ServiceNow is hiring a Risk Manager

Responsibilities

• Conduct comprehensive risk assessments across infrastructure, endpoints, identity management, data protection, and cloud environments.
• Identify, document, and track security gaps and remediation activities in the enterprise risk register.
• Perform control effectiveness testing and support continuous monitoring initiatives to ensure ongoing compliance posture.
• Partner with Security Architecture, IT Operations, SecOps, Internal Audit, and Legal & Compliance to align security controls and risk mitigation strategies.
• Translate complex technical findings and compliance status into executive-ready reports, dashboards, and briefings for senior principals.
• Act as a subject matter expert for CMMC and NIST compliance across the organization, providing guidance and training to stakeholders.
• Support the development and maturation of GRC processes including policy management, control mapping, audit support, and evidence management workflows.
• Evaluate and recommend GRC tooling and automation opportunities to increase efficiency and accuracy of compliance operations.
• Contribute to enterprise-wide assessment campaigns and support regulatory change management activities.
• Leverage ServiceNow IRM (Integrated Risk Management) modules — including Risk Management, Policy & Compliance Management, Audit Management, and Vendor Risk Management — to manage and operationalize compliance workflows.
• Utilize ServiceNow SecOps (Security Incident Response, Vulnerability Response), CMDB/APM, ITSM, and IT Asset Management to support integrated security and compliance operations.
• Build and maintain GRC dashboards, reports, and Performance Data views to provide executive visibility into risk posture, control coverage, and compliance status.
• Drive workflow automation within the ServiceNow platform to streamline evidence collection, control testing, risk scoring, and remediation tracking.

Requirements

• Guiding initiatives related to CMMC (Cybersecurity Maturity Model Certification) Level 2 readiness, NIST framework implementation, and enterprise-wide risk assessment across infrastructure, endpoints, identity, cloud, and data protection domains.
• Partnering closely with Security Architecture, IT Operations, SecOps, Internal Audit, Legal & Compliance, and Executives to assess risk, implement controls, and ensure compliance with federal contracting standards.
• Driving compliance and risk management in areas such as CMMC 2.0 Level 2 Assessment Readiness & Certification, NIST SP 800-171 / NIST CSF Control Mapping & Implementation, Enterprise Risk Assessment & Remediation Planning, System Security Plans (SSP) & Plan of Action & Milestones (POA&M), GRC Process Maturity & Automation, and Federal Compliance Documentation & Evidence Management.
• Conducting comprehensive risk assessments across infrastructure, endpoints, identity management, data protection, and cloud environments.
• Identifying, documenting, and tracking security gaps and remediation activities in the enterprise risk register.
• Performing control effectiveness testing and supporting continuous monitoring initiatives to ensure ongoing compliance posture.
• Partnering with Security Architecture, IT Operations, SecOps, Internal Audit, and Legal & Compliance to align security controls and risk mitigation strategies.
• Translating complex technical findings and compliance status into executive-ready reports, dashboards, and briefings for senior principals.
• Acting as a subject matter expert for CMMC and NIST compliance across the organization, providing guidance and training to stakeholders.
• Supporting the development and maturation of GRC processes including policy management, control mapping, audit support, and evidence management workflows.
• Evaluating and recommending GRC tooling and automation opportunities to increase efficiency and accuracy of compliance operations.
• Contributing to enterprise-wide assessment campaigns and supporting regulatory change management activities.
• Leveraging ServiceNow IRM modules — including Risk Management, Policy & Compliance Management, Audit Management, and Vendor Risk Management — to manage and operationalize compliance workflows.
• Utilizing ServiceNow SecOps (Security Incident Response, Vulnerability Response), CMDB/APM, ITSM, and IT Asset Management to support integrated security and compliance operations.
• Building and maintaining GRC dashboards, reports, and Performance Data views to provide executive visibility into risk posture, control coverage, and compliance status.
• Driving workflow automation within the ServiceNow platform to streamline evidence collection, control testing, risk scoring, and remediation tracking.