The Opportunity:  

Serve as a lead operator within Enterprise Cybersecurity’s Information Technology (IT) and Cyber Risk portfolio, managing and advancing critical risk management workstreams while acting as a central translator between technical teams and business stakeholders. 

This role is responsible for driving execution and continuous improvement across core IT and cyber risk functions, including enterprise risk register transformation, user exceptions oversight, and product risk. The ideal candidate combines strong IT and cyber risk expertise with the ability to operationalize strategy, communicate effectively across audiences, and optimize day-to-day program execution. This is a high-impact, high-visibility role with increasing leadership responsibility, including mentoring junior staff and ownership of key program outcomes. Due to the nature of work performed within this facility, U.S. citizenship is required.

What You’ll Work On:  

• Independently manage and advance enterprise cyber risk workstreams. Manage and enhance components of the IT and cyber risk register, support ongoing transformation efforts, such as tooling migration, and contribute to maturation of the product risk program. 

• Oversee and improve user exceptions program outcomes. Provide oversight of day-to-day execution, guide junior staff, and drive more consistent, outcomes-based risk decision making.

• Deliver high-quality risk reporting and insights. Produce clear and actionable risk reports and analysis that support leadership decision-making and risk reduction. 

• Serve as a central risk translator and stakeholder partner. Act as a primary point of contact across business and technical teams, translating complex technical findings into executive-ready risk narratives and aligning stakeholders on risk prioritization and treatment.

• Drive operational excellence and team enablement. Provide day-to-day guidance and mentorship to junior team members while establishing scalable processes, templates, and standards for risk execution. 

• Advance program maturity through process improvement. Identify and implement improvements across risk workstreams, including automation, tooling optimization, such as Smartsheet, and contributions to strategic initiatives that enhance scalability and effectiveness. 

Join us. The world can't wait.

You Have: 

• Experience in enterprise IT and cyber risk management, including risk identification, assessment, reporting, and lifecycle management 

• Experience working across technical and non-technical teams with a customer-service mindset and strong communication skills 

• Experience with GRC platforms including Smartsheet, ServiceNow, or risk and compliance tools, with the ability to quickly adapt to new tooling environments 

• Knowledge of industry-standard frameworks, including, Factor Analysis Information Risk (FAIR), Massachusetts Institute of Technology Research and Engineering (MITRE), National Institute of Standards and Technology (NIST), Cyber Security Framework (CSF), NIST Special Publication (SP) 800-53, Cybersecurity Maturity Model Certification (CMMC), and International Organization for Standardization (ISO) 27001 

• Ability to write clear, concise, and executive-ready risk reports and translate technical concepts into business context 

• Ability to independently manage and execute complex workstreams with minimal oversight 

Nice If You Have: 

• Experience supporting enterprise risk register development or transformation efforts 

• Experience in Defense Industrial Base (DIB) or federal compliance environments 

• Experience mentoring or leading junior team members in a project or program setting 

• Experience driving process improvement, automation, or AI-enabled enhancements within risk or GRC programs 

• Experience with GRC-specific tools or platforms, including Archer

• Knowledge of product risk, supplier or third-party risk, or security findings management