Cybersecurity Risk Management Program Lead

JOB DESCRIPTION

 
 
 
 
Client
 
 
 
WSI
 
 
 
 
 
Job Title
 
 
 
Cybersecurity Risk Management Program Lead
 
 
 
 
 
Placement type (FTE/C/CTH)
 
 
 
Contract, high likelihood of conversion
 
 
 
 
 
Duration
 
 
 
6 months, CTH
 
 
 
 
 
Location
 
 
 
Hybrid: Mon-Thur - onsite, either Rocklin or SF
 
Fri - WFH
 
 
 
 
 
Start Date
 
 
 
ASAP
 
 
 
 
 
Pay Rate Guidelines
 
 
 
$63/hour on w2
 
 
 
 
 
Work Authorization (open to ISS/C2C)
 
 
 
Must be able to convert without sponsorship 
 
 
 
 
 
Interview Process
 
 
 
4 Rounds
 
 
 
 
 
Project Description
 
 
 
 
Responsible for developing, implementing, and managing our organization's cybersecurity risk management program. 
 
Identify potential cybersecurity risks, help to identify mitigations, escalate matters requiring management attention, and oversee timely and effective remediation of risks to critical company information.
 
Responsible for: providing support to business units in performing risk assessments, due diligence activities, and data management; ongoing oversight; and risk reporting.
 
 
 
 
 
 
Top Requirements 
 
(Must haves)
 
 
 
Qual Notes
 
 
Experience with a wide range of technology     anticipate potential risks in a variety of technical 
 
Platforms     UNIX/Linux, AS400, Windows
 
Applications     E-comm, retail, stores, corporate shared services, PCI requirements, SOX requirements
 
Identify the kinds of risks that a multi-channel retailer is susceptible to
 
 
 
Experience in presenting cybersecurity risk into business language     board of directors/non-technical
 
Experience with Mitre Attack Framework
 
 
  
 
  
 
 
Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field. or equivalent experience 
 
Minimum of 7-10 years of experience in cybersecurity, with at least 5 years in a risk management role 
 
Proven experience in leading cybersecurity risk management programs 
 
Federal or Military risk management program experience is a big plus
 
 
 
In depth knowledge of risk assessment and risk analysis 
 
Experience in the retail industry a plus 
 
Experience in a leadership role within a medium to large organization 
 
Understand information security holistically and how it relates to business goals 
 
Excellent written, oral, and interpersonal communications skills with proven ability to champion causes with positive impact and change 
 
Strong analytical skills 
 
Extensive knowledge and experience with information security standards and methodologies, including NIST 800-53, NIST CSF, PCIDSS, ISO 9000 series, COBIT, Sarbanes Oxley, HIPAA, and other relevant industry security standards
 
 
 
 
 
 
Additional Qualifications 
 
(Nice to Haves)
 
 
 
 
CISSP, CISM, CRISC or similar certification [e.g., GIAC Certified ISO-17799 Specialist (G7799)]
 
Privacy Certification (e.g., Certified Information Privacy Professional)
 
Experience interfacing with and communicating information on complex privacy and security compliance issues to senior management and business units and external parties
 
Experience with the ServiceNow Integrated Risk Management (IRM) tool
 
Experienced in reviewing contracts for security risks and negotiating security terms with third parties
 
 
 
 
 
 
Additional Notes
 
 
 
 
Avoid 
 
Experience just in controls
 
implementing controls
 
Sox controls
 
The right person will understand controls and be able to test controls but would not be their main focus 
 
Mature our ability to identify, articulate, and advise on the right controls to implement
 
 
 
 
 
 
  
 
 
What are some tools that are comparable to ServiceNow IRM? 
 
Archer
 
OneTrust
 
Other GRC Tools 
 
About to migrate from SN GRC to SN IRM in 2026