Cybersecurity Risk Management Manager

Job Title: Cybersecurity Risk Management Manager

Location: Remote

Job Type: Full-Time

Reports to: Head of Cybersecurity GRC

Job Overview:

We are seeking an experienced Cybersecurity Risk Management Manager to lead our risk management initiatives within the cybersecurity function. This role will focus on developing and maintaining a robust risk management framework, managing risk exceptions, and collaborating with stakeholders to mitigate security risks effectively. The ideal candidate has strong experience in cybersecurity risk assessment, developing risk mitigation strategies, and stakeholder management.

Key Responsibilities:

• Risk Framework Development & Management
  • Design, implement, and maintain a comprehensive cybersecurity risk management framework aligned with industry standards (e.g., NIST, ISO 27001).
  • Develop policies and procedures for identifying, assessing, and mitigating cybersecurity risks.
  • Conduct regular reviews and updates of the risk framework to ensure its relevance and effectiveness in response to the evolving threat landscape.
• Risk Assessment & Mitigation
  • Lead periodic cybersecurity risk assessments for new and existing assets, projects, and processes, prioritizing risks based on potential business impact.
  • Develop and recommend risk mitigation strategies and action plans, balancing business objectives with security requirements.
• Risk Exception Management
  • Review and manage requests for risk exceptions, evaluating potential risks and compensating controls.
  • Collaborate with technical teams and business units to ensure appropriate and effective compensating controls are implemented for accepted risks.
  • Maintain a risk exception register, monitoring expiration dates, and following up with stakeholders to address outstanding risk items.
• Stakeholder & Business Collaboration
  • Work closely with cross-functional teams, including IT, Legal, Compliance, and business units, to understand and address cybersecurity risks across the organization.
  • Provide guidance and recommendations to stakeholders on cybersecurity risk matters, ensuring alignment between security and business objectives.
  • Lead regular meetings with stakeholders to report on risk assessment outcomes, exception statuses, and action items.
• Monitoring & Reporting
  • Develop and maintain key risk indicators (KRIs) and metrics to track the organization's cybersecurity risk posture.
  • Generate and present regular risk reports to leadership, providing insights into key risk areas and trends.
  • Ensure timely communication of high-risk findings and remediation progress to senior management.
• Continuous Improvement
  • Stay up-to-date with the latest cybersecurity threats, vulnerabilities, and regulatory requirements, incorporating relevant changes into the risk framework.
  • Promote a risk-aware culture by providing training and guidance on cybersecurity risks and best practices.

Qualifications:

• Bachelor’s degree in Cybersecurity, Information Technology, Risk Management, or related field; advanced degree preferred.
• 5 years of experience in cybersecurity risk management or a related field, with a proven track record of developing and managing risk frameworks.
• Strong knowledge of cybersecurity frameworks and standards (e.g., NIST, ISO 27001, CIS).
• Experience in managing risk exceptions, conducting risk assessments, and working with cross-functional teams.
• Certifications such as CISSP, CISM, CRISC, or similar are highly preferred.
• Excellent communication and interpersonal skills, with the ability to effectively engage and influence stakeholders at various levels.
• Proficiency in risk management tools and software is a plus.

#LI-CQ1

Circle K is an Equal Opportunity Employer.
The Company complies with the Americans with Disabilities Act (the ADA) and all state and local disability laws.  Applicants with disabilities may be entitled to a reasonable accommodation under the terms of the ADA and certain state or local laws as long as it does not impose an undue hardship on the Company. Please inform the Company’s Human Resources Representative if you need assistance completing any forms or to otherwise participate in the application process.

Click below to review information about our company's use of the federal E-Verify program to check work eligibility:

In English

In Spanish