1

Cyber Risk Assessment Jobs in Massachusetts (NOW HIRING)

Includes design of the cyber organization, governance, and risk assessments. Qualifications Required: * BA/BS Degree in Computer Science, Cyber Security, Information Security, Engineering ...

Cyber Data Protection Manager

Boston, MA · Remote

$120K - $163K/yr

If so, consider joining Deloitte & Touche LLP's growing Cyber Risk Digital Trust & Privacy practice ... Serve as a subject matter expert and trusted advisor to clients, helping them assess strategic and ...

Consultant - Cloud Architect

Boston, MA

$71.25 - $94.50/hr

Supporting cloud cyber risk engagements across assessment, design, implementation, and post-implementation activities for client environments. * Assisting clients with cloud security architecture ...

Bitsight is a cyber risk management leader transforming how companies manage exposure, performance ... assessment methodologies * Collaborate with the product and engineering organizations to align ...

Senior Manager - Cloud Architect

Boston, MA

$71.25 - $94.50/hr

Leading cloud cyber risk engagements across assessment, design, implementation, and post-implementation phases for client environments. * Advising clients on cloud security architecture ...

Leading workstreams across cloud cyber risk engagements, including assessment, design, implementation, and post-implementation activities. * Designing and evaluating cloud security architectures ...

Consultant - Cloud Architect

Boston, MA

$63.50 - $86.75/hr

Leading workstreams across cloud cyber risk engagements, including assessment, design, implementation, and post-implementation activities. * Designing and evaluating cloud security architectures ...

next page

Showing results 1-20

Cyber Risk Assessment information

What is the difference between Cyber Risk Assessment vs Cyber Security Analyst?

AspectCyber Risk AssessmentCyber Security Analyst
Primary FocusIdentifying and evaluating cybersecurity risks and vulnerabilitiesMonitoring, detecting, and responding to security threats
CertificationsCompTIA Security+, CISSP, CISACompTIA Security+, CEH, CISSP
Work EnvironmentRisk management teams, consulting firms, security departmentsSecurity operations centers, IT departments, incident response teams
ResponsibilitiesRisk analysis, vulnerability assessments, complianceThreat detection, incident response, security monitoring

While both roles involve cybersecurity, Cyber Risk Assessments focus on evaluating potential risks and vulnerabilities to inform security strategies, whereas Cyber Security Analysts actively monitor and respond to ongoing security threats. Understanding these differences helps organizations assign the right roles for comprehensive cybersecurity management.

How much does a cyber risk analyst make?

A cyber risk analyst typically earns between $70,000 and $120,000 annually, depending on experience, certifications, and location. Entry-level positions may start lower, while experienced analysts with certifications like CISSP or CISA can earn higher salaries, especially in industries with high cybersecurity demands.

What is a cyber risk assessment?

A cyber risk assessment is a process used to identify, evaluate, and prioritize potential threats and vulnerabilities in an organization's information systems. It helps organizations understand the potential impact of cyber threats and determine the likelihood of such events occurring. By conducting a cyber risk assessment, businesses can implement appropriate security controls and strategies to mitigate risks, comply with regulatory requirements, and protect sensitive data from cyberattacks. Regular assessments are essential to adapt to evolving threats and maintain a strong cybersecurity posture.

What are some common challenges faced by professionals in Cyber Risk Assessment, and how can they be addressed?

Professionals in Cyber Risk Assessment often encounter challenges such as rapidly evolving threat landscapes, keeping up with regulatory changes, and ensuring clear communication of technical risks to non-technical stakeholders. To address these, staying current with industry trends through continuous learning, leveraging robust risk assessment frameworks, and developing strong communication skills are essential. Additionally, collaborating closely with IT, compliance, and business units helps ensure comprehensive and effective risk management.

What are the key skills and qualifications needed to thrive as a Cyber Risk Assessor, and why are they important?

To thrive as a Cyber Risk Assessor, you need a strong understanding of cybersecurity principles, risk management frameworks, and relevant regulations, often backed by a degree in information security or related certifications like CISSP or CISA. Familiarity with security assessment tools, vulnerability scanners, and risk analysis platforms is typically required. Analytical thinking, attention to detail, and effective communication are vital soft skills for accurately identifying threats and conveying risks to stakeholders. These skills and qualities are crucial for protecting organizational assets and ensuring compliance in an evolving threat landscape.

Can you make $200,000 in cyber security?

Cyber Risk Assessment professionals can potentially earn $200,000 or more annually, especially with advanced certifications like CISSP or CISA, extensive experience, and roles in high-demand industries or senior positions. Salaries vary based on location, company size, and individual expertise, with senior analysts and managers often reaching or exceeding this level.

Is SOC an entry level job?

A Security Operations Center (SOC) analyst role is typically not entry-level and often requires some experience in cybersecurity, network monitoring, or related fields. Entry-level positions in cybersecurity may include roles like SOC analyst trainees or junior analysts, but more advanced SOC positions usually demand certifications such as CompTIA Security+ or Certified SOC Analyst (CSA) and familiarity with security tools and incident response processes.

Can you make $500,000 a year in cyber security?

Cyber Risk Assessment professionals typically earn between $80,000 and $150,000 annually, depending on experience, certifications, and location. Reaching a $500,000 salary generally requires senior roles such as Chief Information Security Officer (CISO) or executive-level positions, which involve strategic leadership, extensive experience, and often additional responsibilities. High salaries in cybersecurity are usually associated with leadership, specialized skills, or working in large organizations or high-demand industries.
What are popular job titles related to Cyber Risk Assessment jobs in Massachusetts? For Cyber Risk Assessment jobs in Massachusetts, the most frequently searched job titles are:
What job categories do people searching Cyber Risk Assessment jobs in Massachusetts look for? The top searched job categories for Cyber Risk Assessment jobs in Massachusetts are:
What cities in Massachusetts are hiring for Cyber Risk Assessment jobs? Cities in Massachusetts with the most Cyber Risk Assessment job openings:

Sr. Director, GRC, IT Controls & Cyber Culture, Orthopedics

Jj

Raynham, MA • On-site

$114K - $155K/yr

Full-time

Retirement, PTO

Posted 4 days ago


Job description

At Johnson & Johnson,we believe health is everything. Our strength in healthcare innovation empowers us to build aworld where complex diseases are prevented, treated, and cured,where treatments are smarter and less invasive, andsolutions are personal.Through our expertise in Innovative Medicine and MedTech, we are uniquely positioned to innovate across the full spectrum of healthcare solutions today to deliver the breakthroughs of tomorrow, and profoundly impact health for humanity.Learn more at jnj.com

As guided by Our Credo, Johnson & Johnson is responsible to our employees who work with us throughout the world. We provide an inclusive work environment where each person is considered as an individual. At Johnson & Johnson, we respect the diversity and dignity of our employees and recognize their merit.

Job Function:

Technology Enterprise Strategy & Security

Job Sub Function:

Security & Controls

Job Category:

People Leader

All Job Posting Locations:

Palm Beach Gardens, Florida, United States of America, Raritan, New Jersey, United States of America, Raynham, Massachusetts, United States of America, Warsaw, Indiana, United States of America, West Chester, Pennsylvania, United States of America

Job Description:

DePuy Synthes is recruiting for a(n) Sr. Director, GRC, IT Controls andCyberCulture.

Johnson & Johnson announced plans to separate our Orthopedics business toestablisha standalone orthopedics company, operatingasDePuy Synthes. The process of the planned separation isanticipatedto be completed within 18 to24 months, subject to legal requirements, including consultation with works councils and other employee representative bodies, as may berequired, regulatory approvals and other customary conditions and approvals. Should you accept this position, it isanticipatedthat, following conclusion of the transaction, you would be an employee of DePuySynthesand your employment would be governed by DePuy Synthes employment processes, programs, policies, and benefit plans. In that case, details of any planned changes would be provided to you by DePuy Synthes atan appropriate timeand subject to any necessary consultation processes.

Job Overview

This role serves as a senior cybersecurity leader reporting to the CISO, with enterprise accountability for building, maturing, and operationalizing the Governance, Risk & Compliance (GRC) function across DePuy Synthes. The Sr. Director will oversee the BISO manager organization,establishscalable risk governance practices, strengthen security awareness andbehavior basedculture programs, and drive implementation of IT controls and an enterprise assurance framework. The role will also oversee external cybersecurity assessments and disclosures, including cyber insurance, ESG-related cybersecurity inputs, and other third-party assurance activities. This highly visible leadership role will help ensure cybersecurity risk, compliance, control effectiveness, and cultural adoption are consistently managed across the enterprise in support of business priorities, regulatory expectations, and organizational resilience.

Key Responsibilities

  • Build and mature the enterprise GRC function, including governance forums, risk management processes, compliance oversight, control monitoring, issue management, and executive reporting.

  • Provide leadership and oversight for the BISO manager organization, ensuring consistent engagement with business leaders, effective cyber risk advisory support, and alignment of security priorities to businessobjectives.

  • Lead enterprise cyber risk management activities, including risk identification, assessment, mitigation planning, escalation, and reporting to senior leadership and governance bodies.

  • Own the enterprise cybersecurity policy and standards lifecycle - from creation and implementation to continuous review - ensuring clarity, compliance, and alignment with organizational goals.

  • Oversee SOX cybersecurity and IT control activities, including implementation, operating effectiveness,evidencereadiness, remediation tracking, and partnership with Finance, Internal Audit, External Audit, and IT control owners.

  • Establish and operationalize an enterprise IT controls and assurance framework that enables consistent control design, testing, monitoring, reporting, and continuous improvement across the organization.

  • Lead oversight of external cybersecurity assessments and assurance requests, including cyber insurance questionnaires, ESG-related cybersecurity inputs, customer or partner assessments, and other third-party reviews requiring enterprise cyber risk and control representation.

  • Drive cybersecurity compliance with applicable global regulations, standards, and frameworks, ensuring the organization candemonstratecontrol effectiveness and audit readiness.

  • Lead security awareness, behavior, and culture initiatives that improve workforce accountability, reducehumancentricrisk, and embed secure practices intodaytodaybusiness operations.

  • Lead and develophighperformingcybersecurity leaders and teams, fostering a culture of accountability, collaboration, disciplined execution, and continuous improvement.

  • Provideexecutivelevelreporting on cybersecurity risk, compliance status, control effectiveness, assurance outcomes, and program maturity to senior leadership and governance bodies.

Qualifications

Education

  • Required:Bachelor's degree in Information Security, Computer Science, Engineering, ora relatedfield.

  • Preferred: Master's degree (MS, MBA, or equivalent) in Cybersecurity, Information Systems, or Business.

Experience and Skills

Required:

  • 12-14 years of progressive experience in cybersecurity, information security, technology risk management, IT controls, or GRC, including senior leadership roles.

  • Demonstrated experience building or maturing enterprise GRC programs in a regulated, global, or complex operating environment.

  • Experience leading BISO, cyber risk advisory, security governance, or business aligned cybersecurity teams.

  • Deep knowledge of cybersecurity risk management, compliance frameworks, IT controls, SOX control expectations, assurance practices, and audit readiness.

  • Experience overseeing external cybersecurity assessments, including cyber insurance, ESG-related cybersecurity reporting, customer or partner assessments, and third-party assurance requests.

  • Experience building, mentoring, and leading senior level cybersecurity teams.

  • Strong strategic, analytical, and communication skills, with the ability to translate technical risk, control gaps, and compliance obligations into business impact.

Preferred:

  • Experience implementing or transforming enterprise IT controls, SOX programs, control testing, remediation governance, and assurance frameworks.

  • Experience driving cybersecurity awareness, behavior change, and culture programs across a large enterprise.

  • Experienceoperatingin complex, global organizations undergoing transformation or separation.

  • Demonstrated success improvingcybersecuritymaturity, control effectiveness, and risk accountability at scale.

  • Proven ability to influence executive stakeholders andpartnereffectively across IT, Finance, Internal Audit, External Audit, Legal, Risk, Compliance, and business leadership functions.

Other:

  • Language: English (fluent)

  • Travel: Up to 20%, domestic and international

  • Certifications (preferred): CISSP, CISM, CRISC, or equivalent

For more information on how we support the whole health of our employees throughout their wellness,careerand life journey, please visitwww.careers.jnj.com.

Johnson & Johnson is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, disability, protected veteran status or other characteristics protected by federal, state or local law. We actively seek qualified candidates who are protected veterans and individuals with disabilities as defined under VEVRAA and Section 503 of the Rehabilitation Act.

Johnson and Johnson is committed to providing an interview process that is inclusive of our applicants' needs. If you are an individual with a disability and would like to request an accommodation, please email the Employee Health Support Center (ra-employeehealthsup@its.jnj.com) or contact AskGS to be directed to your accommodation resource.

#DePuySynthesCareers

Required Skills:

Preferred Skills:

Business Process Design, Crisis Management, Critical Thinking, Cybersecurity, Developing Others, Inclusive Leadership, Industry Analysis, Information Security Auditing, Information Security Management System (ISMS), Information Technology (IT) Security Assessments, Information Technology Strategies, Leadership, Presentation Design, Process Optimization, Risk Management Framework, Security Architecture Design, Security Policies, Strategic Thinking

The anticipated base pay range for this position is :

$178,000.00 - $307,050.00

Additional Description for Pay Transparency:

Subject to the terms of their respective plans, employees are eligible to participate in the Company's consolidated retirement plan (pension) and savings plan (401(k)).
This position is eligible to participate in the Company's long-term incentive program.
Subject to the terms of their respective policies and date of hire, employees are eligible for the following time off benefits:
Vacation -120 hours per calendar year
Sick time - 40 hours per calendar year; for employees who reside in the State of Colorado -48 hours per calendar year; for employees who reside in the State of Washington -56 hours per calendar year
Holiday pay, including Floating Holidays -13 days per calendar year
Work, Personal and Family Time - up to 40 hours per calendar year
Parental Leave - 480 hours within one year of the birth/adoption/foster care of a child
Bereavement Leave - 240 hours for an immediate family member: 40 hours for an extended family member per calendar year
Caregiver Leave - 80 hours in a 52-week rolling period10 days
Volunteer Leave - 32 hours per calendar year
Military Spouse Time-Off - 80 hours per calendar year
For additional general information on Company benefits, please go to: - https://www.careers.jnj.com/employee-benefits