Cyber Risk Manager

By bringing together next-gen technology and the finest live data available, Genius Sports is enabling a new era of sports for fans worldwide, delivering experiences that are more immersive, interactive and personalised than ever before. Learn more at geniussports.com  

THE ROLE:

Genius Sports is strengthening how it identifies, quantifies, and manages cyber risk across the enterprise. As Cyber Risk Manager, you will be the operational backbone of our security risk management practice, building the structures, language, and habits that enable the business to make informed, risk-aware decisions related to cybersecurity every day. 

You will sit within the Information Security function and report directly to the VP of Cyber Security, working as a peer to the GRC Manager. Where your GRC colleague focuses on compliance assurance and certification frameworks, your mandate is broader: understanding and communicating security risk as a business issue, not just a technical or regulatory one. 

Your mission: translate the threat landscape into clear risk positions, drive consistent treatment and ownership across the enterprise, and build a security risk management capability that scales with Genius as it grows. 

WHAT YOU'LL DO: 

Build and Operate the Cyber Risk Program 

• Design and own processes for managing security risks in alignment with our broader enterprise risk management framework - defining how security risks are identified, assessed, prioritized, and tracked. 
• Maintain and continuously evolve a security risk register that is actionable and business-relevant, not a compliance artifact. 
• Ensure security risk posture is visible, understood, and regularly reviewed at leadership level. 

Translate Security Risk into Business Language 

• Serve as the bridge between technical security findings and business decision-makers, framing security risk in terms of operational, financial, and reputational impact. 
• Prepare clear, concise security risk reporting for senior stakeholders and ExCo, including heat maps, trend analysis, and treatment status. 
• Support board-level reporting on cyber risk exposure alongside the CIO and VP of Cyber. 

Drive Risk Treatment and Accountability 

• Work with business and technology owners to ensure security risks have clear owners, agreed treatment plans, and tracked remediation timelines. 
• Challenge and pressure-test risk acceptance decisions, ensuring they are informed, documented, and time-bound. 
• Follow up on treatment commitments and escalate stalled or overdue risk items through the right channels. 
• Identify systemic security risk patterns and surface them as strategic priorities for the VP and CIO 

Manage Third-Party and Supply Chain Risk 

• Own the vendor and third-party risk assessment process, ensuring critical suppliers are assessed proportionately and reviewed on a regular cycle. 
• Work with Sourcing and Procurement to embed cyber risk criteria into vendor onboarding and contract renewal workflows. 
• Maintain visibility of concentration cyber risk and dependency risk across key technology providers. 

Support Resilience and Incident Learning 

• Contribute to business continuity and disaster recovery planning from a cyber risk lens, ensuring recovery priorities reflect actual business risk. 
• Participate in post-incident reviews to identify systemic security risk and feed lessons learned back into the risk register. 
• Support threat intelligence consumption and translate emerging threat actor activity into risk implications for the business. 

Partner Across the Security Function 

• Work closely with the GRC Manager to ensure compliance requirements are risk-informed, and that audit findings translate into risk register updates. 
• Collaborate with Security Operations and Engineering to understand the threat and vulnerability landscape and translate technical exposure into risk terms. 
• Support the VP of Cyber Security in building a cohesive, integrated security function where risk, compliance, and operations reinforce each other. 

WHAT YOU’LL BRING:

• Working knowledge of security related standards and regulations including SOC 2, ISO 27001, global privacy laws. 
• Ability to communicate risk credibly to both technical and non-technical audiences, including senior executives
• Experience building or maturing a security risk management program, not just operating within one. 
• Comfortable challenging risk owners and holding the line on treatment accountability without being adversarial.
• Understanding the threat landscape and how external factors translate into business-specific risk.  
• Experience with third-party risk management processes and vendor assessment methodologies. 
• Hands-on experience with GRC and risk register platforms, including Hyperproof or similar tools. A track record of automating risk reporting is a strong differentiator
• Certifications such as CRISC, CISM, or CISSP are valued, but practical experience and business judgment matter more. 

We enjoy an ‘office-first’ culture and maximize opportunities to collaborate, connect and learn together. Our hybrid working models differ depending on your role and location. 

As well as a competitive salary and range of benefits, we’re committed to supporting employee wellbeing and helping you grow your skills, experience and career. Learn more about how rewarding life at Genius can be at Reward | Genius Sports. 

One team, being brave, driving change  

We strive to create an inclusive working environment, where everyone feels a sense of belonging and the ability to make a difference. Learn more about our values and culture at Culture | Genius

Let us know when you apply if you need any assistance during the recruiting process due to a disability.