Senior Risk Management Analyst; Hybrid - Seattle

Position: Senior Risk Management Analyst (Hybrid - Seattle)
###
** Job Description
** Join Nordstrom's Technology team as a Senior Risk Management Analyst, where you'll play a pivotal role in shaping our enterprise cybersecurity risk strategy. You will be a trusted advisor to leadership, building comprehensive risk assessment methodologies that protect our organization, enable informed decision-making, and ensure we remain audit-ready across complex regulatory and threat  this role, you will lead cybersecurity risk management initiatives across the enterprise, designing frameworks and operational workflows that integrate multiple risk domains while aligning with business objectives.

You will have authority to design assessment methodologies, establish operational standards, and make significant commitments for audit engagements, third-party assessments, and GRC platform implementations.
** A Day in the Life...
**** Methodology Design & Operational Standards**
* ** Design comprehensive assessment methodologies
** for enterprise cybersecurity risks, creating frameworks that integrate multiple risk domains and align with business objectives
* ** Develop operational standards and quality criteria
** for risk management processes, ensuring consistency and effectiveness across the organization
* ** Design operational workflows
** that optimize risk management processes while maintaining audit trail integrity and regulatory compliance
* ** Implement integrated controls across multiple technology and business domains,
** ensuring comprehensive risk coverage and efficient resource utilization
** Third-Party & External Relationship Management**
* ** Manage third-party risk assessments
** including external audit engagements, vendor security evaluations, and specialized consulting projects
* ** Serve as primary liaison
** with external auditors and risk stakeholders, representing the organization's cybersecurity risk posture and remediation efforts
* ** Make significant commitments
** for audit engagements, third-party risk assessments, and GRC platforms within established enterprise frameworks
** Strategic Alignment & Leadership**
* ** Align operational activities with strategic objectives
** by participating in medium-term planning (6-18 months) and ensuring risk initiatives support business goals and regulatory expectations
* ** Lead senior stakeholder workshops on complex risk topics,
** facilitating decision-making and consensus-building around risk tolerance and treatment strategies
* ** Coordinate cross-functional risk initiatives
** across Security, IT, Legal, and Business teams to ensure comprehensive risk coverage and strategic execution
* ** Contribute to the strategic vision and roadmap
** for Enterprise Risk Management**,
** developing reusable, scalable solutions to enhance program efficiency and support organizational growth
** Stakeholder Engagement & Risk Communication**
* ** Educate senior stakeholders
** on cybersecurity risk requirements and emerging threats through workshops, strategic sessions, and consultation to improve organizational risk awareness and readiness
* ** Facilitate decision-making processes
** around complex risk scenarios, helping leadership understand risk tolerance options and treatment strategies
* ** Provide expert guidance
** on risk assessment and treatment across diverse business contexts and technical environments
** You Own This If You Have...
**** Required Qualifications
***
* Experience:

*** 6-8 years of cybersecurity risk management experience with demonstrated leadership of cross-functional initiatives
* Proven track record of designing and implementing enterprise-level risk methodologies across multiple domains
* Experience managing external audit engagements and serving as primary liaison with auditors and risk stakeholders
* Demonstrated ability to align risk operations with strategic business objectives through medium-term planning
*
* Education:

*** Bachelor's or Master's degree in Information Technology, Computer Science, Cybersecurity, Risk Management, or related field, or equivalent work experience
** Technical Knowledge:
*** Expertise in multiple cybersecurity risk domains and frameworks (NIST CSF, ISO 27001, NIST RMF, CIS Controls, SOC 2, PCI DSS)
* Deep understanding of enterprise risk architecture and integrated control frameworks
* Knowledge of operational workflow design and process optimization for risk management
* Experience developing operational standards and quality criteria for risk management processes
*
* Skills:

*** Advanced methodology development and enterprise framework design capabilities
* Excellence in stakeholder management and external audit relationship management
* Strong ability to facilitate senior leadership workshops and drive consensus on complex risk topics
* Ability to make significant commitments and design workflows within enterprise governance structures
* Excellent written and verbal communications, including presentation skills, and proven ability to effectively communicate with all levels of the organization, as well as with external…