Senior Cybersecurity Risk Assessor (Risk Manager)

Role: Sr. Cybersecurity Risk Assessor (Risk Manager)

Location: US Remote (Dallas, TX preferred)

Synonymous Business Title (s): Sr. Risk Assessor

Overview:

Blue Yonder is a global leader in digital supply chain management solutions, specializing in AI-driven platforms offering comprehensive supply chain management solutions, including planning, execution, and omni-channel commerce.

The Sr. Cybersecurity Risk Assessor (Risk Manager) is responsible for leading, maturing, and overseeing Blue Yonder’s enterprise cybersecurity risk management program. This role ensures risks across products, cloud environments, third‑party vendors, and internal systems are identified, assessed, prioritized, and mitigated in alignment with Blue Yonder’s security policies, NIST-based frameworks, and industry best practices. The manager partners cross‑functionally with Security Engineering, IT, Product, Cloud, Legal, GRC, and business leaders to ensure a consistent, risk‑aware culture and effective governance model.

What You’ll Be Doing:

Risk Identification & Assessment

• Lead the execution of cybersecurity risk assessments across products, SaaS platforms, infrastructure, cloud environments, vendors, and business processes.
• Apply NIST RMF (800‑37, 800‑30, 800‑53), ISO 27001/27701/22301, and internal Blue Yonder cybersecurity standards in all assessments.
• Maintain and enhance the enterprise risk register, ensuring all risks are documented, categorized, and monitored.

Risk Treatment & Mitigation

• Develop and drive risk‑response plans, collaborating with system owners, product teams, engineering, and cloud operations.
• Validate mitigation effectiveness and track remediations through closure.
• Provide expert recommendations on security controls, configuration standards, and compensating controls.

Risk Monitoring & Governance

• Build KPIs, KRIs, dashboards, and reporting mechanisms to measure risk posture and program performance.
• Present risk trends, escalations, and mitigation progress to senior leadership.
• Ensure compliance with internal policies such as Cybersecurity Policy, Access Control Policy, Acceptable Use, and Information Classification Standards.

Cross‑Functional Leadership

• Partner with Threat & Vulnerability Management, Application Security, Security Architecture, and GRC teams to ensure unified risk strategy and visibility.
• Collaborate with Legal, Compliance, and Commercial teams on contract risk requirements and customer security obligations.

Security Culture & Awareness

• Promote a risk‑aware culture by educating stakeholders on risk principles, threat landscapes, and security responsibilities.
• Contribute to ongoing training and awareness initiatives aligned with Blue Yonder’s enterprise security program.

What We’re Looking For:

Required Qualifications

• 5+ years in cybersecurity risk management, governance, or security engineering in a complex enterprise (cloud and on‑prem environment).
• Deep familiarity with NIST CSF, NIST RMF, ISO 27001/27701, SOC 2, and related frameworks.
• Experience performing and maturing risk assessments across technology stacks and business processes.
• Strong understanding of cloud platforms (AWS, Azure, GCP), SaaS environments, and modern enterprise architectures.
• Ability to translate technical risks into business‑level insights for executive stakeholders.

Preferred / Nice-to-Have

• Experience assessing risk associated with AI and Machine Learning.
• CRISC certification or other relevant certification