Sr Manager, Security Risk Management - Hybrid

Who We Are

Join a team that puts its People First! Since 1889, First American (NYSE: FAF) has held an unwavering belief in its people. They are passionate about what they do, and we are equally passionate about fostering an environment where all feel welcome, supported, and empowered to be innovative and reach their full potential. Our inclusive, people-first culture has earned our company numerous accolades, including being named to the Fortune 100 Best Companies to Work For® list for ten consecutive years. We have also earned awards as a best place to work for women, diversity and LGBTQ+ employees, and have been included on more than 50 regional best places to work lists. First American will always strive to be a great place to work, for all. For more information, please visit www.careers.firstam.com.

What We Do

First American is seeking an experienced and highly skilled Senior Manager of Security Risk Management to join our Information Security team. This role is pivotal in ensuring the integrity, confidentiality, and availability of our information assets. The Senior Manager will lead efforts to identify, assess, mitigate, measure, and monitor security risks across the organization, collaborating closely with various departments to embed security principles throughout our operations.

What You'll Do:

• Risk Governance: Develop information security risk assessment and management framework aligned with enterprise risk practices to assess, measure, monitor and mitigate security risks. Align security risks with frameworks such as NIST CSF, ISO 27005, etc.

• Risk Assessment and Management: Develop and implement enterprise-wide comprehensive risk assessments to identify potential security threats and vulnerabilities. Identify current and emerging security risks across business units. Identify, assess, and prioritize cyber risks across systems, data, applications and third parties.
• Risk Mitigation: Develop and implement risk mitigation strategies to safeguard First American's information assets. Recommend controls to reduce risks to acceptable levels and track remediation efforts.
• Risk Monitoring: Develop and monitor key risk indicators (KRIs). Map KRIs to risk assessment results and propose risk mitigation strategies.
• Risk Reporting: Develop risk report and dashboards. Communicate risk posture and trends to stakeholders and executive leadership.
• Risk Culture, Awareness and Training: Promote a strong risk-aware culture across the organization. Design and deliver risk awareness training, campaigns and communications.
• Team Leadership: Manage team members to deliver comprehensive information risk management solutions.
• Project Management: Support projects based on assessment of risks and threats. Develop project plans, review project designs and effort estimates. Report project status and critical issues to senior management.
• Stakeholder Engagement: Engage with senior representatives from across the enterprise, vendors, and auditors to provide full-spectrum alignment on information security risks, initiatives, and programs.
• Employee Development: Work to develop employees’ skills, evaluate performance, provide feedback, and lead by example, making the workplace of choice for top information risk management professionals.

What You'll Bring:

• Strong understanding of cybersecurity principles, frameworks, and threat landscape.
• Extensive experience in a risk and control-oriented role.
• Proven experience using formal risk and control assessment methodology.
• Strong understanding of information risk management topics and disciplines.
• Ability to balance technical security knowledge with business risk priorities.
• Advanced communication, stakeholder management, and cross-functional collaboration skills.
• Familiarity with GRC platforms (e.g., ServiceNow GRC, Archer).
• Strong analytical and problem-solving skills.
• Education: Bachelor's degree in Information Security, Computer Science, or a related field. Advanced degree preferred.
• Experience: Minimum of 8-10 years of experience in information security risk management, with at least 5 years in a leadership role.
• Certifications: Relevant certifications such as CISSP, CISA, CISM, or CRISC are highly desirable.
• Technical Knowledge: Familiarity with security architecture, cloud security (AWS and Azure), and modern security technologies.

Salary Range: $145,000.00 - $193,300.00

This hiring range is a reasonable estimate of the base pay range for this position at the time of posting.  Pay is based on a number of factors which may include job-related knowledge, skills, experience, business requirements and geographic location

What We Offer

By choice, we don’t simply accept individuality – we embrace it, we support it, and we thrive on it! Our People First Culture celebrates diversity, equity and inclusion not simply because it’s the right thing to do, but also because it’s the key to our success. We are proud to foster an authentic and inclusive workplace For All. You are free and encouraged to bring your entire, unique self to work. First American is an equal opportunity employer in every sense of the term.

Based on eligibility, First American offers a comprehensive benefits package including medical, dental, vision, 401k, PTO/paid sick leave and other great benefits like an employee stock purchase plan.