Senior Manager - Digital Risk (Remote)

Connecting People. Uniting the World. There’s never been a more exciting time to join United Airlines! As a global company that operates in hundreds of locations around the world — with millions of customers and tens of thousands of employees — we have a unique responsibility to uplift and provide opportunities in the places where we work, live and fly.

We’re on a path to becoming the best airline in aviation history. Join our Cybersecurity and Digital Risk (CDR) team to help lead the industry in cyber safety, security and resilience. United's CDR team plays a critical role in protecting our operations by enabling secure and resilient systems, managing threats and vulnerabilities, and ensuring swift response and recovery. Our mission is to seamlessly embed cybersecurity and digital risk management into every aspect of our business. We help drive progress and growth through trusted digital solutions, safeguarding assets and empowering our team, all while promoting a cyber-safe and secure environment that supports resilient airline operations.

United offers a competitive benefits package aimed at keeping you happy, healthy, and well-traveled. From employee-run "Business Resource Group" communities to world-class benefits like parental leave, 401(k), and privileges like space-available travel, United is truly a one-of-a-kind place to work. Are you ready to travel the world and help us keep our airline cyber safe? Apply today!

Job overview and responsibilities

The Senior Manager, Digital Risk supports the Director of Digital Risk & Resiliency in executing the airline's cyber risk management program. This role is responsible for building up the risk management program, conducting enterprise-wide risk assessments, maintaining risk documentation, and tracking risk treatment activities across the digital enterprise. The Senior Manager partners with cross-functional teams to identify, analyze, and prioritize cyber risks while producing actionable insights for leadership decision-making. This position requires strong analytical skills, expertise in risk methodologies, and the ability to translate technical vulnerabilities into business-focused risk narratives.

• Lead and mentor a team of risk analysts by setting clear goals, and providing coaching and feedback that strengthens the teams’ technical capabilities and enables professional growth
• Develop and maintain the enterprise cyber risk register, risk and controls matrix, and risk treatment processes to ensure accurate documentation of risk ownership, mitigation strategies, and remediation tracking, while producing risk reports, dashboards, and metrics that provide leadership with actionable insights into the organization's cyber risk posture
• Develop and conduct enterprise cyber risk assessments for the digital enterprise to identify, analyze, and prioritize cybersecurity risks and translate results into clear business impact and organizational actions
• Lead organization-wide GRC initiatives in partnership with risk management, digital technology, operations and cybersecurity teams
• Partner with business units during solutions onboarding to ensure adequate controls are in place and enabled
• Drive continuous improvement of the cyber risk management program by establishing repeatable processes and leveraging automation and AI-enabled analytics to enhance risk identification, prioritization, and team effectiveness

What’s needed to succeed (Minimum Qualifications):

• Bachelor's degree required
• 5+ years of related experience, including managing a team at various levels of skill, experience, and education  
• Experience in building out a cybersecurity risk management program, with prior experience in the governance, risk and compliance (GRC) space within information security
• Strong understanding of risk assessment methodologies including qualitative and quantitative risk analysis techniques
• Experience maintaining enterprise risk registers and producing executive-level risk reports and dashboards
• Proficiency in translating technical security findings into business risk language for non-technical stakeholders
• Comfortable leading change management
• Must be legally authorized to work in the United States for any employer without sponsorship
• Successful completion of interview required to meet job qualification
• Reliable, punctual attendance is an essential function of the position

What will help you propel from the pack (Preferred Qualifications):

• Master's degree in Cybersecurity, Engineering, Public Policy, Information Technology, or related field experience
• Certifications like CISA, CIPT, CRISC, CISSP, CISM
• 7+ years of related experience
• Experience with GRC/IRM platforms (e.g., ServiceNow GRC) for risk workflow automation and reporting
• Familiarity with compliance frameworks including NIST CSF, ISO 27001/27002, SOC 2, PCI DSS, or TSA cybersecurity directives
• Experience in aviation, transportation, or critical infrastructure industries

Posting End date: 4/25/2026