perks apply to every role.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or disability.

Requisition ID - 1129

#J-18808-Ljbffr

WHO WE ARE:
Headquartered in Southern California, Skechers-the Comfort Technology Company®-has spent over 30 years helping men, women, and kids everywhere look and feel good. Comfort innovation is at the core of everything we do, driving the development of stylish, high-quality products at a great value. From our diverse footwear collections to our expanding range of apparel and accessories, Skechers is a complete lifestyle brand.

ABOUT THE ROLE:

Skechers is seeking a technically minded Cybersecurity Risk Analyst to join our global information security team. The ideal candidate will bring a passion for cybersecurity and a history of identifying, analyzing, and mitigating security risks across a diverse technology environment. You'll leverage your deep understanding of threat landscapes, security architectures, and frameworks like NIST and CIS to proactively assess risks and drive security improvements. This role requires someone who thinks like a security practitioner first - someone who can analyze technical vulnerabilities, assess real-world attack scenarios, and translate complex security risks into business impact.

WHAT YOU'LL DO:

• Perform security control evaluations using NIST 800-53 and CIS Controls as implementation guides rather than compliance checklists - assessing actual security posture and effectiveness against real-world threats.
• Analyze and prioritize cyber risks based on technical likelihood, business impact, and threat intelligence - translating complex security vulnerabilities into actionable risk scenarios for stakeholders.
• Drive technical risk remediation by working directly with technical teams and business stakeholders to align on and execute security improvements
• Maintain and evolve the cyber risk register with technically accurate risk descriptions, realistic threat scenarios, and meaningful metrics that reflect real security posture improvements.
• Assess third-party security risks through technical security questionnaires, penetration test reviews, and security architecture analysis in addition to vendor compliance documentation.
• Collaborate with security operations teams to incorporate threat intelligence, incident findings, and vulnerability data into risk assessments and prioritization decisions.
• Help mature risk-based security metrics that measure security improvements and threat reduction rather than compliance percentages.
• Participate in internal and external audit process for relevant compliance concerns including PCI-DSS, SOX, and GDPR at the enterprise level.
• Interface with global IT and business partners to provide guidance, risk advisory services and support.

REQUIREMENTS:

• Strong technical foundation in network security, system hardening, vulnerability management, and enterprise security architectures
• Practical experience implementing security frameworks - hands-on work with NIST Cybersecurity Framework, NIST 800-53 controls, or CIS Controls in operational environment.
• Understanding of threat landscapes including MITRE ATT&CK framework, threat intelligence, and attack methodologies targeting retail/enterprise environment
• Strong analytical skills for translating technical vulnerabilities into business risk scenarios and communicating security risks to non-technical stakeholders
• Experience with technical risk assessment and the ability to quantify and prioritize risks based on likelihood and business impact
• Understanding of retail security challenges including PCI-DSS, customer data protection, and supply chain security considerations
• Proven ability to work with technical teams including security engineers, system administrators, and developers to drive security improvements
• Excellent communication skills with ability to present complex technical concepts to diverse audiences including executive leadership
• Self-motivated problem solver who thrives in collaborative, cross-functional environments
• 4-5 years of cybersecurity experience with some history of hands-on technical work
• Retail or e-commerce experience a plus

The pay range for this role is $90,000 - $150,000/yr USD.

About Skechers

Skechers, a global Fortune 500® brand develops and markets a diverse range of lifestyle and performance footwear, apparel, and accessories. Developing comfort technologies is the foundation of all we do - delivering stylish, innovative, and quality products. Serving over 180 countries and territories, Skechers connects customers to products through department and specialty stores, e-commerce and digital stores, and through our more than 5,200 company-and third-party-owned retail locations. Headquartered in Southern California, with offices and distribution centers around the globe, Skechers has spent over 30 years helping people of all ages look and feel good.

Equal Employment Opportunity
Skechers is committed to providing a safe, inclusive, and respectful work environment. Skechers provides equal employment opportunities for all employees and applicants for employment without regard race, color, religion, gender, gender identification and expression, national origin, marital status, age, disability, genetic information, military status, sexual orientation, or any other protected characteristic established by local, state or federal law.

Reasonable Accommodation
Applicants for employment who require a reasonable accommodation to apply for a job should request appropriate accommodation by emailing
To perform this job successfully, an individual must be able to perform each job responsibility satisfactorily. The skills, abilities and physical demands described are representative of those duties that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodation may be made to enable individuals with disabilities, who are otherwise qualified for the job position, to perform the essential functions.

Job Locations: Dallas, TX | Tampa, FL | Jersey City, NJ
Note: Preference will be given to candidates with prior experience in the Financial Services Industry.
Position Summary: The Information Risk Analyst/Cybersecurity Risk Analyst will be responsible for developing risk assessment questionnaires, conducting risk assessments for applications (on-premises and cloud), infrastructure (on-premises and cloud), and vendors, in accordance with a defined risk framework. These assessments will be executed through a formalized risk assessment program. The role involves identifying risks related to how business and technology teams utilize IT systems and supporting technological infrastructure.
Key Responsibilities

• Conduct research on technology security, cybersecurity best practices, and develop risk assessment questionnaires.
• Plan and perform risk assessments following the organization's methodology, documenting and communicating control deficiencies in business processes and technology systems.
• Collaborate with Enterprise IT to address cybersecurity risk findings, new initiatives, and ad hoc processes, covering areas such as databases, operating systems, networking devices, storage systems, and cloud solutions.
• Provide risk remediation recommendations to business and technology teams to mitigate identified control gaps.
• Clearly articulate risks in a way that is understandable to both business and technology stakeholders.
• Evaluate management responses to ensure remediation plans effectively address identified risks.
• Prepare assessment reports and dashboards for IT owners.
• Maintain risk documentation within the designated risk register.
• Guide business and technology teams through policy exception and risk acceptance processes.
• Contribute to the continuous improvement of the risk assessment process.

Required Experience

• 5+ years of experience in risk assessment within application security, infrastructure security, or vendor risk management.
• Experience in the Financial Services Industry is preferred but not mandatory.
• Strong understanding of Information Risk Management best practices.
• Technical proficiency in cybersecurity concepts and IT systems .

Required Knowledge & Skills

• Strong technical knowledge of infrastructure, networks, databases, and systems and their impact on cybersecurity risk.
• In-depth understanding of security methodologies, policies, and industry best practices .
• bility to rticulate technical concepts effectively to both technical and non-technical audiences.
• Strong analytical and critical thinking skills .
• Excellent presentation skills (MS PowerPoint).
• Proficiency in data manipulation using MS Excel.
• bility to build consensus, influence decision-making , and foster collaboration across teams.
• Strong written and verbal communication skills .
• Exceptional organizational skills with the ability to adapt to a dynamic work environment.
• Sound business judgment and ability to engage with all levels of management.

Education & Certifications:

• Bachelor's degree preferred .
• Relevant industry certifications such as CISSP, CISM, CRISC, or CCSP are preferred.

Amentum is seeking a dynamic and innovative Cybersecurity Risk Manager to provide research, planning, analysis and integration support to the U.S. Indo-Pacific Command (USINDOPACOM) operations, activities, and investments (OAIs) at Ford Island, Hawaii.

Amentum is seeking a dynamic and innovative Cybersecurity Risk Manager to play a key role within the USINDOPACOM J7 (Training and Exercises Directorate) information security team. The Cybersecurity Risk Manager will be tasked to detect, evaluate, and prioritize risks to organizational data and cyber assets. The Cybersecurity Risk Manager will work with the various Information Technology (IT) teams to mature the current risk management programs, such as risk assessment execution, control testing and monitoring, and procedure documentation. The Cybersecurity Risk Manager will also provide cybersecurity advice to mission partners to effectively manage risk to operations and will validate that security and technology controls are implemented to support operational and security requirements. Candidates should have effective task management skills and the ability to communicate effectively.

Essential Responsibilities:

• Develop and implement cybersecurity policies.

• Partner with Business Units to identify, analyze and mitigate security risk, internal and third party, associated with activities executed throughout the enterprise.

• Conduct ongoing risk evaluations for compliance and cybersecurity operations.

• Identify risk that is outside of acceptable risk thresholds and escalate appropriately.

• Develop risk mitigation methods and capabilities.

• Ensure vulnerabilities are identified, understood, remediated, and communicated.

• Monitor security controls to ensure continued effectiveness of controls.

• Develop contingency plans and recovery processes.

• Ability to translate technical details into non-technical verbiage when discussing risk with leadership.

• Create needed documentation for organizational and compliance purposes.

• Provide security consultation for new and ongoing enterprise initiatives.

• Educate and build awareness of security requirements across the organization.

• Publish executive-level security reporting across governance, risk, and compliance activities.

Knowledge, Skills, and Abilities:

• Vulnerability management experience

• Must be customer focused and possess the ability to identify issues, analyze, interpret data, and develop solutions to a variety of moderately complex technical problems

• Experience with documenting requirements, security controls, and POA&M creation

Required Qualifications:

• BS/BA in Computer Science, Information Systems, or a technical field preferred and 8 years of experience in information technology or cybersecurity; or an equivalent combination of experience and education from which comparable knowledge and skills may be acquired

• Security + Certification

• Experience with DoD Risk Management Framework (certification and accreditation)

• Experience with Microsoft cloud environments

• Experience with risk management in SaaS, PaaS, IaaS, and other cloud environments

• Experience with the NIST frameworks and publications

• Vulnerability management experience

• Must have an Active Top Secret/SCI US Government Clearance. Note: US Citizenship is required to obtain a Top-Secret Clearance.

Preferred Qualifications:

• Certified Information Systems Security Professional (CISSP)

• Certified in Risk and Information Systems Control (CRISC)

Compensation & Benefits:

HIRING SALARY RANGE: $150K - $165K (Salary to be determined by the education, experience, knowledge, skills, and abilities of the applicant internal equity, and alignment with market data.)

This position includes a competitive benefits package. For more detailed information on our Benefits and what it is like to work for Amentum: please visit our careers site:

Amentum is proud to be an Equal Opportunity Employer. Our hiring practices provide equal opportunity for employment without regard to race, sex, sexual orientation, pregnancy (including pregnancy, childbirth, breastfeeding, or medical conditions related to pregnancy, childbirth, or breastfeeding), age, ancestry, United States military or veteran status, color, religion, creed, marital or domestic partner status, medical condition, genetic information, national origin, citizenship status, low-income status, or mental or physical disability so long as the essential functions of the job can be performed with or without reasonable accommodation, or any other protected category under federal, state, or local law. Learn more about your rights under Federal laws and supplemental language at Labor Laws Posters ( .

Amentum is seeking a dynamic and innovative **Cybersecurity Risk Manager** to provide research, planning, analysis and integration support to the U.S. Indo-Pacific Command (USINDOPACOM) operations, activities, and investments (OAIs) at Ford Island, Hawaii.
Amentum is seeking a dynamic and innovative Cybersecurity Risk Manager to play a key role within the USINDOPACOM J7 (Training and Exercises Directorate) information security team. The Cybersecurity Risk Manager will be tasked to detect, evaluate, and prioritize risks to organizational data and cyber assets. The Cybersecurity Risk Manager will work with the various Information Technology (IT) teams to mature the current risk management programs, such as risk assessment execution, control testing and monitoring, and procedure documentation. The Cybersecurity Risk Manager will also provide cybersecurity advice to mission partners to effectively manage risk to operations and will validate that security and technology controls are implemented to support operational and security requirements. Candidates should have effective task management skills and the ability to communicate effectively.
**Essential Responsibilities:**
+ Develop and implement cybersecurity policies.
+ Partner with Business Units to identify, analyze and mitigate security risk, internal and third party, associated with activities executed throughout the enterprise.
+ Conduct ongoing risk evaluations for compliance and cybersecurity operations.
+ Identify risk that is outside of acceptable risk thresholds and escalate appropriately.
+ Develop risk mitigation methods and capabilities.
+ Ensure vulnerabilities are identified, understood, remediated, and communicated.
+ Monitor security controls to ensure continued effectiveness of controls.
+ Develop contingency plans and recovery processes.
+ Ability to translate technical details into non-technical verbiage when discussing risk with leadership.
+ Create needed documentation for organizational and compliance purposes.
+ Provide security consultation for new and ongoing enterprise initiatives.
+ Educate and build awareness of security requirements across the organization.
+ Publish executive-level security reporting across governance, risk, and compliance activities.
**Knowledge, Skills, and Abilities:**
+ Vulnerability management experience
+ Must be customer focused and possess the ability to identify issues, analyze, interpret data, and develop solutions to a variety of moderately complex technical problems
+ Experience with documenting requirements, security controls, and POA&M creation
**Required Qualifications:**
+ BS/BA in Computer Science, Information Systems, or a technical field preferred and 8 years of experience in information technology or cybersecurity; or an equivalent combination of experience and education from which comparable knowledge and skills may be acquired
+ Security + Certification
+ Experience with DoD Risk Management Framework (certification and accreditation)
+ Experience with Microsoft cloud environments
+ Experience with risk management in SaaS, PaaS, IaaS, and other cloud environments
+ Experience with the NIST frameworks and publications
+ Vulnerability management experience
+ Must have an Active Top Secret/SCI US Government Clearance. Note: US Citizenship is required to obtain a Top-Secret Clearance.
**Preferred Qualifications:**
+ Certified Information Systems Security Professional (CISSP)
+ Certified in Risk and Information Systems Control (CRISC)
**Compensation & Benefits:**
HIRING SALARY RANGE: $150K - $165K (Salary to be determined by the education, experience, knowledge, skills, and abilities of the applicant internal equity, and alignment with market data.)
This position includes a competitive benefits package. For more detailed information on our Benefits and what it is like to work for Amentum: please visit our careers site: is proud to be an Equal Opportunity Employer. Our hiring practices provide equal opportunity for employment without regard to race, sex, sexual orientation, pregnancy (including pregnancy, childbirth, breastfeeding, or medical conditions related to pregnancy, childbirth, or breastfeeding), age, ancestry, United States military or veteran status, color, religion, creed, marital or domestic partner status, medical condition, genetic information, national origin, citizenship status, low-income status, or mental or physical disability so long as the essential functions of the job can be performed with or without reasonable accommodation, or any other protected category under federal, state, or local law. Learn more about your rights under Federal laws and supplemental language at Labor Laws Posters ( .

Description
Summary:
The Cybersecurity Risk Manager is responsible for oversight and administration of operational and regulatory risk strategy programs for a business segment.
Looking for an experienced Cyber Engineer or Cyber Architect to work as a Risk Manager supporting Huntington's transformation and use of cybersecurity technologies. As a risk manager, you will work with the Huntington Cyber Operations and Engineering teams to help them design and build technologies utilizing best practices from FFIEC guidance, COBIT, NIST framework, and other recommended best practices. You will be responsible for identifying potential deficiencies, assisting the business segment in audit findings and responses, reviewing remediation plans, and be a trusted advisor to identify risk to the company.
Description:
Huntington is on a journey to move applications and infrastructure computing to leverage various Cloud provider services and deploy a hybrid cloud and on premises network. This cyber risk position is tasked with partnering with the cyber security segment providing risk support, control and metric design, and overall challenge on various technical implementations. This resource will help ensure cyber offerings are following defined governance processes, standards, and control requirements.
As a Cyber Security Risk Manager, you'll be a subject matter expert in cyber security solutions that will balance the need for speed and flexibility of cloud and on premises infrastructure while ensuring Huntington is protected against ongoing and potential security threats. Seeking an individual who has supported financial services and helped assess and develop their cloud strategy, information security/cybersecurity and IT risk management programs against regulatory requirements and industry best practices. This person will be influential in our transition to securing our cloud computing and on premises platforms and help build compliant governance programs.
Responsibilities:
+ Provide oversight and challenge to technical configurations, solutions and implementation of cyber security tools, systems, and platforms.
+ Evaluate effective of controls and escalate as appropriate.
+ Direct self-monitoring and testing activities to ensure that they are performed in accordance with Corporate Risk Management requirements.
+ Evaluate the adequacy and effectiveness of enterprise and regulatory controls and the resulting risk and control self-assessments.
+ Deliver timely escalation of all issues requiring attention to senior management.
+ Work with business segment management to ensure that the overall risk function is effectively supporting strategic goals.
+ Collaborate with audit/business segment/corporate risk to address issues with plausible action plans and target dates.
+ Act as the central point for receipt and distribution of important risk information for the business segment and reciprocate the flow of information back to corporate risk management.
+ Ensure business segment adheres to corporate and business unit policies and procedures.
+ Must be aware of and keep abreast of Third-Party risk associated with assigned business segment.

Basic Qualifications:
Bachelor's degree in computer science, cyber security, information technology, computer engineering or equivalent.
Five years of any of the combined experience below in Cyber Security, Audit and Risk Management
+ 2. years experience Anti-Virus/Malware.
+ 2 years' experience in network security, firewalls, WAF, Tufin or similar.
+ 2 years' application and network segmentation.
+ 2 year's breach and attack simulation with tools like MITRE ATT&CK, AttackIQ or similar.
+ 2 years in threat management, vulnerability management
+ 2 years using SAST, DAST, IAST, MAST or SCA tools.
+ 2 years as a security engineer or architect.

Preferred Qualifications:
+ Excellent communication skills required to negotiate internally, often at a senior level.
+ Some external communication may be necessary.
+ Understanding of FFIEC guidance, COBIT and NIST framework
+ Willingness to learn, able to learn on the job and a desire to continually learn and develop new technical skills Strong written and oral communication skills.
+ Organized, responsive, and highly thorough problem solver demonstrable cyber risk knowledge based on working in real-world environments & situations.
+ Understanding of security requirements, best practices, and execution in various cloud implementation scenarios: IaaS, PaaS, SaaS Mid-level professional with 5-10 years of experience in consulting, financial services, technology/fintech or government regulatory agency with an IT risk-related role.
+ Master's degree or relevant professional qualifications with Risk / Security management.
+ CISSP, CISM, CRISC, CISA, GIAC, CIPP/US or other security/privacy certifications preferred but not required.
#LI-Hybrid
#LI-SG1
#LI-BM1
#Texas
Exempt Status: (Yes = not eligible for overtime pay) (No = eligible for overtime pay)
Yes
Workplace Type:
Office
Our Approach to Office Workplace Type
Certain positions outside our branch network may be eligible for a flexible work arrangement. We're combining the best of both worlds: in-office and work from home. Our approach enables our teams to deepen connections, maintain a strong community, and do their best work. Remote roles will also have the opportunity to come together in our offices for moments that matter. Specific work arrangements will be provided by the hiring team.
Huntington is an Equal Opportunity Employer.
Tobacco-Free Hiring Practice: Visit Huntington's Career Web Site for more details.
Note to Agency Recruiters: Huntington Bank will not pay a fee for any placement resulting from the receipt of an unsolicited resume. All unsolicited resumes sent to any Huntington Bank colleagues, directly or indirectly, will be considered Huntington Bank property. Recruiting agencies must have a valid, written and fully executed Master Service Agreement and Statement of Work for consideration.