Sr Manager – Security Risk Management

Sr Manager – Security Risk Management

Requirements

• Strong understanding of cybersecurity principles, frameworks, and threat landscape.
• Extensive experience in a risk and control-oriented role.
• Proven experience using formal risk and control assessment methodology.
• Strong understanding of information risk management topics and disciplines.
• Ability to balance technical security knowledge with business risk priorities.
• Advanced communication, stakeholder management, and cross-functional collaboration skills.
• Familiarity with GRC platforms (e.g., ServiceNow GRC, Archer).
• Strong analytical and problem-solving skills.
• Education: Bachelor’s degree in Information Security, Computer Science, or a related field. Advanced degree preferred.
• Experience: Minimum of 8-10 years of experience in information security risk management, with at least 5 years in a leadership role.

Responsibilities

• Develop information security risk assessment and management framework aligned with enterprise risk practices to assess, measure, monitor and mitigate security risks.
• Develop and implement enterprise-wide comprehensive risk assessments to identify potential security threats and vulnerabilities.
• Identify current and emerging security risks across business units.
• Identify, assess, and prioritize cyber risks across systems, data, applications and third parties.
• Develop and implement risk mitigation strategies to safeguard First American’s information assets.
• Recommend controls to reduce risks to acceptable levels and track remediation efforts.
• Develop and monitor key risk indicators (KRIs).
• Map KRIs to risk assessment results and propose risk mitigation strategies.
• Develop risk report and dashboards. Communicate risk posture and trends to stakeholders and executive leadership.
• Promote a strong risk-aware culture across the organization. Design and deliver risk awareness training, campaigns and communications.
• Manage team members to deliver comprehensive information risk management solutions.
• Support projects based on assessment of risks and threats. Develop project plans, review project designs and effort estimates. Report project status and critical issues to senior management.
• Engage with senior representatives from across the enterprise, vendors, and auditors to provide full-spectrum alignment on information security risks, initiatives, and programs.
• Work to develop employees’ skills, evaluate performance, provide feedback, and lead by example, making the workplace of choice for top information risk management professionals.

Preferred Qualifications

• Certifications: Relevant certifications such as CISSP, CISA, CISM, or CRISC are highly desirable.
• Technical Knowledge: Familiarity with security architecture, cloud security (AWS and Azure), and modern security technologies.