At Cream City Cyber, we understand the convergence of physical and digital risks and how they impact businesses and governments alike. Our battle-tested experts have been trusted advisors for decades, offering tailored security solutions to help clients navigate evolving landscapes. We strive to mitigate risks with confidence, enabling our partners to thrive in a connected world.
Technology Risk Management Architect
Overview
We are looking for a proactive and experienced Technology Risk Management Architect to join our Risk & Compliance consulting team. In this role, you will lead cybersecurity risk assessments, ensure regulatory compliance, and manage governance activities across business functions and technology initiatives. This is a highly collaborative and strategic role, ideal for candidates with a strong technical background, excellent problem-solving capabilities, and the ability to guide junior team members.
Key Responsibilities
Risk Management
- Independently identify and assess cybersecurity risks across projects and operations
- Develop and implement risk treatment plans
- Manage and maintain risk registers, ensuring alignment with risk management processes
- Collaborate with stakeholders to design effective mitigation strategies
Controls Management
- Assess the effectiveness of security controls, identify gaps, and recommend enhancements
- Refine testing procedures and support compliance assessments
- Advise stakeholders on best practices for risk, security, and privacy controls
Vulnerability Management
- Lead assessments to identify, prioritize, and remediate vulnerabilities
- Deliver detailed reports with analysis and recommendations
- Partner with stakeholders to align remediation with business objectives and risk tolerance
Metrics and Reporting
- Develop and deliver risk and compliance reports for mid-level management
- Create and refine KPIs and metrics to communicate trends and emerging issues
- Ensure alignment of reporting with business objectives
GRC Program Management
- Manage governance, risk, and compliance (GRC) elements in assigned areas
- Work with stakeholders to update and enforce policies and procedures
- Provide practical guidance on GRC implementation within projects
Regulatory Compliance
- Independently assess compliance status and identify gaps
- Create comprehensive compliance reports with improvement recommendations
- Support internal and external audit processes
Policy Development and Enforcement
- Lead updates to cybersecurity policies and standards
- Promote adherence through training and stakeholder engagement
- Monitor compliance and address concerns as needed
Cross-Functional Collaboration
- Lead cross-department projects, ensuring integration of security requirements
- Serve as a liaison between security and business teams to align goals
- Promote secure practices and advise on risk integration into processes
Leadership and Team Development
- Provide mentorship to junior team members
- Lead small projects and workstreams with accountability
- Foster a collaborative and supportive team culture
Problem Solving
- Use structured methodologies to diagnose root causes and develop creative solutions
- Tailor communication of solutions to technical and business audiences
- Align problem-solving with organizational goals
Career Development
- Pursue advanced training and certifications
- Stay updated on risk, compliance, and cybersecurity best practices
- Share knowledge through mentoring and team discussions
Required Qualifications
- Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, or a related field
- 5+ years of experience in information security or cybersecurity risk management
- Strong understanding of risk principles, frameworks, and assessment methodologies
- Experience managing enterprise GRC programs and mitigation strategies
- Hands-on experience with compliance frameworks (e.g., NIST CSF, PCI-DSS, ISO/IEC 27001, SOC 2, GDPR, HIPAA)
- Excellent communication skills for technical and non-technical audiences
- Proven ability to work independently and lead project initiatives
- Strategic mindset with a focus on aligning security with business objectives
Preferred Qualifications
- Degree in Information Security or Business Administration (or commiserate experience)
- Certifications such as CISSP, CISM, CRISC, CISA, or similar
- Experience in consulting or highly regulated industries (e.g., finance, healthcare)
- Familiarity with cloud security, vendor risk, and incident response
- Audit and regulatory engagement experience
- Demonstrated involvement in security awareness programs
Application
This full-time role offers significant impact and leadership opportunities within a forward-thinking risk team. If you're passionate about cybersecurity, GRC, and driving cross-functional risk initiatives, we encourage you to apply.