Manager, Cybersecurity Risk Management

Requisition

• Relocation Authorized:
  None
• Telework Type:
  Part-Time Telework
• Work Location:
  
  Reston, VA

The Manager, Cybersecurity Risk Management focuses on managing and reporting on cyber risks globally across Bechtel. The role drives a comprehensive risk management program, supports peer cybersecurity teams, identifies and mitigates security risks, and provides technical guidance across the organization.

• Develop and maintain a comprehensive cybersecurity risk management strategy, lead enterprise‑wide cyber risk assessments and mitigation / remediation activities.
• Collaborate with IT, legal, compliance, and business units to embed risk mitigation strategies in operations.
• Monitor emerging threats and adjust risk posture accordingly.
• Present risk analysis, metrics, and mitigation plans to management and stakeholders.
• Identify risk and mitigating controls for information security exceptions per company policies and industry standards (ISO 27001, NIST, GDPR, HIPAA, CIS, FedRAMP).
• Mentor and develop junior risk analysts and cybersecurity professionals.
• Assist with the administration and maintenance of the Service Now GRC platform.

• Translate risk insights into strategic decisions and enterprise‑wide policies.
• Contribute to the design of cybersecurity strategies by advising on risk reduction priorities related to exception and risk register trends.
• Develop metrics to track exception mitigation rates, approval / review rates, aging, and SLA compliance.
• Drive initiatives that reduce recurring exception requests through enterprise‑wide solutions.

• Monitor effectiveness of the information security exceptions process per agreed metrics.
• Conduct root cause analysis on recurring issues to enhance process efficiency and reduce exception requests.
• Collaborate with cross‑functional teams to gather, interpret, and validate mitigating controls.

Requires bachelor’s degree plus 8+ years experience in information security risk, with at least 3 years in a risk management role or similar function.

• Strong knowledge of cybersecurity frameworks, company policies, and regulatory requirements.
• Strong expertise across commercial and government cloud services (AWS, Azure, GCP, OCI, etc.), on‑premises and application environments.
• Experience with tools such as Service Now, GRC tools, Power BI, and cloud technologies.
• Strong knowledge of risk frameworks (ISO 27005, NIST, ISO, PCI, SOX).
• Proven ability to translate complex technical concepts into plain language for decision‑makers.
• Skilled in preparing polished deliverables that support informed decision‑making.
• Team player who builds trust across technical and non‑technical teams.
• Demonstrated ability to work independently, adapt quickly, and drive tasks forward with limited direction.
• Strong project management and delegation skills across diverse, cross‑functional initiatives.

• Certifications such as CISSP, CISM, CRISC, or CISA.
• 5+ years of prior experience in EPCM (Engineering, Procurement, Construction / Project Management); preference for global company background and/or Fortune 500 and/or EPC industry.
• Comfortable working in a highly iterative environment, both structured and unstructured.
• Metrics and visualization tools knowledge a plus (Service Now, Power BI, Tableau).
• Advanced user of M365 Suite to prepare all project plans, deliverables, presentations, reports, and findings.

Bechtel offers a robust benefits package to support career growth, program delivery, and personal well‑being.

Bechtel is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity and expression, age, national origin, disability, citizenship status (except as authorized by law), protected veteran status, genetic information, and any other characteristic protected by federal, state or local law. Applicants with a disability, who require a reasonable accommodation for any part of the application or hiring process, may e‑mail their request to .