Senior Manager, Security Risk

We are seeking a seasoned Senior Risk Manager – eGRC to lead the design, implementation, and operationalization of enterprise risk strategies across cybersecurity, operational technology (OT), and AI governance domains. This role demands a strong command of enterprise risk management (ERM) principles, deep technical and regulatory fluency, and the ability to align risk decisions with business strategy and revenue protection across global markets. The ideal candidate brings 10–15 years of progressive experience across security risk, regulatory compliance, and GRC technologies, including CISSP and audit certifications, and will drive executive-level insights into actionable governance outcomes..

Enterprise and IT Risk Strategy & Governance; Security and Technical Risk Management; eGRC System Strategy

• Develop and maintain risk taxonomies, risk methodologies, and risk registers aligned with ISO 31000, NIST AI RMF, ISO 42001, NIST CSF, and COBIT frameworks.
• Lead the annual risk assessment cycle including identification, classification, and risk ranking of emerging threats across IT, OT, and AI ecosystems.
• Track regulatory developments (e.g., SOX, GDPR, NIST 800-53, ISO 42001) and ensure alignment with eGRC reporting and control requirements.
• Risk Reporting, KPIs, and Stakeholder Engagement
• Create and maintain Key Risk Indicators (KRIs), Key Control Indicators (KCIs), and Key Performance Indicators (KPIs) that measure program efficacy and executive risk tolerance.
• Deliver concise, data-driven executive summaries and board presentations that align security posture with business performance, investment risk, and global operational integrity.
• Oversee configuration and integration of eGRC platforms (e.g., Archer, OpenPages) with risk workflows, control libraries, AI governance modules, and regulatory tracking tools.
• Drive automation and harmonization of control testing, evidence collection, and risk exception handling processes across business units.
• Provide quarterly Executive Risk Review Board (ERRB) presentations and deliver enterprise risk dashboards, heat maps, and trends to the CISO, Director of GRC, and executive leadership.
• Oversee vulnerability risk assessments, risk remediation plans, and technical debt evaluation across infrastructure, applications, and OT systems.
• Collaborate with Security Engineering, OT Security, and SOC teams to translate vulnerabilities into business-impact-based risk posture and recommend mitigation strategies.
• Partner with IT architecture and engineering teams to proactively assess and mitigate security engineering risks in cloud, on-prem, and hybrid environments.
• Incident, Audit, and Compliance Risk Management - Lead internal and external cybersecurity audits and serve as liaison with Internal Audit, regulators, and third-party auditors. Must possess certification such as CISA, CIA, or equivalent.
• Support the Incident Response Team (IRT) by contributing to root cause analysis, post-mortem reviews, and incident-driven risk scoring.

AI Governance & Model Risk Oversight

• • Embed AI risk management practices across AI/ML pipelines, ensuring model risk controls, drift monitoring, explainability, and governance by design.
  • Work with Legal, Ethics, and Product teams to operationalize model transparency, bias mitigation, and assurance processes for responsible AI deployment.

Education: Bachelor’s degree in Cybersecurity, Business Administration, Risk Management, or related field. Masters preferred

• • Certifications: CISSP (required); CISA, CIA, CGEIT, or CRISC (preferred); Familiarity with ISO 42001, NIST AI RMF, and EU AI Act frameworks.

Experience:

• 10–15 years of progressive experience in enterprise risk management, GRC, cybersecurity, or operational risk.
• 10+ years of experience in Big 4 (risk management, internal/external audit, cybersecurity, and information management)
• Demonstrated success in leading cross-functional risk teams, implementing enterprise-wide GRC strategies, and driving risk-based decision making at executive levels.
• Proven experience in OT risk assessments, AI governance, vulnerability management, and data loss prevention within regulated industries.

Preferred Skills and Attributes

• • Deep experience working in heavily regulated industries such as energy, manufacturing, healthcare, or financial services.
  • Operational familiarity with security and risk platforms such as IBM OpenPages, RSA Archer, and Auditboard.
  • Strong executive communication skills with the ability to articulate complex risk scenarios in business terms.
  • Demonstrated ability to balance technical depth with strategic oversight in enterprise settings.