1

Cyber Security Risk Analyst Jobs in Massachusetts

Cybersecurity Risk Analyst

Cambridge, MA · On-site

$82K - $220K/yr

The Cybersecurity Risk Analyst is a member of Draper's Cybersecurity Risk Management team, responsible primarily for unclassified information system risk and compliance efforts. This role contributes ...

The Cybersecurity Risk Analyst is a member of Draper's Cybersecurity Risk Management team, responsible primarily for unclassified information system risk and compliance efforts. This role contributes ...

... cybersecurity risks. Responsibilities : • Lead cyber and technology risk assessments across systems, cloud environments, business processes, and major initiatives, evaluating threats ...

The IT Risk Analyst's primary responsibility will be to conduct various risk assessments, including ... Bachelor's degree, preferably in Accounting, Cybersecurity (Information Assurance), Computer ...

The IT Risk Analyst's primary responsibility will be to conduct various risk assessments, including ... Bachelor's degree, preferably in Accounting, Cybersecurity (Information Assurance), Computer ...

The IT Risk Analyst's primary responsibility will be to conduct various risk assessments, including ... Bachelor's degree, preferably in Accounting, Cybersecurity (Information Assurance), Computer ...

Senior IT Risk Analyst (First Line of Defense) Rockland Trust is seeking a Senior IT Risk Analyst ... Bachelor's degree in Information Technology, Computer Science, Cybersecurity, Accounting, Finance ...

next page

Showing results 1-20

Cyber Security Risk Analyst information

See Massachusetts salary details

$47K

$108.6K

$163.8K

How much do cyber security risk analyst jobs pay per year?

As of Jul 16, 2026, the average yearly pay for cyber security risk analyst in Massachusetts is $108,557.00, according to ZipRecruiter salary data. Most workers in this role earn between $86,800.00 and $126,100.00 per year, depending on experience, location, and employer.

What are the key skills and qualifications needed to thrive in the Cyber Security Risk Analyst position, and why are they important?

A Cyber Security Risk Analyst requires a solid understanding of information security principles, risk assessment methodologies, and a relevant degree such as computer science or cybersecurity. Familiarity with tools like risk management frameworks (NIST, ISO 27001), vulnerability scanners, and certifications such as CISSP, CISM, or CRISC is common in this role. Strong analytical thinking, attention to detail, effective communication, and problem-solving skills are vital soft skills. These competencies enable analysts to accurately identify, assess, and communicate cyber risks, protecting organizations from evolving threats.

Can you make $200,000 in cyber security?

Cyber Security Risk Analysts with extensive experience, advanced certifications, and specialized skills can potentially earn $200,000 or more annually, especially in high-demand industries or senior roles. Achieving this salary often requires a combination of technical expertise, certifications like CISSP or CISA, and a strong understanding of risk management and security frameworks.

What does a cyber security risk analyst do?

A cyber security risk analyst evaluates an organization’s security posture by identifying vulnerabilities, assessing potential threats, and recommending measures to mitigate risks. They analyze security data, develop risk management strategies, and often use tools like vulnerability scanners and risk assessment frameworks to protect information systems.

What is a Cyber Security Risk Analyst job?

A Cyber Security Risk Analyst is responsible for identifying, assessing, and mitigating cybersecurity risks within an organization. They analyze potential threats, evaluate security controls, and recommend improvements to protect sensitive data and systems. Their role often involves conducting risk assessments, ensuring compliance with industry regulations, and collaborating with IT and security teams to enhance defenses. They also monitor emerging threats and provide strategic insights to minimize vulnerabilities. Ultimately, they help organizations maintain a strong security posture against cyber threats.

What are some typical challenges faced by Cyber Security Risk Analysts on the job?

Cyber Security Risk Analysts commonly face the challenge of keeping up with constantly evolving threats and technology landscapes. They must balance the need for robust security with business objectives, often requiring nuanced decision-making and collaboration across departments. Analysts may also encounter difficulties in communicating complex technical risks to non-technical stakeholders. Successfully navigating these challenges is key to maintaining organizational security and fostering a culture of risk awareness.

How much does a cybersecurity risk analyst make?

A cybersecurity risk analyst's average salary in the United States ranges from $70,000 to $120,000 annually, depending on experience, certifications, and location. Entry-level positions typically start around $60,000, while experienced analysts with certifications like CISSP or CISA can earn over $130,000. The role often requires knowledge of risk assessment tools and security frameworks.

Can you make $500,000 a year in cyber security?

Cyber Security Risk Analysts typically earn between $70,000 and $130,000 annually, depending on experience, certifications, and location. Reaching a $500,000 salary usually requires senior roles such as Chief Information Security Officer (CISO) or executive positions, which involve strategic leadership and extensive industry experience. High salaries in cybersecurity are often associated with leadership, specialized skills, and working in high-demand sectors or organizations.
What are the most commonly searched types of Cyber Security Risk Analyst jobs in Massachusetts? The most popular types of Cyber Security Risk Analyst jobs in Massachusetts are:
What are popular job titles related to Cyber Security Risk Analyst jobs in Massachusetts? For Cyber Security Risk Analyst jobs in Massachusetts, the most frequently searched job titles are:
What job categories do people searching Cyber Security Risk Analyst jobs in Massachusetts look for? The top searched job categories for Cyber Security Risk Analyst jobs in Massachusetts are:
Cybersecurity Risk Analyst

Cybersecurity Risk Analyst

Draper

Cambridge, MA • On-site

$82K - $220K/yr

Full-time

Posted 25 days ago


Job description

Overview:
Draper is an independent, nonprofit research and development company headquartered in Cambridge, MA. The 2,000+ employees of Draper tackle important national challenges with a promise of delivering successful and usable solutions. From military defense and space exploration to biomedical engineering, lives often depend on the solutions we provide. Our multidisciplinary teams of engineers and scientists work in a collaborative environment that inspires the cross-fertilization of ideas necessary for true innovation. For more information about Draper, visit www.draper.com.
Job Description Summary:
The Cybersecurity Risk Analyst is a member of Draper's Cybersecurity Risk Management team, responsible primarily for unclassified information system risk and compliance efforts. This role contributes to the Cybersecurity Risk Management team in applying contractual and regulatory requirements to include DFARS and CMMC to Draper's unclassified computing environments. This team serves as the Governance Risk and Compliance (GRC) tool product owner, performs compliance and risk analyses, develops policy, procedures, and standards, and partners closely with peer IT, security, and engineering teams to ensure compliance and risks are appropriately managed thorough the organization.
Job Description:
Duties/Responsibilities
  • Serve as a subject matter expert for cybersecurity risk management and compliance frameworks including NIST SP 800-171/53, DAAPM, CMMC, RMF
  • Lead CMMC compliance and certification efforts to conduct gap assessments against CMMC requirements, develop and manage remediation plans, support audit readiness and interface with assessors, and ensure ongoing compliance with DFARS and CUI protection requirements
  • Provide technical risk guidance on cloud security (Azure, AWS), hybrid infrastructures, and Zero Trust initiatives
  • Perform risk assessments, vulnerability analysis, and compliance reviews using tools such as ServiceNow IRM, Nessus, Splunk
  • Conduct continuous monitoring of security controls
  • Deliver reports and recommendations to executive leadership on risk posture, compliance status, and emerging threats
  • Serve as a trusted cybersecurity advisor across the organization
  • Develop and promote processes and procedures to analyze and assess cybersecurity risks across an enterprise environment

Skills/Abilities
  • Technical and functional experience in domain of Governance, Audit, Risk Management and Regulatory Compliance.
  • Understand risk assessment methodologies, frameworks, and procedures and the ability to work flexibly with them to meet organizational size, maturity, and culture consideration.
  • Ability to read, understand, and apply government regulation (FAR, DFARS).
  • Strong working knowledge of NIST SP 800-171, NIST SP 800-53, CMMC, NIST Risk Management Framework (RMF), FedRAMP
  • Knowledge of CUI and the control sets and documentation necessary for adherence to CUI management and safe keeping.
  • Ability to develop organizational cybersecurity policy, procedures, standards, and guidelines
  • Ability to think strategically about security risks and tie those to tactical organizational activities and goals.
  • Ability and experience developing and maintaining System Security Plans and associated artifacts, such as a Plans of Action & Milestones, Risk Assessment Report, and Continuous Monitoring Strategy
  • A thorough knowledge of risk assessment methodologies, such as NIST SP 800-30, Factor Analysis of Information Risk (FAIR), Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE), or other risk assessment practices

Education
  • Bachelor's degree in Information Systems, Cybersecurity, or related field (or equivalent experience)

Experience
  • 4 years of cybersecurity and IT experience, including compliance, risk management, and assessment roles.
  • Experience supporting the Defense Industrial Base (DIB) and cleared contractor facilities preferred.
  • Ability to obtain a Secret clearance is required.

Additional Job Description:
Applicants selected for this position will be required to obtain and maintain a government security clearance.
Connect With Draper for Future Opportunities! If you don't find the right posting in our Career Opportunities, you may submit your resume for future consideration.
Job Location - City:
Cambridge
Job Location - State:
Massachusetts
Job Location - Postal Code:
02139-3563
The US base salary range for this full-time position is
$82,300.00 - $220,000.00
Our salary ranges are determined by role, level, and location. The range displayed on each job posting reflects the minimum and maximum target salaries for the position across all US locations. Within the range, individual pay is determined by work location and additional factors, including job-related skills, experience, and relevant education or training. Union ranges will be in compliance with the collective bargaining agreement's approved rates by location and role. Your recruiter can share more about the specific salary range for your preferred location during the hiring process. Please note that the compensation details listed in US role postings reflect the base salary only, and does not include bonuses or benefits.
Our work is very important to us, but so is our life outside of work. Draper supports many programs to improve work-life balance including workplace flexibility, employee clubs ranging from photography to yoga, health and finance workshops, off site social events and discounts to local museums and cultural activities. If this specific job opportunity and the chance to work at a nationally renowned R&D innovation company appeals to you, apply now www.draper.com/careers.
Draper is committed to creating an inclusive environment. We understand the value of inclusivity and its impact on a high-performance culture. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, disability, age, sexual orientation, national origin, veteran status, or genetic information. Draper is committed to providing access, equal opportunity, and reasonable accommodation for individuals with disabilities in employment, its services, programs, and activities. To request reasonable accommodation, please contact hr@draper.com.