Cybersecurity Risk Manager
Typically requires 3 to 5 years of experience in information risk management or security architecture.
A cybersecurity risk manager identifies industry standards and regulatory guidelines for information security in order to minimize the risk of compromise of sensitive business systems. They help develop, maintain, and evaluate organizational security policies and procedures, and they work closely with engineering and operations teams to ensure systems controls meet security requirements. They also manage and follow up on results of audits of system security. Daily responsibilities of a security risk manager include:
  • Understanding applicable regulations, guidelines and industry best practices to manage risk and ensure compliance.
  • Developing, maintaining, or auditing security documentation such as policies, standards, and procedures.
  • Monitoring internal control effectiveness.
  • Conducting internal security assessments to ensure continued compliance.
  • Explaining roles in managing risk to partners and getting buy-in to improve the organizational risk posture.
Salary range (US data)
Job openings
Job growth
Mariel Townsend
Freelance Cybersecurity Professional
Mariel has been working as a cybersecurity risk manager for 4 years. She started as an analyst evaluating the risk of IT projects.
Mariel Townsend
Freelance Cybersecurity Professional
Mariel started as a data analyst evaluating the effectiveness of IT projects in the U.S. federal government, and learned about security risk management on the job. She developed and oversaw compliance with federal cybersecurity policies at the White House, and later worked in cybersecurity risk management for a major U.S. bank. She now freelances in technical writing and cybersecurity consulting.
I like to think creatively about how to apply security best practices in complex organizational realities, and use my skills in persuasion and communication to help create buy-in for improving an organization's security posture.
We had a chance to connect with Mariel to ask her a few questions about her cybersecurity journey.
Start the Journey to Become a Cybersecurity Risk Manager

Get Started with Cybersecurity Risk Management

Prepare for a career as a cybersecurity risk manager.

~50 mins
Top skills requested
The technical and specialized skills most frequently requested by employers for this role.
  • Risk management
  • Cybersecurity assessment
  • Information security
  • Information systems
  • Risk assessment
  • Cybersecurity strategy
  • Market trends
  • Project management
  • IT industry knowledg
  • Project planning
The business skills most frequently requested by employers for this role.
Note: Percentages refer to the rate at which this skill appears in job postings
In partnership with the World Economic Forum.