Risk Manager

Risk Manager will support the Director of Risk & Security by leading internal audit and risk management activities across the organization. This hands-on  role is far-reaching—spanning operational risk, IT and cybersecurity risk, third-party/vendor risk, compliance monitoring, policy governance, and business continuity planning. You will be responsible for overseeing end-to-end audit lifecycles, guiding enterprise risk assessments, driving remediation efforts, and influencing strategic decisions through high-impact reporting and advisory support. The ideal candidate combines technical risk fluency with people leadership, and thrives in a cross-functional, fast-paced environment where building trust and transparency is critical to success.

WHAT YOU'LL DO

Team Leadership & Oversight

• Conduct and coordinate enterprise-wide risk assessments to identify and evaluate current and emerging risks.
• Maintain and refine the organization’s risk register, control libraries, and mitigation plans.
• Facilitate root cause analysis and corrective action planning for key risk incidents, control failures, or audit findings.

Enterprise Risk & Control Management

• Conduct and coordinate enterprise-wide risk assessments to identify and evaluate current and emerging risks.
• Maintain and refine the organization’s risk register, control libraries, and mitigation plans.
• Facilitate root cause analysis and corrective action planning for key risk incidents, control failures, or audit findings.

Internal Audit Management

• Oversee audit planning, fieldwork, and reporting for operational, IT, financial, and compliance audits.
• Lead walkthroughs, process reviews, and control testing across business functions.
• Validate the effectiveness of controls and ensure timely closure of audit findings.

Third-Party & Cybersecurity Risk

• Collaborate with IT and procurement teams to assess and monitor third-party risk, including due diligence, contract risk review, and ongoing monitoring.
• Support the cybersecurity team in aligning risk management with NIST, ISO, and other security frameworks.

Compliance & Policy Governance

• Ensure adherence to internal policies, external regulations (e.g., SOX, GDPR, HIPAA), and industry standards.
• Monitor compliance metrics and escalate issues requiring executive visibility.
• Contribute to the development and maintenance of risk-related policies, procedures, and training.

Reporting & Stakeholder Engagement

• Prepare risk dashboards, heat maps, and executive summaries for the Director of Risk & Security, senior leadership, and audit committees.
• Serve as a key liaison for external auditors, regulators, and business unit leadership.
• Communicate complex risk issues in a clear, compelling manner to both technical and non-technical stakeholders.

Cross-Functional Collaboration

• Work closely with IT, Legal, Product, and other departments to assess operational, cybersecurity, and third-party risks.
• Promote a culture of risk awareness and continuous improvement throughout the organization.

QUALIFICATIONS

• Bachelor’s degree in Risk Management, Business, Accounting, Information Security, or related field.
• 5+ years of relevant experience in risk management, internal audit, or compliance.
• 2+ years in a people leadership role.
• Professional certifications such as CRMA, CISA, CIA, or equivalent preferred.
• Strong knowledge of risk frameworks (e.g., COSO, ISO 31000, NIST).
• Work experience and/or background in technology based roles or industry
• Excellent communication, analytical, and stakeholder engagement skills.
• Ability to manage multiple priorities in a dynamic, fast-paced environment.

PREFERRED SKILLS

• Familiarity with GRC platforms (e.g., Hyperproof, Archer, ServiceNow GRC, MetricStream).
• Experience working in regulated industries (e.g., SaaS, healthcare, financial services).
• Working knowledge of cybersecurity, data privacy, or third-party risk management.

3408