About this role
Senior Manager, Security Risk Management leads the organization’s risk program, governs information security policies, and oversees third-party risk management with a strategic security and governance focus.
Key Responsibilities
- Lead the lifecycle management of enterprise Information Security policies...
- Oversee enterprise TPRM...
- Provide executive-level reporting...
- Develop and execute long-term security strategy...
- Oversee security training & awareness
Technical Overview
Role requires deep knowledge of security frameworks (NIST CSF, ISO 27001, SOC 2, CIS), risk methodologies, and governance across policy, vendor risk, and incident response; leadership and cross-functional alignment are essential.
Ideal Candidate
The ideal candidate is a senior security leader with 8+ years in information security, risk management, and compliance, with 3+ years in leadership. Deep expertise across NIST CSF, ISO 27001, SOC 2, CIS and enterprise policy programs, plus strong vendor risk management and executive storytelling skills.
Must-Have Skills
8+ years of experience in Information SecurityRisk ManagementComplianceor related fields3+ years in a leadership roleStrong knowledge of security frameworks (NISTISOSOC 2CIS)Experience leading enterprise policy programs and vendor risk management activitiesExcellent written and verbal communication skills with the ability to influence stakeholderspresent to executivesand simplify complex risk topics
Nice-to-Have Skills
CISSPCISMCRISCISO 27001 Lead Implementer/AuditorExperience scaling programs in largedistributedor highly regulated environmentsBackground in cloud securitybusiness continuityor enterprise risk management
Required Skills
Information SecurityRisk ManagementComplianceNIST CSFISO 27001SOC 2CISThirdParty Information Security Risk ManagementTPRMvendor risk managementdata protectionencryptionincident responsecloud securityrisk assessmentsvulnerability managementsecurity questionnairesevidence reviewsattestationsbreach notificationrighttoauditgovernancepolicy lifecycle managementleadershipcollaborationexecutive communication
Hard Skills
NIST CSFNIST Cybersecurity FrameworkISO 27001SOC 2CISThirdParty Information Security Risk ManagementTPRMdata protectionencryptionincident responsecloud securityrisk assessmentsvulnerability managementsecurity questionnairesevidence reviewsattestationsbreach notificationright-to-auditgovernancepolicy lifecycle managementvendor risk managementsecurity postureexecutive reportingleadershipcross-functional collaborationcommunication
Soft Skills
LeadershipCommunicationStakeholder managementCollaborationStrategic thinkingInfluencing across levelsProblem solvingExecutive presence
Certifications
Preferred
CISSPCISMCRISCISO 27001 Lead ImplementerISO 27001 Lead Auditor
Keywords for Your Resume
Senior ManagerSecurity Risk ManagementInformation Security PoliciesNIST CSFNIST Cybersecurity FrameworkISO 27001SOC 2CISThirdParty Information Security Risk ManagementTPRMvendor risk managementbreach notificationRight-to-auditpenetration testsencryptiondata protectioncloud securityrisk assessmentsvulnerability managementsecurity questionnairesevidence reviewsattestationspolicy lifecycle managementgovernancecomplianceregulatory requirementsleadershipcross-functionalexecutive reportingVendor risk managementBreach notificationEncryption
Deal Breakers
No 8+ years information security or risk management experience, No leadership experience (3+ years), Lack of knowledge of NIST CSF/ISO 27001/SOC 2, Lack of ability to communicate with executives, Lack of vendor risk management experience
Get matched to jobs like this
Luna finds roles that fit your skills and career goals — no endless scrolling required.
Create a Free Profile