Job Description

Our team members are the key to our company’s success, and their health and well-being, as well as that of their families, is very important to us. We offer a comprehensive benefits package that allows our team members stay healthy, plan for their future and maintain a healthy work-life balance. Benefits may vary with employment status.To see our fill list of Team Member Benefits please visit our career site: www.gotoworkhappy.com/benefits

The Cyber Risk Assessor III leads cybersecurity risk assessments, control evaluations, and policy oversight across the organization's Governance, Risk, and Compliance program. This strategic role identifies and assesses risks, evaluates control effectiveness, drives regulatory and framework alignment, and strengthens governance processes organization-wide.

Key Responsibilities

Governance, Risk Assessment & Management

• Lead cybersecurity risk assessments for systems, applications, business processes, and third-party
• Drive the identification, analysis, and documentation of cybersecurity risks and control gaps using methodologies such as FAIR and NIST RMF
• Evaluate and assess the risk of cybersecurity issues, findings, and their potential impact to the organization
• Oversee and maintain the Cybersecurity risk register with clear ownership, accountability, and tracking
• Develop mitigation strategies, compensating controls, and risk-based remediation plans with business and technical stakeholders
• Responsible for monitoring and reporting on risk trends, control effectiveness, compliance status, and remediation progress for leadership and stakeholders.
• Own and manage the Cybersecurity Exception Process, including evaluation, approval workflows, and ongoing monitoring
• Establish and track key risk indicators (KRIs) and report on risk trends, control effectiveness, and remediation progress to senior leadership
• Proactively identify, track, and escalate top organizational cybersecurity risks to leadership
• Lead the development, documentation, and continuous improvement of security and GRC processes to strengthen governance, consistency, and operational effectiveness.
• Lead the development, review, and maintenance of cybersecurity policies, standards, procedures, and related governance documentation.
• Support security awareness, governance communications, and continuous improvement initiatives across the GRC program.

Control Evaluation & Maturity Assessment

• Lead the evaluation of design and operating effectiveness of security controls across the organization
• Conduct and manage internal cybersecurity maturity assessments to evaluate program effectiveness and identify improvement opportunities
• Assess control maturity levels and develop roadmaps for enhancement
• Map controls to frameworks such as NIST, ISO 27001, PCI DSS, and other applicable standards

Stakeholder Engagement & Reporting

• Serve as the subject matter expert and advisor on complex cybersecurity risk issues

• Lead and influence cross-functional engagement with IT, Cybersecurity, Audit, Legal, Privacy, and business teams
• Develop and deliver executive-level cybersecurity risk reports for senior management and board-level stakeholders, highlighting critical risks and mitigation strategies
• Communicate complex technical and risk information effectively to both technical and non-technical audiences
• Present risk assessments, findings, and strategic recommendations to executive leadership and board committees
• Lead and facilitate risk workshops and training sessions to promote risk-aware culture

Required Qualifications

Experience & Expertise

• 7+ years of progressive experience in cybersecurity, Governance, Risk, and Compliance (GRC), or information security
• Demonstrated experience leading enterprise-level risk assessments and governance programs
• Deep expertise in risk assessment methodologies and control evaluation concepts
• Experience with cybersecurity frameworks: NIST CSF, ISO 27001, PCI DSS, SOC 2, and/or CIS Controls
• Proven experience developing policies, standards, procedures, and governance documentation
• Experience assessing risk of cybersecurity issues and developing remediation strategies
• Experience conducting technical risk assessments and security architecture reviews
• Proven experience leading and managing cybersecurity maturity assessments

Technical Knowledge

• Comprehensive knowledge across all cybersecurity domains including infrastructure security, network security, application security, cloud security, identity and access management, data protection, endpoint security, security operations, and emerging technologies such as artificial intelligence
• Understanding of security control applicability and limitations across different technology environments
• Current knowledge of the threat landscape and attack vectors

Skills & Competencies

• Strategic thinking and ability to translate technical vulnerabilities into business risk and impact
• Excellent analytical skills with ability to synthesize complex information into actionable insights
• Superior written and verbal communication and report-writing capabilities
• Proven ability to influence and drive outcomes without direct authority across all organizational levels

• Critical thinking and problem-solving abilities

• Attention to detail while maintaining strategic perspective
• Demonstrated leadership in mentoring and developing team members

Preferred Qualifications

Certifications

• CISSP (Certified Information Systems Security Professional)

• CRISC (Certified in Risk and Information Systems Control)
• CISA (Certified Information Systems Auditor)
• CISM (Certified Information Security Manager)
• ISO 27001 Lead Auditor or Lead Implementer
• FAIR Certification
• PCI QSA or ISA

Additional Experience

• Experience with GRC platforms (E.g., Onspring, ServiceNow GRC, Archer, OneTrust, Vanta, Drata)
• Background in regulated industries (gaming, financial services retail)
• Bachelor’s degree in Computer Science, Information Security, Cyber Risk Management, or related field (Master's preferred)