Companies are often susceptible to uncertainties which can disturb the achievement of their objectives. The effect of these uncertainties can be perceived as risk that will be taken. A healthful company have to anticipate undesired events by defining a process for managing risks. Risk management processes are responsible for identifying, analyzing and evaluating risky scenarios and whether they should undergo control in order to satisfy a previously defined risk criteria. Risk specialists have to consider, at the same time, many operational aspects (decision variables) and objectives to decide which and when risk treatments have to be executed. In line with that, most companies select risks to be treated by using expertise of human specialists or simple sorting heuristics based on the believed impact. Companies have limited resources (e.g. human and financial resources) and risk treatments have costs which the selection process has to deal with. Aiming to balancing the competition between risk and resource management this paper proposes a new optimization step within the standard risk management methodology created by the International Organization for Standardization (a.k.a. ISO). To test the resulted methodology, experiments based on the Non-dominated Sorting Genetic Algorithm (more specifically NSGA-II) were performed aiming to manage risk and resources of a simulated company. Results show us that the proposed approach can deal with multiple conflicting objectives reducing the risk exposure time by selecting risks to be treated according their impact and available resources.