Cybersecurity Risk & Resilience Manager at Cerus
Concord, CaliforniaFull-timeInformation TechnologyPosted 25 days ago
About the Role
<div class="content-intro"><p><span style="font-family: 'times new roman', times, serif; font-size: 12pt;"><strong>About Cerus:</strong></span></p>
<p><span style="font-family: 'times new roman', times, serif; font-size: 12pt;">Cerus aims to be the global leader and trusted partner of blood centers and hospitals whose technology, services, and commitment are the lifeblood of safe and accessible blood for patients around the world.</span></p></div><p><span style="font-size: 12pt; font-family: 'times new roman', times, serif;">This is a hybrid opportunity where you'll work out of our Concord, CA office twice a week.</span></p>
<p><span style="font-size: 12pt; font-family: 'times new roman', times, serif;"><strong>About the Role</strong></span></p>
<p><span style="font-size: 12pt; font-family: 'times new roman', times, serif;">Cerus is seeking a pragmatic, business-minded Cybersecurity Risk & Resilience Manager to help strengthen and mature our cybersecurity program. As the company continues to scale globally and adopt new digital capabilities, including AI-powered tools, automation, and agentic workflows, the need to manage cyber risk thoughtfully, proactively, and in a business-aligned way has never been greater.</span></p>
<p><span style="font-size: 12pt; font-family: 'times new roman', times, serif;">This role sits at the intersection of cybersecurity risk, governance, preparedness, and corporate communication. Working closely with IT leadership, this role will help shape Cerus’ cybersecurity posture, maintain core policies and standards, oversee key risk management processes, and develop reporting for executive leadership.</span></p>
<p><span style="font-size: 12pt; font-family: 'times new roman', times, serif;">This is a high-impact individual contributor role for someone who can balance strategic thinking with practical execution. The right candidate will be comfortable operating in a lean environment, building programs incrementally, partnering across functions, and helping the business move forward securely and responsibly.</span></p>
<p><span style="font-size: 12pt; font-family: 'times new roman', times, serif;">This is not primarily a security engineering or hands-on incident response role. This role is focused on building and maturing the governance, risk, oversight, and preparedness capabilities that will allow the cybersecurity program to scale effectively.</span></p>
<p><span style="font-size: 12pt; font-family: 'times new roman', times, serif;"><strong>Key Responsibilities</strong></span></p>
<ul>
<li style="font-size: 12pt; font-family: 'times new roman', times, serif;"><span style="font-size: 12pt; font-family: 'times new roman', times, serif;">Help shape and mature Cerus’ cybersecurity program, including risk management practices, governance processes, policies, standards, and roadmap priorities.</span></li>
<li style="font-size: 12pt; font-family: 'times new roman', times, serif;"><span style="font-size: 12pt; font-family: 'times new roman', times, serif;">Develop and maintain a practical framework for assessing cybersecurity risks associated with AI tools, agentic workflows, automation platforms, and other emerging technologies.</span></li>
<li style="font-size: 12pt; font-family: 'times new roman', times, serif;"><span style="font-size: 12pt; font-family: 'times new roman', times, serif;">Partner with IT, Legal, Procurement, and business stakeholders to evaluate new technologies, vendors, and business initiatives, ensuring cybersecurity and data protection risks are identified and addressed appropriately.</span></li>
<li style="font-size: 12pt; font-family: 'times new roman', times, serif;"><span style="font-size: 12pt; font-family: 'times new roman', times, serif;">Own the lifecycle of cybersecurity policies, standards, and procedures, including drafting, review, approval, communication, and periodic refresh.</span></li>
<li style="font-size: 12pt; font-family: 'times new roman', times, serif;"><span style="font-size: 12pt; font-family: 'times new roman', times, serif;">Conduct cybersecurity risk assessments to identify control gaps, prioritize remediation, and support continuous improvement of the company’s security posture.</span></li>
<li style="font-size: 12pt; font-family: 'times new roman', times, serif;"><span style="font-size: 12pt; font-family: 'times new roman', times, serif;">Develop and maintain cybersecurity reporting for executive leadership, translating technical and operational risks into clear, business-relevant metrics, themes, and recommendations.</span></li>
<li style="font-size: 12pt; font-family: 'times new roman', times, serif;"><span style="font-size: 12pt; font-family: 'times new roman', times, serif;">Evolve cybersecurity KPI reporting to provide trend-based visibility into risk posture, control effectiveness, and remediation progress.</span></li>
<li style="font-size: 12pt; font-family: 'times new roman', times, serif;"><span style="font-size: 12pt; font-family: 'times new roman', times, serif;">Lead the company’s third-party cybersecurity risk management program for critical vendors, service providers, and business partners, including risk tiering, due diligence, assessment workflows, ongoing monitoring, and issue tracking.</span></li>
<li style="font-size: 12pt; font-family: 'times new roman', times, serif;"><span style="font-size: 12pt; font-family: 'times new roman', times, serif;">Partner with Procurement, Legal, IT, and business stakeholders to ensure cybersecurity expectations are incorporated into vendor evaluations, onboarding, renewals, and contract terms for critical third parties.</span></li>
<li style="font-size: 12pt; font-family: 'times new roman', times, serif;"><span style="font-size: 12pt; font-family: 'times new roman', times, serif;">Provide governance and oversight for vulnerability management activities, including risk-based prioritization, remediation expectations, exception tracking, and leadership reporting in partnership with internal IT staff and external providers.</span></li>
<li style="font-size: 12pt; font-family: 'times new roman', times, serif;"><span style="font-size: 12pt; font-family: 'times new roman', times, serif;">Coordinate external penetration testing and related security assessments as needed, including scoping, vendor oversight, findings review, and remediation tracking.</span></li>
<li style="font-size: 12pt; font-family: 'times new roman', times, serif;"><span style="font-size: 12pt; font-family: 'times new roman', times, serif;">Design, coordinate, and facilitate cybersecurity tabletop exercises for IT, business leadership, and cross-functional stakeholders, and drive follow-up actions based on lessons learned.</span></li>
<li style="font-size: 12pt; font-family: 'times new roman', times, serif;"><span style="font-size: 12pt; font-family: 'times new roman', times, serif;">Support incident readiness and response coordination by helping document roles, escalation paths, communications, and post-event follow-up in partnership with internal teams and external specialists as needed.</span></li>
<li style="font-size: 12pt; font-family: 'times new roman', times, serif;"><span style="font-size: 12pt; font-family: 'times new roman', times, serif;">Lead the evolution of the company’s security awareness program, including phishing simulations, training oversight, completion tracking, and effectiveness reporting.</span></li>
<li style="font-size: 12pt; font-family: 'times new roman', times, serif;"><span style="font-size: 12pt; font-family: 'times new roman', times, serif;">Support cybersecurity-related audit and control activities, business requirements, and regulatory obligations.</span></li>
</ul>
<p><span style="font-size: 12pt; font-family: 'times new roman', times, serif;"><strong>Qualifications</strong></span></p>
<ul>
<li style="font-size: 12pt; font-family: 'times new roman', times, serif;"><span style="font-size: 12pt; font-family: 'times new roman', times, serif;">6-10 years of experience in cybersecurity, information security, IT risk, security program management, or a related field.</span></li>
<li style="font-size: 12pt; font-family: 'times new roman', times, serif;"><span style="font-size: 12pt; font-family: 'times new roman', times, serif;">Meaningful experience in governance, risk, compliance, or security program leadership within a small or mid-sized organization.</span></li>
<li style="font-size: 12pt; font-family: 'times new roman', times, serif;"><span style="font-size: 12pt; font-family: 'times new roman', times, serif;">Strong working knowledge of cybersecurity risk management, control frameworks, policy development, incident preparedness, and third-party risk management.</span></li>
<li style="font-size: 12pt; font-family: 'times new roman', times, serif;"><span style="font-size: 12pt; font-family: 'times new roman', times, serif;">Experience preparing executive-quality reporting and written materials that translate complex technical or operational risks into concise, actionable business language.</span></li>
<li style="font-size: 12pt; font-family: 'times new roman', times, serif;"><span style="font-size: 12pt; font-family: 'times new roman', times, serif;">Familiarity with cybersecurity risks related to AI, automation, SaaS platforms, cloud services, and emerging technologies.</span></li>
<li style="font-size: 12pt; font-family: 'times new roman', times, serif;"><span style="font-size: 12pt; font-family: 'times new roman', times, serif;">Experience coordinating or supporting vulnerability management, external assessments, penetration testing, or related remediation efforts.</span></li>
<li style="font-size: 12pt; font-family: 'times new roman', times, serif;"><span style="font-size: 12pt; font-family: 'times new roman', times, serif;">Experience supporting audits, control reviews, or compliance-related activities.</span></li>
<li style="font-size: 12pt; font-family: 'times new roman', times, serif;"><span style="font-size: 12pt; font-family: 'times new roman', times, serif;">Strong written and verbal communication skills, with the ability to influence stakeholders across technical, operational, and executive audiences.</span></li>
<li style="font-size: 12pt; font-family: 'times new roman', times, serif;"><span style="font-size: 12pt; font-family: 'times new roman', times, serif;">Strong organizational and project management skills, with the ability to operate independently, prioritize effectively, and build programs incrementally in a lean environment.</span></li>
</ul>
<p> </p>
<p><span style="font-family: 'times new roman', times, serif; font-size: 12pt;">We understand that our people are essential to our success. This philosophy is revealed in our competitive benefits package, designed to improve employees’ lives both on and off the job.</span></p>
<p><span style="font-family: 'times new roman', times, serif; font-size: 12pt;"><strong> Benefits plans</strong>: medical, dental, vision, domestic partner benefits, paid maternity and paternity leaves, healthcare and dependent care flexible spending, life and accidental death insurance, long-term and short-term disability insurance, matching 401(k), RSUs</span></p>
<p><span style="font-family: 'times new roman', times, serif; font-size: 12pt;"><strong> Work and family</strong>: EAP, legal and financial services, health club membership discounts, tuition reimbursement</span></p>
<p><span style="font-family: 'times new roman', times, serif; font-size: 12pt;"><span style="margin: 0px; padding: 0px; font-weight: bolder;"><span style="margin: 0px; padding: 0px; line-height: 17.12px;">Compensation<strong>:</strong> </span></span><span style="margin: 0px; padding: 0px;"><span style="margin: 0px; padding: 0px; line-height: 17.12px;">The base salary range for this position in the selected city is $154,000-$187,000 annually<span style="margin: 0px; padding: 0px; color: red;">.<span style="margin: 0px; padding: 0px;"> </span></span>Base pay is one part of the total package to compensate and recognize employees for their work.</span></span></span></p>
<p> </p>
<p><span style="font-family: 'times new roman', times, serif; font-size: 12pt;">All qualified applicants will receive consideration for employment without regard to race, sex, color, religion, sexual orientation, gender identity, national origin, protected veteran status, or on the basis of disability. </span></p>
<p><span style="font-family: 'times new roman', times, serif; font-size: 12pt;"><span style="margin: 0px; padding: 0px;"><span style="margin: 0px; padding: 0px; line-height: 17.12px;"> </span></span></span></p>
Related Roles
Analytical Operations Director / Sr. Analytical Operations Director
Cerus
Concord, CaliforniaCerus Talent Community
Cerus
Concord, CAEngineer, GSD Identity and Access Management (Bangkok-based)
Agoda
Bangkok, ThailandTechnical Program Manager, IT Transformation
CoreWeave
Livingston, NJ / New York, NY / Sunnyvale, CA / San Francisco, CA / Bellevue, WAProduct Manager, Finance
CoreWeave
Livingston, NJ / New York, NY / Sunnyvale, CA / San Francisco, CA / Bellevue, WALead Data Science (Bangkok based, Relocation provided)
Agoda
Bangkok (Central World Office)