To Apply for this Job Click Here
Job Title: IT Cybersecurity Risk Team Lead
Location: Tampa, Florida
Work Environment: Remote or Hybrid
Job Summary:
The IT Cybersecurity Risk Team Lead is responsible for leading and advancing the enterprise cybersecurity risk management program. This role drives the identification, assessment, prioritization, and treatment of cybersecurity risks across systems, processes, and third-party relationships. The IT Cybersecurity Risk Team Lead defines and maintains the enterprise cybersecurity risk methodology, integrates cyber risk practices with Enterprise Risk Management (ERM), and oversees vendor and third-party risk assessments. This position also leads business impact assessments (BIAs), supports business continuity and disaster recovery (BCP/DR) planning, and develops risk dashboards to communicate the organization’s risk posture to leadership, executive committees, and other stakeholders.
Key Responsibilities:
- Lead cybersecurity risk identification and assessment activities across applications, infrastructure, vendors, and business processes.
- Define, maintain, and mature the enterprise cybersecurity risk methodology in alignment with NIST, ISO, and ERM practices.
- Prioritize identified risks based on impact, likelihood, regulatory obligations, and business criticality to guide risk treatment and decision-making.
- Drive the development, coordination, and tracking of risk treatment plans, ensuring defined owners, timelines, and clear remediation expectations.
- Manage vendor and third-party cybersecurity risk processes, including due diligence, onboarding assessments, annual reviews, and continuous monitoring.
- Track remediation of third-party findings, exceptions, and outstanding issues, maintaining accurate documentation and audit-ready evidence.
- Develop, refine, and report key risks that measure cybersecurity posture, emerging risks, and alignment with risk appetite.
- Build leadership- and board-ready risk dashboards summarizing enterprise risk trends, critical issues, and residual risk across IT and cybersecurity.
- Integrate cybersecurity risk management with ERM by aligning taxonomies, scoring methodologies, and reporting cycles.
- Support enterprise-level reporting and communication of cybersecurity risk posture to leadership, committees, and cross-functional teams.
- Conduct and facilitate Business Impact Assessments (BIAs) across critical business functions to understand impacts, dependencies, and risk tolerances.
- Develop, maintain, and support Business Continuity and Disaster Recovery (BCP/DR) planning activities, including plan creation, updates, and annual testing.
- Partner with Governance, Compliance, Security Operations, IT, Enterprise Risk, and business units to ensure consistent and effective execution of risk practices.
- Promote a risk-aware culture and support risk education across technical and non-technical stakeholder groups.
Required Qualifications:
- Bachelor’s degree in Information Security, Information Systems, or related field; Master’s degree preferred.
- 5–7+ years of experience in cybersecurity, governance, or risk management.
- Experience leading Business Impact Assessments (BIAs) and supporting BCP/DR plan development and exercises.
- Proven experience performing cybersecurity risk assessments and managing risk remediation.
- Hands-on experience conducting vendor and third-party risk assessments.
- Strong analytical skills, attention to detail, and the ability to translate technical issues into business impacts.
- Knowledge of NIST CSF, NIST 800-55, ISO 27001, COBIT, or similar frameworks.
- Excellent written and verbal communication skills, with the ability to brief executives.
To Apply for this Job Click Here
Equal Employment Opportunity Statement
Gravity IT Resources is an Equal Opportunity Employer. We are committed to creating an inclusive environment for all employees and applicants. We do not discriminate on the basis of race, color, religion, sex (including pregnancy, sexual orientation, or gender identity), national origin, age, disability, genetic information, veteran status, or any other legally protected characteristic. All employment decisions are based on qualifications, merit, and business needs.