Hi there. Great question.
In finance, there are many ways of describing risk. The main one, which you stated, is known as standard deviation. Standard deviation is how much the return of an investment fluctuates from the mean return.
Variance is actually just Standard Deviation squared.
In finance, there are other ways of measuring risk outside of these statistical norms.
For example, systematic risk, is the risk that ALL of the stocks in the market are exposed to (interest rate risk, for example).
Firm-specific risk, as it states, relates directly to the nature of the business itself (scandals, death of CEO, etc).
For the sake of keeping things simple though, think of Standard Deviation as the main way to quantify a security's risk; and variance is simply that number, squared. Hope this helps.