Senior Risk Management Analyst (Hybrid - Seattle)

Join Nordstrom's Technology team as a Senior Risk Management Analyst, where you'll play a pivotal role in shaping our enterprise cybersecurity risk strategy. You will be a trusted advisor to leadership, building comprehensive risk assessment methodologies that protect our organization, enable informed decision-making, and ensure we remain audit-ready across complex regulatory and threat landscapes.

In this role, you will lead cybersecurity risk management initiatives across the enterprise, designing frameworks and operational workflows that integrate multiple risk domains while aligning with business objectives. You will have authority to design assessment methodologies, establish operational standards, and make significant commitments for audit engagements, third-party assessments, and GRC platform implementations.

Are you a strategic thinker with deep expertise in cybersecurity risk management? Do you have a passion for building scalable programs that enable business growth while managing enterprise risk? Do you think about ways to integrate risk-by-design principles into everything we do? Join our team and be part of a company that is on the cutting edge of retail technology, committed to getting consumers the products they love in a safe and secure environment.

A Day in the Life...

Methodology Design & Operational Standards

• Design comprehensive assessment methodologies for enterprise cybersecurity risks, creating frameworks that integrate multiple risk domains and align with business objectives
• Develop operational standards and quality criteria for risk management processes, ensuring consistency and effectiveness across the organization
• Design operational workflows that optimize risk management processes while maintaining audit trail integrity and regulatory compliance
• Implement integrated controls across multiple technology and business domains, ensuring comprehensive risk coverage and efficient resource utilization

Third-Party & External Relationship Management

• Manage third-party risk assessments including external audit engagements, vendor security evaluations, and specialized consulting projects
• Serve as primary liaison with external auditors and risk stakeholders, representing the organization's cybersecurity risk posture and remediation efforts
• Make significant commitments for audit engagements, third-party risk assessments, and GRC platforms within established enterprise frameworks

Strategic Alignment & Leadership

• Align operational activities with strategic objectives by participating in medium-term planning (6-18 months) and ensuring risk initiatives support business goals and regulatory expectations
• Lead senior stakeholder workshops on complex risk topics, facilitating decision-making and consensus-building around risk tolerance and treatment strategies
• Coordinate cross-functional risk initiatives across Security, IT, Legal, and Business teams to ensure comprehensive risk coverage and strategic execution
• Contribute to the strategic vision and roadmap for Enterprise Risk Management, developing reusable, scalable solutions to enhance program efficiency and support organizational growth

Stakeholder Engagement & Risk Communication

• Educate senior stakeholders on cybersecurity risk requirements and emerging threats through workshops, strategic sessions, and consultation to improve organizational risk awareness and readiness
• Facilitate decision-making processes around complex risk scenarios, helping leadership understand risk tolerance options and treatment strategies
• Provide expert guidance on risk assessment and treatment across diverse business contexts and technical environments

You Own This If You Have...

Required Qualifications

Experience:

• 6-8 years of cybersecurity risk management experience with demonstrated leadership of cross-functional initiatives
• Proven track record of designing and implementing enterprise-level risk methodologies across multiple domains
• Experience managing external audit engagements and serving as primary liaison with auditors and risk stakeholders
• Demonstrated ability to align risk operations with strategic business objectives through medium-term planning

Education:

• Bachelor's or Master's degree in Information Technology, Computer Science, Cybersecurity, Risk Management, or related field, or equivalent work experience

Technical Knowledge:

• Expertise in multiple cybersecurity risk domains and frameworks (NIST CSF, ISO 27001, NIST RMF, CIS Controls, SOC 2, PCI DSS)
• Deep understanding of enterprise risk architecture and integrated control frameworks
• Knowledge of operational workflow design and process optimization for risk management
• Experience developing operational standards and quality criteria for risk management processes

Skills:

• Advanced methodology development and enterprise framework design capabilities
• Excellence in stakeholder management and external audit relationship management
• Strong ability to facilitate senior leadership workshops and drive consensus on complex risk topics
• Ability to make significant commitments and design workflows within enterprise governance structures
• Excellent written and verbal communications, including presentation skills, and proven ability to effectively communicate with all levels of the organization, as well as with external parties and auditors
• Strong bias for results and can operate with autonomy to address bottlenecks, provide escalation management, anticipate and make trade-offs, and encourage behavior to maximize business benefit

Preferred Qualifications

Advanced Education:

• Master's degree in Cybersecurity, Risk Management, or Business Administration valued

Advanced Certifications:

• Multiple advanced professional certifications preferred (CISSP, CRISC, CISA, CISM)
• Specialized certifications valued (CISSP-ISSAP, CISSP-ISSEP, SABSA, TOGAF, or equivalent architecture/management certifications)

Additional Experience:

• Experience with GRC platform implementation and management
• Background in consulting or audit firms focused on cybersecurity risk
• Experience leading enterprise-wide risk transformation initiatives
• Technical background with demonstrated proficiency in security tooling and automation

We’ve got you covered…

Our employees are our most important asset and that’s reflected in our benefits. Nordstrom is proud to offer a variety of benefits to support employees and their families, including:

• Medical/Vision, Dental, Retirement and Paid Time Away

• Life Insurance and Disability

• Merchandise Discount and EAP Resources

A few more important points...

The job posting highlights the most critical responsibilities and requirements of the job. It’s not all-inclusive. There may be additional duties, responsibilities and qualifications for this job.

For Los Angeles or San Francisco applicants: Nordstrom is required to inform you that we conduct background checks after conditional offer and consider qualified applicants with criminal histories in a manner consistent with legal requirements per Los Angeles, Cal. Muni. Code 189.04 and the San Francisco Fair Chance Ordinance. For additional state and location specific notices, please refer to the Legal Notices document within the FAQ section of the Nordstrom Careers site.

Applicants with disabilities who require assistance or accommodation should contact the nearest Nordstrom location, which can be identified at www.nordstrom.com. 

Please be mindful that there may be legal notices and requirements related to this job posting that are specific to your state. Review the Career Site FAQ’s for relevant information and guidelines.

© 2022 Nordstrom, Inc  

Current Nordstrom employees: To apply, log into Workday, click the Careers button and then click Find Jobs.

Nordstrom keeps job postings open for at least one day after the posting date.

Pay Range Details

The pay range(s) below has been provided in compliance with state specific laws. Pay ranges may be different for other locations. 
Pay offers are dependent on the location, as well as job-related knowledge, skills, and experience.

$166,000.00 - $258,000.00 Annual

This position may be eligible for performance-based incentives/bonuses. Benefits include 401k, medical/vision/dental/life/disability insurance options, PTO accruals, Holidays, and more. Eligibility requirements may apply based on location, job level, classification, and length of employment. Learn more in the Nordstrom Benefits Overview by copying and pasting the following URL into your browser: https://careers.nordstrom.com/pdfs/Ben_Overview_17-19.pdf