Responsibilities : • Lead cyber and technology risk assessments across systems, cloud ... analysis approaches such as FAIR to improve how risk is measured and communicated. • Prepare ...
Responsibilities : • Lead cyber and technology risk assessments across systems, cloud ... analysis approaches such as FAIR to improve how risk is measured and communicated. • Prepare ...
Senior Risk & Compliance Analyst
$130K - $170K/yr
Lead cyber and technology risk assessments across systems, cloud environments, business processes ... Prepare materials and analysis to support the Cyber Risk Committee and executive risk reporting.
Senior Risk & Compliance Analyst
$130K - $170K/yr
Lead cyber and technology risk assessments across systems, cloud environments, business processes ... Prepare materials and analysis to support the Cyber Risk Committee and executive risk reporting.
Senior Risk & Compliance Analyst
Boston, MA · On-site
$130K - $170K/yr
Lead cyber and technology risk assessments across systems, cloud environments, business processes ... Prepare materials and analysis to support the Cyber Risk Committee and executive risk reporting.
Senior Risk & Compliance Analyst
Boston, MA · On-site
$130K - $170K/yr
Lead cyber and technology risk assessments across systems, cloud environments, business processes ... Prepare materials and analysis to support the Cyber Risk Committee and executive risk reporting.
Senior Risk & Compliance Analyst
Boston, MA · On-site
$130K - $170K/yr
Lead cyber and technology risk assessments across systems, cloud environments, business processes ... Prepare materials and analysis to support the Cyber Risk Committee and executive risk reporting.
Senior Risk & Compliance Analyst
Boston, MA · On-site
$130K - $170K/yr
Lead cyber and technology risk assessments across systems, cloud environments, business processes ... Prepare materials and analysis to support the Cyber Risk Committee and executive risk reporting.
Senior Risk & Compliance Analyst
Boston, MA · On-site
$130K - $170K/yr
Lead cyber and technology risk assessments across systems, cloud environments, business processes ... Prepare materials and analysis to support the Cyber Risk Committee and executive risk reporting.
Quick apply
Senior Risk & Compliance Analyst
Boston, MA · On-site
$130K - $170K/yr
Lead cyber and technology risk assessments across systems, cloud environments, business processes ... Prepare materials and analysis to support the Cyber Risk Committee and executive risk reporting.
Partner as appropriate with other Forrester analysts on broader risk topics: risk quantification, third-party risk, systemic risk, compliance, and cyber risk. * Research/write/create approximately ...
Partner as appropriate with other Forrester analysts on broader risk topics: risk quantification, third-party risk, systemic risk, compliance, and cyber risk. * Research/write/create approximately ...
Partner as appropriate with other Forrester analysts on broader risk topics: risk quantification, third-party risk, systemic risk, compliance, and cyber risk. * Research/write/create approximately ...
Partner as appropriate with other Forrester analysts on broader risk topics: risk quantification, third-party risk, systemic risk, compliance, and cyber risk. * Research/write/create approximately ...
Quantifying risk posed by adversary cyber threats to key national security missions * Enhancing the ... Analyzing OT systems and systems that use OT, informed by both the missions they support and ...
Quantifying risk posed by adversary cyber threats to key national security missions * Enhancing the ... Analyzing OT systems and systems that use OT, informed by both the missions they support and ...
Quantifying risk posed by adversary cyber threats to key national security missions * Enhancing the ... Analyzing OT systems and systems that use OT, informed by both the missions they support and ...
Quantifying risk posed by adversary cyber threats to key national security missions * Enhancing the ... Analyzing OT systems and systems that use OT, informed by both the missions they support and ...
Quantifying risk posed by adversary cyber threats to key national security missions * Enhancing the ... Analyzing OT systems and systems that use OT, informed by both the missions they support and ...
Quantifying risk posed by adversary cyber threats to key national security missions * Enhancing the ... Analyzing OT systems and systems that use OT, informed by both the missions they support and ...
Head of Cyber & Information Security Oversight (SVP)
Boston, MA · On-site
$120K - $163K/yr
Establish an analytics capability to provide cyber risk insights, leveraging AI for greater effectiveness * Develop risk reports customized to the business needs of legal entities and regions to ...
Head of Cyber & Information Security Oversight (SVP)
Boston, MA · On-site
$120K - $163K/yr
Establish an analytics capability to provide cyber risk insights, leveraging AI for greater effectiveness * Develop risk reports customized to the business needs of legal entities and regions to ...
Head of Cyber & Information Security Oversight (SVP)
Boston, MA · On-site
$120K - $163K/yr
Establish an analytics capability to provide cyber risk insights, leveraging AI for greater effectiveness * Develop risk reports customized to the business needs of legal entities and regions to ...
Head of Cyber & Information Security Oversight (SVP)
Boston, MA · On-site
$120K - $163K/yr
Establish an analytics capability to provide cyber risk insights, leveraging AI for greater effectiveness * Develop risk reports customized to the business needs of legal entities and regions to ...
Senior Cybersecurity Risk Analyst - USA Remote
Boston, MA · Remote
$130K - $160K/yr
The Senior Cybersecurity Risk Analyst is responsible for executing third-party and supplier risk ... This role offers opportunities to work at the intersection of cyber risk, supply-chain integrity ...
Senior Cybersecurity Risk Analyst - USA Remote
Boston, MA · Remote
$130K - $160K/yr
The Senior Cybersecurity Risk Analyst is responsible for executing third-party and supplier risk ... This role offers opportunities to work at the intersection of cyber risk, supply-chain integrity ...
... Cyber use cases, aligned to enterprise risk priorities and frameworks (e.g., NIST CSF). Leverage ... Develop and operationalize analytics products including executive dashboards, strategic metrics ...
Quick apply
... Cyber use cases, aligned to enterprise risk priorities and frameworks (e.g., NIST CSF). Leverage ... Develop and operationalize analytics products including executive dashboards, strategic metrics ...
Designing data models for risk and controls domains, including key risk indicators, issues and ... analytics and dashboards. * Implementing data quality checks, lineage, metadata, and access ...
Designing data models for risk and controls domains, including key risk indicators, issues and ... analytics and dashboards. * Implementing data quality checks, lineage, metadata, and access ...
Establish and oversee an end-to-end cybersecurity risk management process that enables continuous identification, analysis, assessment, treatment, and monitoring of cyber and technology risks.
Establish and oversee an end-to-end cybersecurity risk management process that enables continuous identification, analysis, assessment, treatment, and monitoring of cyber and technology risks.
Establish and oversee an end-to-end cybersecurity risk management process that enables continuous identification, analysis, assessment, treatment, and monitoring of cyber and technology risks.
Establish and oversee an end-to-end cybersecurity risk management process that enables continuous identification, analysis, assessment, treatment, and monitoring of cyber and technology risks.
... risk and AI-enabled cyber workflows. The role involves designing production-grade pipelines and ... analytics and dashboards. • Implementing data quality checks, lineage, metadata, and access ...
... risk and AI-enabled cyber workflows. The role involves designing production-grade pipelines and ... analytics and dashboards. • Implementing data quality checks, lineage, metadata, and access ...
Cyber Strategy, Risk & Compliance - AI Engineering for Cybersecurity - Manager
Boston, MA · On-site
$99K - $232K/yr
... * Analyse and identify the linkages and interactions between the component parts of an entire ... The Opportunity As part of the Cyber Strategy, Risk & Compliance team, you will be at the forefront ...
Cyber Strategy, Risk & Compliance - AI Engineering for Cybersecurity - Manager
Boston, MA · On-site
$99K - $232K/yr
... * Analyse and identify the linkages and interactions between the component parts of an entire ... The Opportunity As part of the Cyber Strategy, Risk & Compliance team, you will be at the forefront ...
As a key member of the Security Risk & Audit team, the Technology Risk & Continuity Analyst ... and cyber events, and continually improving its security posture. We value individuals who are ...
Quick apply
As a key member of the Security Risk & Audit team, the Technology Risk & Continuity Analyst ... and cyber events, and continually improving its security posture. We value individuals who are ...
Cyber Risk Analyst information
See Massachusetts salary details
$48.6K - $59.2K
9% of jobs
$59.2K - $69.7K
2% of jobs
$69.7K - $80.3K
6% of jobs
$80.3K - $90.9K
1% of jobs
$95.2K is the 25th percentile. Wages below this are outliers.
$90.9K - $101.5K
17% of jobs
$101.5K - $112K
11% of jobs
The median wage is $116.3K / yr.
$112K - $122.6K
11% of jobs
$122.6K - $133.2K
17% of jobs
$135K is the 75th percentile. Wages above this are outliers.
$133.2K - $143.8K
10% of jobs
$143.8K - $154.3K
13% of jobs
$154.3K - $164.9K
4% of jobs
$48.6K
$117.4K
$164.9K
How much do cyber risk analyst jobs pay per year?
As of Jun 28, 2026, the average yearly pay for cyber risk analyst in Massachusetts is $117,427.00, according to ZipRecruiter salary data. Most workers in this role earn between $99,900.00 and $138,200.00 per year, depending on experience, location, and employer.
What does a Cyber Risk Analyst do?
A Cyber Risk Analyst is responsible for identifying, assessing, and mitigating risks related to an organization's information systems and digital assets. They analyze potential threats, evaluate the effectiveness of security measures, and recommend strategies to protect against cyberattacks. Their work often includes conducting risk assessments, monitoring security controls, and ensuring compliance with industry regulations to help safeguard sensitive data and maintain business continuity.
What is the difference between Cyber Risk Analyst vs Cyber Security Analyst?
| Aspect | Cyber Risk Analyst | Cyber Security Analyst |
|---|---|---|
| Certifications | Certified Information Systems Security Professional (CISSP), Certified Risk and Information Systems Control (CRISC) | CompTIA Security+, Certified Ethical Hacker (CEH) |
| Work Environment | Risk assessment, policy development, compliance | Network monitoring, threat detection, incident response |
| Employer & Industry | Financial, healthcare, government sectors focusing on risk management | IT departments, cybersecurity firms, tech companies |
While both roles focus on cybersecurity, a Cyber Risk Analyst primarily assesses and manages potential risks to an organization’s information assets, whereas a Cyber Security Analyst concentrates on defending systems from threats and responding to security incidents. The roles often overlap but differ in their core focus areas.
Can you make $500,000 a year in cyber security?
Cyber Risk Analysts typically earn salaries ranging from $70,000 to $150,000 annually, depending on experience, certifications, and location. Reaching a $500,000 annual salary generally requires senior roles such as Chief Information Security Officer (CISO) or executive-level positions, which involve broader responsibilities and leadership skills. High earnings in cybersecurity often depend on advanced expertise, industry demand, and strategic management roles.
Which country is no. 1 in cybersecurity?
As a Cyber Risk Analyst, understanding global cybersecurity leadership is important. The United States is often regarded as the leading country in cybersecurity due to its advanced infrastructure, government initiatives, and cybersecurity industry. However, other countries like Israel, the United Kingdom, and China also have strong cybersecurity capabilities and investments.
Is 40 too old for cyber security?
Cyber Risk Analysts and other cybersecurity professionals can successfully start or advance their careers at age 40 or older. Many employers value diverse experience and skills, and certifications like CISSP or CompTIA Security+ can enhance employability regardless of age.
What are the key skills and qualifications needed to thrive as a Cyber Risk Analyst, and why are they important?
To thrive as a Cyber Risk Analyst, you need a solid understanding of information security principles, risk assessment methodologies, and often a degree in cybersecurity, computer science, or a related field. Familiarity with risk management frameworks (such as NIST or ISO 27001), vulnerability assessment tools, and security information and event management (SIEM) systems is typically required, along with certifications like CISSP or CISM. Analytical thinking, attention to detail, and strong communication skills are essential soft skills for this role. These competencies ensure accurate identification, evaluation, and mitigation of cyber risks to protect organizational assets and maintain regulatory compliance.
How does a Cyber Risk Analyst typically collaborate with other departments to improve an organization's security posture?
Cyber Risk Analysts work closely with various departments, such as IT, compliance, and business units, to identify and assess potential security threats. They often facilitate risk assessments, conduct training sessions to raise awareness, and help develop incident response plans. Regular communication and collaboration are essential, as analysts must ensure that security recommendations align with business goals and regulatory requirements. This cross-functional teamwork creates a more resilient security environment and helps integrate cybersecurity best practices throughout the organization.
What does a cybersecurity risk analyst do?
A cybersecurity risk analyst evaluates an organization’s information systems to identify vulnerabilities and assess potential threats. They analyze security data, develop risk mitigation strategies, and often use tools like risk assessment frameworks and security software to protect digital assets and ensure compliance.
What are popular job titles related to Cyber Risk Analyst jobs in Massachusetts? For Cyber Risk Analyst jobs in Massachusetts, the most frequently searched job titles are:
What job categories do people searching Cyber Risk Analyst jobs in Massachusetts look for? The top searched job categories for Cyber Risk Analyst jobs in Massachusetts are:
Full-time
This job post has expired 1 day ago. Applications are no longer accepted.
Job description
Job Summary:
WHOOP is on a mission to unlock human performance and extend healthspan. The Senior Risk & Compliance Analyst will support the design and execution of the cyber risk management program, leading risk assessments and collaborating with various stakeholders to identify and mitigate technology and cybersecurity risks.
Responsibilities:
• Lead cyber and technology risk assessments across systems, cloud environments, business processes, and major initiatives, evaluating threats, vulnerabilities, control effectiveness, and residual risk.
• Maintain and operate the enterprise cyber risk register, including drafting risk statements, tracking mitigation plans, and supporting governance and reporting processes.
• Translate technical findings, architectural concerns, and control gaps into clear business risk scenarios that support prioritization and decision-making.
• Support and help mature quantitative cyber risk analysis approaches such as FAIR to improve how risk is measured and communicated.
• Prepare materials and analysis to support the Cyber Risk Committee and executive risk reporting.
• Partner with Security Architecture to assess risk in system designs, cloud architecture, identity models, data flows, and platform changes.
• Collaborate with Security Engineering, Product Security, Legal, IT, and business teams to evaluate new initiatives, technology changes, artificial intelligence use cases, and third-party integrations through a risk lens.
• Conduct risk assessments for emerging technologies including artificial intelligence and machine learning systems, evaluating data usage, model behavior, external dependencies, and security implications.
• Evaluate risks associated with the use of artificial intelligence technologies, including model behavior, data exposure, prompt or input manipulation, and external model dependencies.
• Develop dashboards and reporting that provide leadership with visibility into key cybersecurity risks and trends.
• Track mitigation progress and risk treatment activities to ensure accountability and clear documentation of outcomes.
• Contribute to the continued development of cyber risk management processes, methodologies, and governance practices across the GRC program.
Qualifications:
Required:
• 6+ years of experience in cybersecurity risk management, information security, technology risk, or a related field.
• Demonstrated experience conducting structured cybersecurity or IT risk assessments.
• Experience maintaining risk registers and tracking risk mitigation or treatment activities.
• Strong understanding of security frameworks such as NIST CSF, ISO 27001, or PCI DSS, and familiarity with regulatory environments such as GDPR, HIPAA or other privacy and data protection requirements.
• Ability to translate technical findings into clear business risk for non-technical stakeholders.
• Strong written and verbal communication skills with experience presenting findings to cross-functional teams.
• Experience working with engineering, architecture, legal, compliance, and business stakeholders.
• Experience assessing risks related to artificial intelligence, machine learning systems, or emerging technologies, including familiarity with emerging AI governance frameworks such as NIST AI RMF, ISO/IEC 42001, or similar standards.
Preferred:
• Professional certifications such as CRISC, CISSP, CISM, CISA, or CGRC are a plus.
Company:
WHOOP provides wearable fitness technology and a subscription platform that tracks physiological data for health and performance insights. Founded in 2012, the company is headquartered in Boston, USA, with a team of 501-1000 employees. The company is currently Late Stage.
WHOOP is on a mission to unlock human performance and extend healthspan. The Senior Risk & Compliance Analyst will support the design and execution of the cyber risk management program, leading risk assessments and collaborating with various stakeholders to identify and mitigate technology and cybersecurity risks.
Responsibilities:
• Lead cyber and technology risk assessments across systems, cloud environments, business processes, and major initiatives, evaluating threats, vulnerabilities, control effectiveness, and residual risk.
• Maintain and operate the enterprise cyber risk register, including drafting risk statements, tracking mitigation plans, and supporting governance and reporting processes.
• Translate technical findings, architectural concerns, and control gaps into clear business risk scenarios that support prioritization and decision-making.
• Support and help mature quantitative cyber risk analysis approaches such as FAIR to improve how risk is measured and communicated.
• Prepare materials and analysis to support the Cyber Risk Committee and executive risk reporting.
• Partner with Security Architecture to assess risk in system designs, cloud architecture, identity models, data flows, and platform changes.
• Collaborate with Security Engineering, Product Security, Legal, IT, and business teams to evaluate new initiatives, technology changes, artificial intelligence use cases, and third-party integrations through a risk lens.
• Conduct risk assessments for emerging technologies including artificial intelligence and machine learning systems, evaluating data usage, model behavior, external dependencies, and security implications.
• Evaluate risks associated with the use of artificial intelligence technologies, including model behavior, data exposure, prompt or input manipulation, and external model dependencies.
• Develop dashboards and reporting that provide leadership with visibility into key cybersecurity risks and trends.
• Track mitigation progress and risk treatment activities to ensure accountability and clear documentation of outcomes.
• Contribute to the continued development of cyber risk management processes, methodologies, and governance practices across the GRC program.
Qualifications:
Required:
• 6+ years of experience in cybersecurity risk management, information security, technology risk, or a related field.
• Demonstrated experience conducting structured cybersecurity or IT risk assessments.
• Experience maintaining risk registers and tracking risk mitigation or treatment activities.
• Strong understanding of security frameworks such as NIST CSF, ISO 27001, or PCI DSS, and familiarity with regulatory environments such as GDPR, HIPAA or other privacy and data protection requirements.
• Ability to translate technical findings into clear business risk for non-technical stakeholders.
• Strong written and verbal communication skills with experience presenting findings to cross-functional teams.
• Experience working with engineering, architecture, legal, compliance, and business stakeholders.
• Experience assessing risks related to artificial intelligence, machine learning systems, or emerging technologies, including familiarity with emerging AI governance frameworks such as NIST AI RMF, ISO/IEC 42001, or similar standards.
Preferred:
• Professional certifications such as CRISC, CISSP, CISM, CISA, or CGRC are a plus.
Company:
WHOOP provides wearable fitness technology and a subscription platform that tracks physiological data for health and performance insights. Founded in 2012, the company is headquartered in Boston, USA, with a team of 501-1000 employees. The company is currently Late Stage.
About Whoop
Sourced by ZipRecruiter
At WHOOP, we're on a mission to unlock human performance. WHOOP empowers users (Olympians, Professional Athletes, Fitness Enthusiasts, etc) to perform at a higher level through a deeper understanding of their bodies and daily lives.
Industry
Fitness and sports centers
Company size
501 - 1,000 Employees
Headquarters location
Boston, MA, US
Year founded
2012