Cream City Cyber
Technology Risk Management Architect
Cream City Cyber, Milwaukee, Wisconsin, United States, 53244
Technology Risk Management Architect
At
Cream City Cyber , we understand the convergence of physical and digital risks and how they impact businesses and governments alike. Our battle‑tested experts have been trusted advisors for decades, offering tailored security solutions to help clients navigate evolving landscapes. We strive to mitigate risks with confidence, enabling our partners to thrive in a connected world.
Overview We are looking for a proactive and experienced
Technology Risk Management Architect
to join our Risk & Compliance consulting team. In this role, you will lead cybersecurity risk assessments, ensure regulatory compliance, and manage governance activities across business functions and technology initiatives. This is a highly collaborative and strategic role, ideal for candidates with a strong technical background, excellent problem‑solving capabilities, and the ability to guide junior team members.
Key Responsibilities
Independently identify and assess cybersecurity risks across projects and operations
Develop and implement risk treatment plans
Manage and maintain risk registers, ensuring alignment with risk management processes
Collaborate with stakeholders to design effective mitigation strategies
Controls Management
Assess the effectiveness of security controls, identify gaps, and recommend enhancements
Refine testing procedures and support compliance assessments
Advise stakeholders on best practices for risk, security, and privacy controls
Vulnerability Management
Lead assessments to identify, prioritize, and remediate vulnerabilities
Deliver detailed reports with analysis and recommendations
Partner with stakeholders to align remediation with business objectives and risk tolerance
Metrics and Reporting
Develop and deliver risk and compliance reports for mid‑level management
Create and refine KPIs and metrics to communicate trends and emerging issues
Ensure alignment of reporting with business objectives
GRC Program Management
Manage governance, risk, and compliance (GRC) elements in assigned areas
Work with stakeholders to update and enforce policies and procedures
Provide practical guidance on GRC implementation within projects
Regulatory Compliance
Independently assess compliance status and identify gaps
Create comprehensive compliance reports with improvement recommendationsSupport internal and external audit processes
Policy Development and Enforcement
Lead updates to cybersecurity policies and standards
Promote adherence through training and stakeholder engagement
Monitor compliance and address concerns as needed
Cross‑Functional Collaboration
Lead cross‑department projects, ensuring integration of security requirements
Serve as a liaison between security and business teams to align goals
Promote secure practices and advise on risk integration into processes
Leadership and Team Development
Provide mentorship to junior team members
Lead small projects and workstreams with accountability
Foster a collaborative and supportive team culture
Problem Solving
Use structured methodologies to diagnose root causes and develop creative solutions
Tailor communication of solutions to technical and business audiences
Align problem‑solving with organizational goals
Pursue advanced training and certifications
Stay updated on risk, compliance, and cybersecurity best practices
Share knowledge through mentoring and team discussions
Required Qualifications
Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, or a related field
5+ years of experience in information security or cybersecurity risk management
Strong understanding of risk principles, frameworks, and assessment methodologies
Experience managing enterprise GRC programs and mitigation strategies
Hands‑on experience with compliance frameworks (e.g., NIST CSF, PCI‑DSS, ISO/IEC 27001, SOC 2, GDPR, HIPAA)
Excellent communication skills for technical and non‑technical audiences
Proven ability to work independently and lead project initiatives
Strategic mindset with a focus on aligning security with business objectives
Preferred Qualifications
Degree in Information Security or Business Administration (or commiserate experience)
Certifications such as CISSP, CISM, CRISC, CISA, or similar
Experience in consulting or highly regulated industries (e.g., finance, healthcare)
Familiarity with cloud security, vendor risk, and incident response
Audit and regulatory engagement experience
Demonstrated involvement in security awareness programs
Application This full‑time role offers significant impact and leadership opportunities within a forward‑thinking risk team. If you're passionate about cybersecurity, GRC, and driving cross‑functional risk initiatives, we encourage you to apply.
#J-18808-Ljbffr
Cream City Cyber , we understand the convergence of physical and digital risks and how they impact businesses and governments alike. Our battle‑tested experts have been trusted advisors for decades, offering tailored security solutions to help clients navigate evolving landscapes. We strive to mitigate risks with confidence, enabling our partners to thrive in a connected world.
Overview We are looking for a proactive and experienced
Technology Risk Management Architect
to join our Risk & Compliance consulting team. In this role, you will lead cybersecurity risk assessments, ensure regulatory compliance, and manage governance activities across business functions and technology initiatives. This is a highly collaborative and strategic role, ideal for candidates with a strong technical background, excellent problem‑solving capabilities, and the ability to guide junior team members.
Key Responsibilities
Independently identify and assess cybersecurity risks across projects and operations
Develop and implement risk treatment plans
Manage and maintain risk registers, ensuring alignment with risk management processes
Collaborate with stakeholders to design effective mitigation strategies
Controls Management
Assess the effectiveness of security controls, identify gaps, and recommend enhancements
Refine testing procedures and support compliance assessments
Advise stakeholders on best practices for risk, security, and privacy controls
Vulnerability Management
Lead assessments to identify, prioritize, and remediate vulnerabilities
Deliver detailed reports with analysis and recommendations
Partner with stakeholders to align remediation with business objectives and risk tolerance
Metrics and Reporting
Develop and deliver risk and compliance reports for mid‑level management
Create and refine KPIs and metrics to communicate trends and emerging issues
Ensure alignment of reporting with business objectives
GRC Program Management
Manage governance, risk, and compliance (GRC) elements in assigned areas
Work with stakeholders to update and enforce policies and procedures
Provide practical guidance on GRC implementation within projects
Regulatory Compliance
Independently assess compliance status and identify gaps
Create comprehensive compliance reports with improvement recommendationsSupport internal and external audit processes
Policy Development and Enforcement
Lead updates to cybersecurity policies and standards
Promote adherence through training and stakeholder engagement
Monitor compliance and address concerns as needed
Cross‑Functional Collaboration
Lead cross‑department projects, ensuring integration of security requirements
Serve as a liaison between security and business teams to align goals
Promote secure practices and advise on risk integration into processes
Leadership and Team Development
Provide mentorship to junior team members
Lead small projects and workstreams with accountability
Foster a collaborative and supportive team culture
Problem Solving
Use structured methodologies to diagnose root causes and develop creative solutions
Tailor communication of solutions to technical and business audiences
Align problem‑solving with organizational goals
Pursue advanced training and certifications
Stay updated on risk, compliance, and cybersecurity best practices
Share knowledge through mentoring and team discussions
Required Qualifications
Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, or a related field
5+ years of experience in information security or cybersecurity risk management
Strong understanding of risk principles, frameworks, and assessment methodologies
Experience managing enterprise GRC programs and mitigation strategies
Hands‑on experience with compliance frameworks (e.g., NIST CSF, PCI‑DSS, ISO/IEC 27001, SOC 2, GDPR, HIPAA)
Excellent communication skills for technical and non‑technical audiences
Proven ability to work independently and lead project initiatives
Strategic mindset with a focus on aligning security with business objectives
Preferred Qualifications
Degree in Information Security or Business Administration (or commiserate experience)
Certifications such as CISSP, CISM, CRISC, CISA, or similar
Experience in consulting or highly regulated industries (e.g., finance, healthcare)
Familiarity with cloud security, vendor risk, and incident response
Audit and regulatory engagement experience
Demonstrated involvement in security awareness programs
Application This full‑time role offers significant impact and leadership opportunities within a forward‑thinking risk team. If you're passionate about cybersecurity, GRC, and driving cross‑functional risk initiatives, we encourage you to apply.
#J-18808-Ljbffr