IT Risk Management Lead
Comcentia is seeking an experienced IT Risk Management Lead to drive the design, build‑out, and continuous improvement of our client’s enterprise IT Risk Management Program. This role leads the development of risk intake processes, assessment methodologies, and quantitative models aligned with NIST‑based frameworks and the organization’s ISMS.
You’ll partner with Cybersecurity, IT, business stakeholders, and risk owners to identify, assess, document, and monitor technology risks across the enterprise. The Lead serves as the primary SME for IT risk, producing executive‑ready reporting, maturing risk metrics and dashboards, and ensuring treatment plans are well‑defined, tracked, and executed.
Key Responsibilities:
• Lead structured IT risk assessments and apply quantitative scoring models
• Enhance risk intake processes, assessment tools, and framework alignment
• Maintain the enterprise risk register and map risks to SCF‑aligned controls
• Drive treatment planning, cross‑functional coordination, and lifecycle tracking
• Deliver risk reporting, dashboards, and decision‑ready materials for leadership
• Support governance cycles, audit readiness, and GRC tooling adoption
• Champion automation and AI‑enabled workflows to improve program efficiency
Qualifications:
• 7+ years in IT Risk Management, ISMS, or Cybersecurity
• Strong English proficiency (TOEFL Score: 90+) required
• Experience leading enterprise risk programs—not just contributing to them
• Strong knowledge of ISO 27001, NIST CSF, SOC 2, PCI, GDPR
• Hands‑on experience with GRC platforms and risk assessment methodologies
• Excellent communication skills for both technical and executive audiences
• Preferred certifications: ISO 27001 Lead Implementer/Auditor, CISA, CISSP, CISM, SCF Practitioner