Security and Risk Lead

Job Summary:The Security and Risk Lead is responsible for overseeing organizational security posture, risk management, and compliance activities. This role provides leadership in identifying, assessing, and mitigating security and operational risks while ensuring alignment with regulatory requirements, internal policies, and business objectives. The Security and Risk Lead serves as a key advisor to leadership and acts as a bridge between technical teams, business stakeholders, and governance functions.Job Duties:Lead enterprise security and risk management efforts by identifying, assessing, and mitigating cybersecurity, operational, and compliance risks across the organization.Establish and enforce security governance frameworks, ensuring alignment with regulatory requirements, industry standards, and internal policies.Serve as a strategic advisor to senior leadership, providing insights on risk posture, emerging threats, and mitigation strategies to support business objectives.Collaborate with technical teams, business units, and governance functions to integrate security best practices into operations, programs, and service delivery.Drive continuous improvement of security and compliance processes, including risk assessments, audits, and remediation planning to strengthen overall organizational resilience.Security Governance & StrategyDevelop, implement, and maintain security and risk management strategies aligned with organizational goalsEstablish security governance frameworks, policies, standards, and proceduresEnsure alignment with applicable regulatory, contractual, and compliance requirements (e.g., NIST, ISO, FedRAMP, HIPAA, CJIS, GCC/GCC‑H where applicable) Risk ManagementIdentify, assess, and prioritize security, operational, and technology risksMaintain risk registers and facilitate risk reviews with stakeholdersDefine mitigation strategies and track remediation activitiesProvide risk impact analysis and reporting to executive leadershipCompliance & AuditLead security compliance efforts, including internal and external auditsCoordinate responses to audit findings and track corrective actionsEnsure continuous compliance with security controls and governance requirementsSecurity Operations OversightOversee incident response planning and executionCollaborate with infrastructure, application, and network teams to address security gapsSupport vulnerability management, access controls, and data protection initiativesStakeholder EngagementAct as a trusted advisor to leadership, program managers, and technical teamsTranslate technical security risks into clear business impact statementsCoordinate with customers, vendors, and partners on security and risk mattersDocumentation & ReportingDevelop and maintain security documentation, including risk assessments, policies, and proceduresProduce executive-level reports and dashboards on security posture and risk trendsRequired Qualifications:Bachelor's degree in information security, Computer Science, Risk Management, or a related field (or equivalent experience) 8+ years of experience in information security, risk management, or governance roles Strong knowledge of security frameworks, standards, and compliance requirements Experience leading risk assessments, audits, and mitigation efforts Ability to communicate complex security concepts to diverse audiencesPreferred Qualifications & Skills: Compensation:We provide a competitive pay and benefits package. This position is offering a salary range of $150,000 Belcan considers several factors when extending an offer, including but not limited to education, experience, geographic location, and discipline. Benefits offered may include health care, dental, vision, life insurance; 401(k); education assistance; paid time off including PTO, holidays, and any other paid leave required by law. www.belcan.com Belcan is an equal opportunity employer. Your application and candidacy will not be considered based on race, color, sex, religion, creed, sexual orientation, gender identity, national origin, disability, genetic information, pregnancy, veteran status or any other characteristic protected by federal, state or local laws.