×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security

Senior Enterprise Risk Manager

Job in Denver, Denver County, Colorado, 80285, USA
Listing for: True Anomaly
Full Time position
Listed on 2026-06-01
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security
Job Description & How to Apply Below
Space is a war fighting domain. True Anomaly seeks those with the talent and ambition to build the technology that secures it.

OUR MISSION

True Anomaly delivers decisive capabilities for space superiority. We build autonomous spacecraft, advanced payloads, mission software, and space-based interceptors - enabling the U.S. and its Allies to secure the space environment and counter threats from the ultimate high ground.

OUR VALUES
  • Be the offset. We create asymmetric advantages with creativity and ingenuity.
  • What would it take? We challenge assumptions to deliver ambitious results.
  • It's the people. Our team is our competitive advantage and we are better together.
Your Mission

We are seeking a Senior Enterprise Risk Manager to build, lead, and mature two distinct but interconnected lines of effort:
Enterprise Risk Management (ERM) and Third-Party Vendor Risk Management (TPVRM). This is a foundational leadership role for a seasoned risk professional who thrives in fast-moving, mission-critical environments and understands the unique demands of operating at the intersection of defense, aerospace, and commercial SaaS.

The ideal candidate brings deep experience navigating regulated government environments-including RMF, DoD IL5/IL6, and CMMC-and is fluent in industry-standard risk quantification and assessment methodologies such as FAIR (Factor Analysis of Information Risk) and OCTAVE (Operationally Critical Threat, Asset, and Vulnerability Evaluation). They pair that expertise with a startup mindset that enables them to build programs from the ground up, not just maintain inherited ones.

You will work cross-functionally with engineering, security, legal, compliance, product, and executive leadership to identify, assess, communicate, and mitigate risk across the enterprise and its extended supply chain.

Responsibilities:

Enterprise Risk Management
  • Design, implement, and continuously mature a scalable enterprise risk management program aligned to NIST RMF, ISO 31000, and applicable DoD frameworks.
  • Apply FAIR methodology to quantify cyber and operational risk in financial terms, enabling data-driven prioritization and executive-level risk decision-making.
  • Leverage OCTAVE or similar threat-centric methodologies to lead structured risk assessments that identify critical assets, threat profiles, and organizational vulnerabilities.
  • Establish and maintain an enterprise risk register, risk appetite statements, and risk tolerance thresholds in collaboration with executive leadership and the Board (as applicable).
  • Lead recurring risk identification, assessment, and prioritization processes across business units, ensuring alignment between operational risk posture and strategic objectives.
  • Develop and maintain executive-ready risk dashboards, KPI/KRI reporting, and program metrics using tools such as Jira, Confluence, GRC platforms, and MS Project.
  • Conduct and coordinate internal audits and risk assessments to ensure adherence to DoD compliance standards, including NIST SP 800-53 Rev. 5, NIST SP 800-171, RMF (IL5 and IL6), and CMMC Level 3.
  • Support audit readiness activities including pre-assessment preparation, evidence collection, POA&M management, and post-audit remediation planning.
  • Develop, implement, and mature information security and enterprise risk policies, standards, and guidelines based on industry best practices.
  • Serve as a primary point of contact for internal stakeholders, executive leadership, and external assessors, certification bodies, and government partners.
Third-Party Vendor Risk Management
  • Build and lead a formalized Third-Party Vendor Risk Management program, establishing vendor classification tiers, risk assessment methodologies, and ongoing monitoring cadences.
  • Define and operationalize vendor onboarding risk assessments, including security questionnaires, compliance validations, and contractual risk controls (e.g., SLAs, right-to-audit clauses, data handling requirements).
  • Maintain a vendor risk inventory and lifecycle management process covering initial due diligence through offboarding, ensuring continuous visibility into third-party risk exposure.
  • Collaborate with legal, procurement, and supply chain teams to embed risk criteria into vendor selection, contract negotiation, and renewal processes.
  • Monitor third-party vendors for changes in risk posture, including cybersecurity incidents, financial instability, regulatory actions, and ITAR/export control concerns.
  • Develop vendor risk reporting and executive-level dashboards to provide ongoing transparency into third-party exposure across critical suppliers and technology partners.
  • Ensure TPVRM program alignment with applicable regulatory requirements including CMMC supply chain requirements, DFARS clauses, and DoD IL environment authorization boundaries.
Cross-Functional Leadership
  • Build, mentor, and provide technical guidance to junior risk team members and project contributors across both lines of effort.
  • Drive alignment across engineering, security operations, product…
Position Requirements
10+ Years work experience
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search