Risk Specialist (Contract to Hire)

About The Position

Requirements

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field.
• 4+ years of experience in risk management, security operations, or similar cybersecurity functions.
• Strong understanding of ISO 27005, NIST RMF, NIST CSF, COSO, or FAIR frameworks.
• Experience performing risk assessments, maintaining risk registers, and tracking remediation.
• Comfortable influencing leaders and cross-functional teams with data-driven insights.
• Familiarity with GRC platforms (e.g., Archer, ServiceNow Risk, OneTrust).
• Strong communication skills — able to bridge the gap between technical depth and business clarity.

Nice To Haves

• Certifications like CRISC, CISM, CISSP, or ISO 27005 Risk Manager are a plus.

Responsibilities

• Lead and mature our enterprise information risk management program, aligning with ISO 27005, NIST RMF, and COSO frameworks.
• Identify and assess technology, operational, and third-party risks across systems, applications, and cloud environments.
• Work with IT and business units to develop mitigation plans and track progress toward resolution.
• Build and maintain risk dashboards and reports that visualize key risk indicators (KRIs) and emerging trends for leadership and board review.
• Partner with Vulnerability Management, Incident Response, and Compliance teams to integrate risk awareness into daily operations.
• Support regulatory and audit readiness by ensuring risk activities align with ISO 27001, NIST CSF, HIPAA, and PCI-DSS standards.
• Provide clear, actionable communication — translating technical risk into business terms that drive informed decisions.
• Stay current on emerging risks, regulations, and best practices, and continuously evolve the program