The world is constantly changing, and threats from bad actors and foreign adversaries are continuously evolving. Sarah Ellis is the Associate Director of The National Risk Management Center, founded in 2018 by the Cybersecurity and Infrastructure Security Agency (CISA). The NRMC team plays a crucial role in shaping a safer future for the nation.

The NRMC’s Mission

Ellis leads a group that looks at strategy, performance, and resources within the National Risk Management Center. “I like to say that we identify who we want to be when we grow up,” Ellis explained. “We make sure we have the policy authority and resources in place to enable that mission. And then on the backside, we see, ‘Did we do what we set out to do?‘”

Their goal is to be as effective and efficient in the mission as possible. Since its inception, the NRMC has provided strategic risk analysis for critical infrastructure. “Our goal is to provide actionable risk analysis, both to CISA and then broadly to the American people,” Ellis shared.

That starts with identifying the owners and operators responsible for the critical infrastructure most essential to communities across the nation. “Those are the people that are making critical security decisions to enhance security and resilience,” she said, explaining that once identified, CISA works with them to address any issues.

The Risk Management Process

Risk management, at its core, is a basic decision management and planning process. The NRMC works to identify concerns and provide options on how best to address those risks. “And then once you have selected and implemented a mitigation, how effective have you been in implementing that mitigation?” she expanded.

With security and resilience resources limited in both the public and private sector, the NRMC’s ability to step in as a federal government partner is critical to local communities. “People don’t want to spend money on mitigating risk that won’t matter to their bottom line and won’t matter to the security of their communities,” Ellis explained. “We help them prioritize what they need to look at and identify and address those risks that are most likely or most consequential should they happen.”

Actionable Steps to Mitigate Risk

Once the risks are identified, the NRMC provides actionable risk mitigation strategies to state and local governments and the private sector to make critical infrastructure more secure. To do so, CISA needs the right candidates. “I need people who are passionate about the mission, who are interested in solving novel problems and who are really interested in serving on behalf of the American community,” Ellis shared.

“We have so many diverse problems that we’re addressing, and everything that we do is novel. So that creative thinking, that willingness to dig in—that initiative is essential for us.” A natural sense of curiosity is also ideal, as the NRMC is so heavily involved in data that they need people who are willing to work with an ever-expanding and evolving influx of information.

A Dedicated Career

Ellis has been with CISA and its predecessor organization since 2009. “And no day between now and then has been the same,” she said. “That’s why I love my job, because I’ve learned so much about GPS, elections, pipelines and earthquakes, and just a strong diversity of things.”

CISA’s National Risk Management Center stands as a vital force in safeguarding the nation’s critical infrastructure, exemplifying the importance of strategic risk analysis in an ever-shifting threat landscape.


Defend today, secure tomorrow.

Learn more about CISA.

Explore careers at CISA.




SPONSORED CONTENT: This content is written on or behalf of our Sponsor.

Related News, the largest security-cleared career network, specializes in defense jobs for professionals with security clearances. Search thousands of jobs from pre-screened, registered defense industry employers.