Cyber Risk Manager

By bringing together next-gen technology and the finest live data available, Genius Sports is enabling a new era of sports for fans worldwide, delivering experiences that are more immersive, interactive and personalised than ever before. Learn more at geniussports.com THE ROLE: Genius Sports is strengthening how it identifies, quantifies, and manages cyber risk across the enterprise. As Cyber Risk Manager, you will be the operational backbone of our security risk management practice, building the structures, language, and habits that enable the business to make informed, risk-aware decisions related to cybersecurity every day. You will sit within the Information Security function and report directly to the VP of Cyber Security, working as a peer to the GRC Manager. Where your GRC colleague focuses on compliance assurance and certification frameworks, your mandate is broader: understanding and communicating security risk as a business issue, not just a technical or regulatory one. Your mission: translate the threat landscape into clear risk positions, drive consistent treatment and ownership across the enterprise, and build a security risk management capability that scales with Genius as it grows. WHAT YOU'LL DO: Build and Operate the Cyber Risk Program Design and own processes for managing security risks in alignment with our broader enterprise risk management framework - defining how security risks are identified, assessed, prioritized, and tracked. Maintain and continuously evolve a security risk register that is actionable and business-relevant, not a compliance artifact. Ensure security risk posture is visible, understood, and regularly reviewed at leadership level. Translate S ecurity Risk into Business Language Serve as the bridge between technical security findings and business decision-makers, framing security risk in terms of operational, financial, and reputational impact. Prepare clear, concise security risk reporting for senior stakeholders and ExCo, including heat maps, trend analysis, and treatment status. Support board-level reporting on cyber risk exposure alongside the CIO and VP of Cyber. Drive Risk Treatment and Accountability Work with business and technology owners to ensure security risks have clear owners, agreed treatment plans, and tracked remediation timelines. Challenge and pressure-test risk acceptance decisions, ensuring they are informed, documented, and time-bound. Follow up on treatment commitments and escalate stalled or overdue risk items through the right channels. Identify systemic security risk patterns and surface them as strategic priorities for the VP and CIO Manage Third-Party and Supply Chain Risk Own the vendor and third-party risk assessment process, ensuring critical suppliers are assessed proportionately and reviewed on a regular cycle. Work with Sourcing and Procurement to embed cyber risk criteria into vendor onboarding and contract renewal workflows. Maintain visibility of concentration cyber risk and dependency risk across key technology providers. Support Resilience and Incident Learning Contribute to business continuity and disaster recovery planning from a cyber risk lens, ensuring recovery priorities reflect actual business risk. Participate in post-incident reviews to identify systemic security risk and feed lessons learned back into the risk register. Support threat intelligence consumption and translate emerging threat actor activity into risk implications for the business. Partner Across the Security Function Work closely with the GRC Manager to ensure compliance requirements are risk-informed, and that audit findings translate into risk register updates. Collaborate with Security Operations and Engineering to understand the threat and vulnerability landscape and translate technical exposure into risk terms. Support the VP of Cyber Security in building a cohesive, integrated security function where risk, compliance, and operations rein ... (truncated, view full listing at source)