Cybersecurity Risk & Resilience Manager

This is a hybrid opportunity where you'll work out of our Concord, CA office twice a week.

About the Role

Cerus is seeking a pragmatic, business-minded Cybersecurity Risk & Resilience Manager to help strengthen and mature our cybersecurity program. As the company continues to scale globally and adopt new digital capabilities, including AI-powered tools, automation, and agentic workflows, the need to manage cyber risk thoughtfully, proactively, and in a business-aligned way has never been greater.

This role sits at the intersection of cybersecurity risk, governance, preparedness, and corporate communication. Working closely with IT leadership, this role will help shape Cerus’ cybersecurity posture, maintain core policies and standards, oversee key risk management processes, and develop reporting for executive leadership.

This is a high-impact individual contributor role for someone who can balance strategic thinking with practical execution. The right candidate will be comfortable operating in a lean environment, building programs incrementally, partnering across functions, and helping the business move forward securely and responsibly.

This is not primarily a security engineering or hands-on incident response role. This role is focused on building and maturing the governance, risk, oversight, and preparedness capabilities that will allow the cybersecurity program to scale effectively.

Key Responsibilities

• Help shape and mature Cerus’ cybersecurity program, including risk management practices, governance processes, policies, standards, and roadmap priorities.
• Develop and maintain a practical framework for assessing cybersecurity risks associated with AI tools, agentic workflows, automation platforms, and other emerging technologies.
• Partner with IT, Legal, Procurement, and business stakeholders to evaluate new technologies, vendors, and business initiatives, ensuring cybersecurity and data protection risks are identified and addressed appropriately.
• Own the lifecycle of cybersecurity policies, standards, and procedures, including drafting, review, approval, communication, and periodic refresh.
• Conduct cybersecurity risk assessments to identify control gaps, prioritize remediation, and support continuous improvement of the company’s security posture.
• Develop and maintain cybersecurity reporting for executive leadership, translating technical and operational risks into clear, business-relevant metrics, themes, and recommendations.
• Evolve cybersecurity KPI reporting to provide trend-based visibility into risk posture, control effectiveness, and remediation progress.
• Lead the company’s third-party cybersecurity risk management program for critical vendors, service providers, and business partners, including risk tiering, due diligence, assessment workflows, ongoing monitoring, and issue tracking.
• Partner with Procurement, Legal, IT, and business stakeholders to ensure cybersecurity expectations are incorporated into vendor evaluations, onboarding, renewals, and contract terms for critical third parties.
• Provide governance and oversight for vulnerability management activities, including risk-based prioritization, remediation expectations, exception tracking, and leadership reporting in partnership with internal IT staff and external providers.
• Coordinate external penetration testing and related security assessments as needed, including scoping, vendor oversight, findings review, and remediation tracking.
• Design, coordinate, and facilitate cybersecurity tabletop exercises for IT, business leadership, and cross-functional stakeholders, and drive follow-up actions based on lessons learned.
• Support incident readiness and response coordination by helping document roles, escalation paths, communications, and post-event follow-up in partnership with internal teams and external specialists as needed.
• Lead the evolution of the company’s security awareness program, including phishing simulations, training oversight, completion tracking, and effectiveness reporting.
• Support cybersecurity-related audit and control activities, business requirements, and regulatory obligations.

Qualifications

• 6-10 years of experience in cybersecurity, information security, IT risk, security program management, or a related field.
• Meaningful experience in governance, risk, compliance, or security program leadership within a small or mid-sized organization.
• Strong working knowledge of cybersecurity risk management, control frameworks, policy development, incident preparedness, and third-party risk management.
• Experience preparing executive-quality reporting and written materials that translate complex technical or operational risks into concise, actionable business language.
• Familiarity with cybersecurity risks related to AI, automation, SaaS platforms, cloud services, and emerging technologies.
• Experience coordinating or supporting vulnerability management, external assessments, penetration testing, or related remediation efforts.
• Experience supporting audits, control reviews, or compliance-related activities.
• Strong written and verbal communication skills, with the ability to influence stakeholders across technical, operational, and executive audiences.
• Strong organizational and project management skills, with the ability to operate independently, prioritize effectively, and build programs incrementally in a lean environment.

We understand that our people are essential to our success.  This philosophy is revealed in our competitive benefits package, designed to improve employees’ lives both on and off the job.

Benefits plans: medical, dental, vision, domestic partner benefits, paid maternity and paternity leaves, healthcare and dependent care flexible spending, life and accidental death insurance, long-term and short-term disability insurance, matching 401(k), RSUs

Work and family: EAP, legal and financial services, health club membership discounts, tuition reimbursement

Compensation: The base salary range for this position in the selected city is $154,000-$187,000 annually. Base pay is one part of the total package to compensate and recognize employees for their work.

All qualified applicants will receive consideration for employment without regard to race, sex, color, religion, sexual orientation, gender identity, national origin, protected veteran status, or on the basis of disability.