Risk Specialist (Contract to Hire)

Oversee the risk management lifecycle for our global enterprise, focusing on identifying, assessing, and mitigating risks that could affect operations, data, and reputation. This role requires a strategic thinker who understands both technology and business and can translate complex risks into actionable business language. Collaborate closely with cybersecurity, compliance, audit, and business leaders to drive risk-informed decision-making and strengthen the organization’s security posture. Passionate about building structure out of complexity and partnering across teams to enable smart, secure decisions.

Key Responsibilities

• Lead and mature our enterprise information risk management program, aligning with ISO 27005, NIST RMF, and COSO frameworks.
• Identify and assess technology, operational, and third-party risks across systems, applications, and cloud environments.
• Work with IT and business units to develop mitigation plans and track progress toward resolution.
• Build and maintain risk dashboards and reports that visualize key risk indicators (KRIs) and emerging trends for leadership and board review.
• Partner with Vulnerability Management, Incident Response, and Compliance teams to integrate risk awareness into daily operations.
• Support regulatory and audit readiness by ensuring risk activities align with ISO 27001, NIST CSF, HIPAA, and PCI-DSS standards.
• Provide clear, actionable communication — translating technical risk into business terms that drive informed decisions.
• Stay current on emerging risks, regulations, and best practices, and continuously evolve the program

Competencies

Planning

• Develop work plans, establish timelines, and set goals for assigned work unit.

• Assign resources as needed.

• Meet commitments on deadlines.

Communication

• Communicate team or group results to management and make appropriate recommendations.

• Prepare written and verbal presentations to convey information.

Cost Management

• Drive improvement in existing business processes and assist in the identification and implementation of new processes.

• Assist in development and is accountable for budget for work unit.

• Work within financial objectives set by management.

Business Controls and Policies

• Comply with all corporate policies and procedures.

• Identify control objectives for designated function and implement cost-effective controls designed to meet those objectives.

• Test controls to determine if they are performing as intended.

People Management

• Has full HR responsibility for direct reports including making hiring decisions, training, coordinating work, establishing standards, reviewing work, conducting performance appraisals, and providing coaching or counseling.

Qualifications

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field.
• 4+ years of experience in risk management, security operations, or similar cybersecurity functions.
• Strong understanding ofISO 27005, NIST RMF, NIST CSF, COSO, orFAIRframeworks.
• Experience performingrisk assessments, maintaining risk registers, and tracking remediation.
• Comfortable influencing leaders and cross-functional teams with data-driven insights.
• Familiarity withGRC platforms(e.g., Archer, ServiceNow Risk, OneTrust).
• Nice to have certifications likeCRISC, CISM, CISSP, or ISO 27005 Risk Managerare a plus.
• Strong communication skills — able to bridge the gap between technical depth and business clarity.