Contact Us

Cyber Risk Management Engineer

By /

Cyber Risk Management Engineer

 

Company: O2Cyber
Location: Remote (U.S.-based)
Employment Type: Full-time

About O2Cyber

O2Cyber is a specialized cybersecurity services company helping organizations across healthcare, banking, and critical infrastructure sectors secure their digital assets. We offer modern, AI-driven solutions across security strategy, penetration testing, vulnerability management, SOC, and more. Learn more at o2cyber.com.

Role Overview

We are looking for a Cyber Risk Management Engineer with a strong background in cybersecurity risk assessment, compliance, and technology-driven risk governance. The ideal candidate will help clients develop, implement, and mature their risk management programs, leveraging both process and automation—including AI-based tools and platforms.

Key Responsibilities

  • Design and implement enterprise-level cybersecurity risk management programs
  • Maintain and automate risk registers, including those powered by AI-based platforms
  • Map and track risks across regulatory frameworks including GDPR, HIPAA, PCI-DSS, SOX, ISO 27001, and SOC 2
  • Collaborate with clients to align risk posture with business objectives and regulatory requirements
  • Lead risk workshops, develop risk mitigation plans, and report key metrics to stakeholders
  • Manage third-party/vendor cybersecurity risks, including assessments and remediation tracking
  • Work closely with technical and compliance teams to ensure risk transparency and accountability
  • Advise clients on emerging risks and evolving threat landscapes in cloud and hybrid environments

Qualifications

  • 5–7 years of hands-on experience in cybersecurity risk management or GRC
  • Strong understanding of cybersecurity principles, frameworks, and threat landscapes
  • Experience with automated or AI-enhanced risk register tools
  • Working knowledge of cloud security (AWS, Azure, GCP)
  • Demonstrated experience supporting compliance efforts for GDPR, HIPAA, PCI, SOX, ISO 27001, SOC 2, etc.
  • Ability to translate technical risks into business language for executive reporting
  • Certifications such as CISSP, CRISC, CISA, or similar are preferred
  • Excellent communication and stakeholder management skills

What We Offer

  • 100% Remote Work
  • Competitive compensation package
  • Growth opportunities in a rapidly expanding cybersecurity firm
  • A collaborative environment focused on client success and innovation

Why Join O2Cyber?

This is a high-impact role that enables you to work across industries and influence the risk posture of major organizations. As part of our elite team, you’ll have the autonomy to drive change and innovate in a supportive, forward-thinking environment.

 

Job Category: Engineer
Job Type: Full Time
Job Location: Remote (US based)

Apply for this position

Allowed Type(s): .pdf, .doc, .docx

Talk to Us

Ready to become cyber resilient

Meet with our security experts to discuss your use cases, technology and pain points and learn how O2 Cyber can help


    Trusted next generation cyber partner

    Instagram X-twitter Linkedin

    Expertise

    Quick Links

    Support

    Newsletter


      Copyright 2025. All rights reserved

      Scroll to Top

      Level 4: Cyber Security Incident Response Process (CSIRP)

      At the SOC’s most advanced level are managers and chief officers and they will be more engaged and execute this process. This group oversees all SOC team activities and is responsible for hiring and training, plus evaluating individual and overall performance. Level 4's step in during crises, and, specifically, serve as the liaison between the Security team and the rest of the organization. They are also responsible for ensuring compliance with organization, industry and government regulations.

      Level 3: Proactive security operations

      The security managers are informed and specialist crew are involved and begin moving from reactive to proactive security actions. Personnel are likely expert security analysts who are actively searching for vulnerabilities within the network and hunting for threats. They will use advanced threat detection tools to diagnose weaknesses and make recommendations for overall security improvement. Within this group, you might also find specialists, such as forensic investigators, compliance auditors or cybersecurity analysts. They will decide to escalate Level 4.

      Level 2: Cyber Incident Remediation

      These personnel can quickly get to the root of the problem and assess which part of your infrastructure is an issue or at risk. They will follow a well defined playbook process and makes decision to remediate the problem based on knowledge of the issue and environments. They will flag certain issues for additional investigation outside of the incident response protocol and when to escalate to Level 3.

      Level 1: First responders

      The first line of incident responders are group of security analysts who will be eyes on glass 24x7 and watch for alerts. They are primarily tasked to look at the urgency of an alert, can it be solved within their confines which is automated playbook / orchestration or follow up on established playbooks. Based on the above they play a role to escalate to Level 2. They are also responsible to run statistics and SOC reports for review. Behavioral analytics and AI based beta models are adopted for advanced needs to act as L1.