Back to all jobs
About the role
<div class="content-intro"><p> </p>
<p> </p></div><p><em>By bringing together next-gen technology and the finest live data available, Genius Sports is enabling a new era of sports for fans worldwide, delivering experiences that are more immersive, interactive and personalised than ever before.</em><em> Learn more at </em><a href="https://www.geniussports.com/"><em>geniussports.com </em></a><em> </em></p>
<p><strong>THE ROLE:</strong></p>
<p><span data-contrast="none">Genius Sports is strengthening how it identifies, quantifies, and manages cyber risk across the enterprise. As Cyber Risk Manager, you will be the operational backbone of our security risk management practice, building the structures, language, and habits that enable the business to make informed, risk-aware decisions related to cybersecurity every day.</span><span data-ccp-props="{"201341983":0,"335559738":60,"335559739":60,"335559740":240}"> </span></p>
<p><span data-contrast="none">You will sit within the Information Security function and report directly to the VP of Cyber Security, working as a peer to the GRC Manager. Where your GRC colleague focuses on compliance assurance and certification frameworks, your mandate is broader: understanding and communicating security risk as a business issue, not just a technical or regulatory one.</span><span data-ccp-props="{"201341983":0,"335559738":60,"335559739":60,"335559740":240}"> </span></p>
<p><span data-contrast="none">Your mission: translate the threat landscape into clear risk positions, drive consistent treatment and ownership across the enterprise, and build a security risk management capability that scales with Genius as it grows.</span><span data-ccp-props="{"201341983":0,"335559738":60,"335559739":60,"335559740":240}"> </span></p>
<p><strong><span data-contrast="none">WHAT YOU'LL DO:</span></strong><span data-ccp-props="{"201341983":0,"335559738":240,"335559739":80,"335559740":240}"> </span></p>
<p><strong><span data-contrast="none">Build and Operate the Cyber Risk Program</span></strong><span data-ccp-props="{"201341983":0,"335559738":160,"335559739":60,"335559740":240}"> </span></p>
<ul>
<li><span data-contrast="none">Design and own processes for managing security risks in alignment with our broader enterprise risk management framework - defining how security risks are identified, assessed, prioritized, and tracked.</span><span data-ccp-props="{"201341983":0,"335559738":40,"335559739":40,"335559740":240}"> </span></li>
<li><span data-contrast="none">Maintain and continuously evolve a security risk register that is actionable and business-relevant, not a compliance artifact.</span><span data-ccp-props="{"201341983":0,"335559738":40,"335559739":40,"335559740":240}"> </span></li>
<li><span data-contrast="none">Ensure security risk posture is visible, understood, and regularly reviewed at leadership level.</span><span data-ccp-props="{"201341983":0,"335559738":40,"335559739":40,"335559740":240}"> </span></li>
</ul>
<p><strong><span data-contrast="none">Translate S</span><span data-contrast="none">ecurity</span><span data-contrast="none"> Risk into Business Language</span></strong><span data-ccp-props="{"201341983":0,"335559738":160,"335559739":60,"335559740":240}"> </span></p>
<ul>
<li><span data-contrast="none">Serve as the bridge between technical security findings and business decision-makers, framing security risk in terms of operational, financial, and reputational impact.</span><span data-ccp-props="{"201341983":0,"335559738":40,"335559739":40,"335559740":240}"> </span></li>
<li><span data-contrast="none">Prepare clear, concise security risk reporting for senior stakeholders and ExCo, including heat maps, trend analysis, and treatment status.</span><span data-ccp-props="{"201341983":0,"335559738":40,"335559739":40,"335559740":240}"> </span></li>
<li><span data-contrast="none">Support board-level reporting on cyber risk exposure alongside the CIO and VP of Cyber.</span><span data-ccp-props="{"201341983":0,"335559738":40,"335559739":40,"335559740":240}"> </span></li>
</ul>
<p><strong><span data-contrast="none">Drive Risk Treatment and Accountability</span></strong><span data-ccp-props="{"201341983":0,"335559738":160,"335559739":60,"335559740":240}"> </span></p>
<ul>
<li><span data-contrast="none">Work with business and technology owners to ensure security risks have clear owners, agreed treatment plans, and tracked remediation timelines.</span><span data-ccp-props="{"201341983":0,"335559738":40,"335559739":40,"335559740":240}"> </span></li>
<li><span data-contrast="none">Challenge and pressure-test risk acceptance decisions, ensuring they are informed, documented, and time-bound.</span><span data-ccp-props="{"201341983":0,"335559738":40,"335559739":40,"335559740":240}"> </span></li>
<li><span data-contrast="none">Follow up on treatment commitments and escalate stalled or overdue risk items through the right channels.</span><span data-ccp-props="{"201341983":0,"335559738":40,"335559739":40,"335559740":240}"> </span></li>
<li><span data-contrast="none">Identify systemic</span><span data-contrast="none"> </span><span data-contrast="none">security risk patterns and surface them as strategic priorities for the VP and CIO</span><span data-ccp-props="{"201341983":0,"335559738":40,"335559739":40,"335559740":240}"> </span></li>
</ul>
<p><strong><span data-contrast="none">Manage Third-Party and Supply Chain Risk</span></strong><span data-ccp-props="{"201341983":0,"335559738":160,"335559739":60,"335559740":240}"> </span></p>
<ul>
<li><span data-contrast="none">Own the vendor and third-party risk assessment process, ensuring critical suppliers are assessed proportionately and reviewed on a regular cycle.</span><span data-ccp-props="{"201341983":0,"335559738":40,"335559739":40,"335559740":240}"> </span></li>
<li><span data-contrast="none">Work with Sourcing and Procurement to embed cyber risk criteria into vendor onboarding and contract renewal workflows.</span><span data-ccp-props="{"201341983":0,"335559738":40,"335559739":40,"335559740":240}"> </span></li>
<li><span data-contrast="none">Maintain visibility of concentration cyber risk and dependency risk across key technology providers.</span><span data-ccp-props="{"201341983":0,"335559738":40,"335559739":40,"335559740":240}"> </span></li>
</ul>
<p><strong><span data-contrast="none">Support Resilience and Incident Learning</span></strong><span data-ccp-props="{"201341983":0,"335559738":160,"335559739":60,"335559740":240}"> </span></p>
<ul>
<li><span data-contrast="none">Contribute to business continuity and disaster recovery planning from a cyber risk lens, ensuring recovery priorities reflect actual business risk.</span><span data-ccp-props="{"201341983":0,"335559738":40,"335559739":40,"335559740":240}"> </span></li>
<li><span data-contrast="none">Participate in post-incident reviews to identify systemic security risk and feed lessons learned back into the risk register.</span><span data-ccp-props="{"201341983":0,"335559738":40,"335559739":40,"335559740":240}"> </span></li>
<li><span data-contrast="none">Support threat intelligence consumption and translate emerging threat actor activity into risk implications for the business.</span><span data-ccp-props="{"201341983":0,"335559738":40,"335559739":0,"335559740":240}"> </span></li>
</ul>
<p><strong><span data-contrast="none">Partner Across the Security Function</span></strong><span data-ccp-props="{"201341983":0,"335559738":160,"335559739":60,"335559740":240}"> </span></p>
<ul>
<li><span data-contrast="none">Work closely with the GRC Manager to ensure compliance requirements are risk-informed, and that audit findings translate into risk register updates.</span><span data-ccp-props="{"201341983":0,"335559738":40,"335559739":40,"335559740":240}"> </span></li>
<li><span data-contrast="none">Collaborate with Security Operations and Engineering to understand the threat and vulnerability landscape and translate technical exposure into risk terms.</span><span data-ccp-props="{"201341983":0,"335559738":40,"335559739":40,"335559740":240}"> </span></li>
<li><span data-contrast="none">Support the VP of Cyber Security in building a cohesive, integrated security function where risk, compliance, and operations reinforce each other.</span><span data-ccp-props="{"201341983":0,"335559738":40,"335559739":40,"335559740":240}"> </span></li>
</ul>
<p><strong>WHAT YOU’LL BRING:</strong></p>
<ul>
<li><span data-contrast="none">Working knowledge of security related standards and regulations including SOC 2, ISO 27001, global privacy laws.</span><span data-ccp-props="{"201341983":0,"335559738":40,"335559739":40,"335559740":240}"> </span></li>
<li><span data-contrast="none">Ability to communicate risk credibly to both technical and non-technical audiences, including senior executives</span></li>
<li><span data-contrast="none">Experience building or maturing a security risk management program, not just operating within one.</span> </li>
<li><span data-contrast="none">Comfortable challenging risk owners and holding the line on treatment accountability without being adversarial.</span></li>
<li>U<span class="TextRun SCXW135548349 BCX8" lang="EN-US" data-contrast="none"><span class="NormalTextRun SCXW135548349 BCX8">nderstanding</span><span class="NormalTextRun SCXW135548349 BCX8"> the threat landscape and how external factors translate into business-specific risk.</span></span><span class="EOP SCXW135548349 BCX8" data-ccp-props="{"201341983":0,"335559738":40,"335559739":40,"335559740":240}"> </span> </li>
<li><span data-contrast="none">Experience with third-party risk management processes and vendor assessment methodologies.</span> </li>
<li><span class="NormalTextRun SCXW250875530 BCX8">Hands-on experience with GRC and risk register platforms, including </span><span class="NormalTextRun SpellingErrorV2Themed SCXW250875530 BCX8">Hyperproof</span><span class="NormalTextRun SCXW250875530 BCX8"> or similar tools. </span><span class="NormalTextRun SCXW250875530 BCX8">A track record</span><span class="NormalTextRun SCXW250875530 BCX8"> of automating risk reporting is a strong differentiator</span></li>
<li><span class="TextRun SCXW86823456 BCX8" lang="EN-US" data-contrast="none"><span class="NormalTextRun SCXW86823456 BCX8">Certifications such as CRISC, CISM, or CISSP are valued, but practical experience and business judgment matter more.</span></span><span class="EOP SCXW86823456 BCX8" data-ccp-props="{"201341983":0,"335559738":40,"335559739":40,"335559740":240}"> </span></li>
</ul>
<p><em>We enjoy an ‘office-first’ culture and maximize opportunities to collaborate, connect and learn together. Our hybrid working models differ depending on your role and location. </em></p>
<p><em>As well as a competitive salary and range of benefits, we’re committed to supporting employee wellbeing and helping you grow your skills, experience and career. Learn more about how rewarding life at Genius can be at</em><a href="https://www.geniussports.com/reward/"><em> Reward | Genius Sports.</em></a><em> </em></p>
<p><strong><em>One team, being brave, driving change</em></strong><em> </em></p>
<p><em>We strive to create an</em> <em>inclusive working environment, where everyone feels a sense of belonging and</em> <em>the ability to make a difference. Learn more about our values and culture at</em><a href="https://www.geniussports.com/culture/"><em> Culture | Genius</em></a></p>
<p><em>Let us know when you apply if you need any assistance during the recruiting process due to a disability.</em></p>
<p> </p>
<p> </p>
753,000+ hidden jobs like this
Genius Sports and thousands of companies post here first — often days before LinkedIn or Indeed. Your first 5 applications are free; go Pro to apply without limits.
Everything Pro unlocks:
- Unlimited applications — free stops at 5
- Track every application in one place
- Apply straight to the source, one click
- Save & organize roles you love
- Roles pulled from company boards before the big sites
