ZipRecruiter

Log In

1

Cyber Risk Analyst Jobs in California (NOW HIRING)

Apogee Global RMS

Risk Analyst

San Jose, CA · On-site +1

The firm operates on the Nexus of Risk thesis: that cyber, physical, and human capital risks are ... ABOUT RRAG The Rogue Risk Analysis Group is Apogee's risk intelligence and analyst research arm.

Apogee Global RMS

Risk Analyst

San Jose, CA · Remote

The firm operates on the Nexus of Risk thesis: that cyber, physical, and human capital risks are ... ABOUT RRAG The Rogue Risk Analysis Group is Apogee's risk intelligence and analyst research arm.

Lockheed Martin

Cyber Sys Secur Engr Sr

Palmdale, CA · On-site

$85.25 - $104.75/hr

... risk analyses and security assessments, and evaluate applicability of Security Technical ... cyber tools for enterprise security, vulnerability scanning and network monitoring - Strong ...

next page

Showing results 1-20

People also search for

All JobsCyber Risk Analyst JobsCyber Risk Analyst Jobs in California

Cyber Risk Analyst information

See California salary details

$43.9K

$106.1K

$149K

How much do cyber risk analyst jobs pay per year?

As of May 30, 2026, the average yearly pay for cyber risk analyst in California is $106,114.00, according to ZipRecruiter salary data. Most workers in this role earn between $90,300.00 and $124,800.00 per year, depending on experience, location, and employer.

What are the key skills and qualifications needed to thrive as a Cyber Risk Analyst, and why are they important?

To thrive as a Cyber Risk Analyst, you need a solid understanding of information security principles, risk assessment methodologies, and often a degree in cybersecurity, computer science, or a related field. Familiarity with risk management frameworks (such as NIST or ISO 27001), vulnerability assessment tools, and security information and event management (SIEM) systems is typically required, along with certifications like CISSP or CISM. Analytical thinking, attention to detail, and strong communication skills are essential soft skills for this role. These competencies ensure accurate identification, evaluation, and mitigation of cyber risks to protect organizational assets and maintain regulatory compliance.

How does a Cyber Risk Analyst typically collaborate with other departments to improve an organization's security posture?

Cyber Risk Analysts work closely with various departments, such as IT, compliance, and business units, to identify and assess potential security threats. They often facilitate risk assessments, conduct training sessions to raise awareness, and help develop incident response plans. Regular communication and collaboration are essential, as analysts must ensure that security recommendations align with business goals and regulatory requirements. This cross-functional teamwork creates a more resilient security environment and helps integrate cybersecurity best practices throughout the organization.

What does a Cyber Risk Analyst do?

A Cyber Risk Analyst is responsible for identifying, assessing, and mitigating risks related to an organization's information systems and digital assets. They analyze potential threats, evaluate the effectiveness of security measures, and recommend strategies to protect against cyberattacks. Their work often includes conducting risk assessments, monitoring security controls, and ensuring compliance with industry regulations to help safeguard sensitive data and maintain business continuity.

What is the difference between Cyber Risk Analyst vs Cyber Security Analyst?

AspectCyber Risk AnalystCyber Security Analyst
CertificationsCertified Information Systems Security Professional (CISSP), Certified Risk and Information Systems Control (CRISC)CompTIA Security+, Certified Ethical Hacker (CEH)
Work EnvironmentRisk assessment, policy development, complianceNetwork monitoring, threat detection, incident response
Employer & IndustryFinancial, healthcare, government sectors focusing on risk managementIT departments, cybersecurity firms, tech companies

While both roles focus on cybersecurity, a Cyber Risk Analyst primarily assesses and manages potential risks to an organization’s information assets, whereas a Cyber Security Analyst concentrates on defending systems from threats and responding to security incidents. The roles often overlap but differ in their core focus areas.

What are popular job titles related to Cyber Risk Analyst jobs in California? For Cyber Risk Analyst jobs in California, the most frequently searched job titles are:
What job categories do people searching Cyber Risk Analyst jobs in California look for? The top searched job categories for Cyber Risk Analyst jobs in California are:
Cyber Risk Analyst jobs near you
Infographic showing various Cyber Risk Analyst job openings in California as of May 2026, with employment types broken down into 90% Full Time, and 10% Contract. Highlights an 80% In-person, 10% Hybrid, and 10% Remote job distribution, with an average salary of $106,114 per year, or $51 per hour.

Risk Analyst

Apogee Global RMS

San Jose, CA • On-site, Remote

Contractor

Posted 8 days ago

Job description

ABOUT APOGEE
Apogee Global RMS, LLC is a practitioner-led integrated enterprise risk management firm headquartered in San Jose, California. The firm operates on the Nexus of Risk thesis: that cyber, physical, and human capital risks are causally interconnected and must be governed as a unified discipline rather than treated as siloed verticals. Apogee serves North American small and mid-market enterprises and public sector clients across financial services, healthcare, professional services, technology, and education. The firm holds federal SDVOSB and California DVBE certifications.
ABOUT RRAG
The Rogue Risk Analysis Group is Apogee's risk intelligence and analyst research arm. RRAG produces subscription advisory products, sector briefings, and intelligence assessments grounded in the proprietary Nexus of Risk framework (12 domains across causal, consequence, and environmental tiers). The team's work supports client advisory engagements, executive briefings, and the firm's broader thought leadership program, including the Risk Apogee podcast and the RRAG webinar series.
POSITION SUMMARY
Apogee is engaging contract Risk Analysts at the journeyman level to expand RRAG's research and production capacity. The Risk Analyst is a proficient practitioner who can scope, research, and deliver written analytical products with limited supervision. The role reports to the Team Leader, RRAG, and collaborates with Apogee's Senior Risk Advisors and the firm's Cyber and Physical Risk practice.
This is a contract engagement structured for analysts who want substantive research work tied to a published product line, without the overhead of a full-time billet.
KEY RESPONSIBILITIES
  • Conduct primary and open-source intelligence research across one or more of the 12 Nexus of Risk domains: cyber, physical security, people, operational, financial, technology, safety, strategic, reputation, compliance and regulatory, supply chain, and geopolitical.
  • Produce written analytical products including flat-rate client advisories, sector briefings, alert notifications, and content for subscription-tier deliverables.
  • Apply structured analytic techniques to evaluate likelihood, impact, and intersection effects across risk domains, consistent with the Nexus of Risk methodology.
  • Use the Tacilent platform and adjacent intelligence tooling to support research workflows, evidence tracking, and product publication.
  • Maintain analytical rigor consistent with the Nexus of Risk taxonomy and Apogee editorial standards, including academic register in framework references and clear separation between framework content and illustrative examples.
  • Contribute research inputs to RRAG-supported assets, including the Risk Apogee podcast, the RRAG webinar series, and LinkedIn distribution content.
  • Participate in weekly editorial planning and product review with the RRAG team.

Requirements
REQUIRED QUALIFICATIONS
  • Three to seven years of professional experience in risk analysis, intelligence analysis, cybersecurity research, threat intelligence, geopolitical analysis, or a directly related research function.
  • Bachelor's degree in a relevant field, such as intelligence studies, security studies, international relations, computer science, risk management, criminal justice, public policy, or comparable.
  • Demonstrated portfolio of written analytical products. Candidates should be prepared to share two to three sanitized writing samples.
  • Working command of at least one Nexus domain, with analytical literacy across adjacent domains.
  • Proficiency with OSINT methods, source evaluation, and structured sourcing.
  • Strong written English. Ability to write to a defined editorial voice and to revise efficiently against feedback.
  • Capacity to operate independently on contract, manage deliverable timelines, and communicate proactively with the Team Leader, RRAG.

PREFERRED QUALIFICATIONS
  • Working knowledge of one or more risk management frameworks, such as NIST Cybersecurity Framework 2.0, NIST AI Risk Management Framework, ISO 31000, ISO 27001, COSO ERM, CMMC 2.0, or FAIR.
  • Prior experience in government, intelligence community, military, law enforcement, or regulated industry settings.
  • Relevant certifications, including but not limited to CISSP, CISM, CRISC, CFE, PSP, CPP, Security+, GIAC, or recognized intelligence analyst credentials.
  • Experience producing subscription-based intelligence or commercial advisory products.
  • Comfort with platform-based analytical workflows and AI-assisted research tooling.
  • Experience supporting executive or board-level audiences.

ENGAGEMENT TERMS
  • Contract role, structured as 1099 or W-2 contractor depending on jurisdiction and analyst preference.
  • Remote within the United States. Occasional travel for client engagements or firm offsites at Apogee expense.
  • Hourly or project-based compensation, market-competitive and commensurate with experience and domain depth.
  • Initial engagement scoped at six months, with renewal contingent on deliverable performance and ongoing product demand.
  • Apogee retains exclusive ownership of work product. Standard contractor confidentiality, non-disclosure, and intellectual property provisions apply.

Benefits
FIRM VALUES
Excellence. Accountability. Integrity. Partnership.
HOW TO APPLY
Submit a current resume, two to three writing samples (sanitized as needed), and a one-paragraph statement of risk domain emphasis to information@apogeeglobalrms.com with the subject line "RRAG Risk Analyst Contract Application." Applications are reviewed on a rolling basis.

Apply