IT Risk Manager

Job Description

Job Description

We are looking for an experienced IT Risk Manager to lead cybersecurity risk initiatives. The ideal candidate will develop strategies aligned with industry frameworks and foster collaboration across departments to maintain a secure and resilient environment.

Responsibilities :

• Implement and oversee cybersecurity risk management programs that comply with Ohio House Bill 96 and relevant frameworks, such as NIST and CIS Controls.
• Monitor and enforce adherence to internal policies and external regulations, ensuring timely incident reporting as required by state law.
• Develop and maintain comprehensive policies, standards, and procedures related to cybersecurity risk management.
• Lead efforts to coordinate incident response activities, including collaboration with Ohio Cyber Reserve and Homeland Security.
• Manage annual cybersecurity training programs tailored to employees’ roles and responsibilities, promoting awareness and resilience.
• Serve as the primary liaison between IT, legal, compliance, and executive leadership for all cybersecurity risk-related matters.
• Prepare detailed risk reports and presentations for city council, auditors, and external agencies.
• Ensure documentation and policies are up-to-date and reflect best practices in cybersecurity risk management.
• Identify and assess vulnerabilities, proposing effective mitigation strategies to strengthen the city's defenses.
• Foster cross-departmental collaboration to enhance cybersecurity awareness and maintain a proactive security posture.
• Bachelor’s degree in Cybersecurity, Information Assurance, Risk Management, or a related field.
• Certifications such as CISSP, CRISC, or similar credentials are strongly preferred.
• Minimum of 5 years of experience in cybersecurity risk management, ideally within government or public sector environments.
• In-depth knowledge of Ohio House Bill 96, NIST frameworks, CIS Controls, and industry best practices.
• Strong analytical skills with the ability to evaluate complex risks and develop effective mitigation strategies.
• Excellent communication abilities, capable of presenting technical information clearly to non-technical stakeholders.
• Proven leadership skills to guide teams and coordinate cross-departmental initiatives.
• Familiarity with tools and systems related to IT risk management, including ERP platforms and financial crime prevention mechanisms.