Sr. Manager, IT & Security Risk

Career Developers Inc., a distinguished staffing and consulting firm, is proud to celebrate 30 years of service excellence. As a GSA Contract holder, we offer comprehensive staffing solutions for both commercial and government sectors nationwide. By selectively partnering with clients who share our values, we ensure productive collaborations that set us apart in the industry. Our dedication to candidates involves managing expectations with precision through business intelligence, thorough interview preparation, transparent communication, and exceptional feedback throughout the process.

We are committed to advancing your career and look forward to supporting your professional growth.

-----------------------------------------------------------------------------------------------------------------------------------------------

Senior Manager, IT & Information Security Risk
Location: Hybrid – Reston, VA – 3 days a week on-site
Salary: 185-200K + 20% Bonus

Must Have the Following:
IT Risk Management, Information Security Governance, Cybersecurity Frameworks (NIST/ISO 27001), Third-Party Risk Management, Regulatory Compliance, Financial Services Experience, Vendor Risk Assessments, Incident Response Oversight, KRIs & Reporting, Cross-Functional Leadership

Responsibilities:
Our growing client is seeking a Senior Manager, IT & Information Security Risk to lead enterprise-wide oversight of technology, cybersecurity, AI, and information security risk management initiatives. This individual will partner closely with executive leadership, enterprise risk teams, technology stakeholders, compliance, and third-party vendors to strengthen cyber resilience and ensure alignment with regulatory expectations and organizational risk appetite.

Key responsibilities include:

• Lead second-line oversight for IT and Information Security risk governance across the enterprise.
• Evaluate and challenge the alignment of cybersecurity and IT strategies with business objectives, risk appetite, and regulatory expectations.
• Review and assess information technology and cybersecurity risk assessments across applications, infrastructure, cloud environments, and operational processes.
• Partner with technology and project teams on system implementations, architecture decisions, cybersecurity controls, and operational risk mitigation.
• Evaluate SaaS platforms, technology integrations, and emerging technologies for security and compliance risk exposure.
• Conduct third-party and vendor security risk assessments, including SOC 1/SOC 2 reviews, SIG questionnaires, penetration testing analysis, and remediation tracking.
• Provide oversight and risk guidance related to cybersecurity incidents, operational disruptions, and emerging technology threats.
• Collaborate with business units and technology teams to identify, document, monitor, and remediate risk findings.
• Oversee cybersecurity policies, procedures, governance standards, and incident response planning.
• Support enterprise cyber awareness initiatives, phishing simulations, tabletop exercises, and employee education programs.
• Monitor remediation efforts tied to IT and security findings to ensure timely resolution.
• Track cybersecurity and financial sector threat intelligence trends and communicate emerging risks to leadership.
• Develop and maintain KRIs, dashboards, metrics, and executive reporting for risk committees and senior leadership.
• Support a collaborative, inclusive, and high-performing risk culture across the organization.

Requirements:

• 8–10+ years of experience in IT Risk, Information Security, Cybersecurity Risk Management, or related disciplines.
• Prior experience within financial services, banking, fintech, payments, or regulated industries strongly preferred.
• Strong understanding of cybersecurity and governance frameworks including NIST CSF, NIST 800-53, ISO 27001, and CIS Controls.
• Experience conducting third-party/vendor risk assessments and evaluating SOC reports.
• Strong knowledge of regulatory expectations related to cybersecurity and operational risk.
• Ability to communicate technical risk concepts clearly to executive leadership and business stakeholders.
• Experience supporting incident response oversight and operational resilience initiatives.
• Strong analytical, documentation, and problem-solving skills.
• Experience with reporting tools such as Power BI, Tableau, or Python is preferred.
• Bachelor's degree in Cybersecurity, Information Security, Risk Management, Information Technology, or related field preferred.
• Industry certifications such as CISSP, CISM, CRISC, CGEIT, or Security+ preferred.
• Must be authorized to work in the United States.

SEO Keyword Block:
Cybersecurity Risk Management, IT Risk Governance, Information Security, NIST Framework, ISO 27001, Third-Party Risk, Vendor Risk Management, SOC 2 Reviews, Cybersecurity Compliance, Financial Services Security, Operational Risk, Cyber Resilience, IT Audit, Regulatory Compliance, Security Risk Assessments, Incident Response, KRIs, Cyber Threat Intelligence, Risk Reporting, Enterprise Risk Management, CISSP, CISM, CRISC, Financial Technology Risk, Cloud Security, Security Governance, Security Operations, Technology Risk, Data Security, Cybersecurity Leadership, Risk Analytics, Power BI, Tableau, Vendor Security Reviews, SaaS Risk, FFIEC, OCC, FDIC, SEC, Client, Information Security Manager.