1

Cyber Security Risk Analyst Jobs in Massachusetts

Senior IT Risk Analyst (First Line of Defense) Rockland Trust is seeking a Senior IT Risk Analyst ... Bachelor's degree in Information Technology, Computer Science, Cybersecurity, Accounting, Finance ...

Senior Risk & Compliance Analyst

Boston, MA · On-site

$130K - $170K/yr

Prepare materials and analysis to support the Cyber Risk Committee and executive risk reporting ... QUALIFICATIONS: * 6+ years of experience in cybersecurity risk management, information security ...

Senior Risk & Compliance Analyst

Boston, MA · On-site

$130K - $170K/yr

Prepare materials and analysis to support the Cyber Risk Committee and executive risk reporting ... QUALIFICATIONS: * 6+ years of experience in cybersecurity risk management, information security ...

Prepare materials and analysis to support the Cyber Risk Committee and executive risk reporting ... QUALIFICATIONS: * 6+ years of experience in cybersecurity risk management, information security ...

Prepare materials and analysis to support the Cyber Risk Committee and executive risk reporting ... QUALIFICATIONS: * 6+ years of experience in cybersecurity risk management, information security ...

Senior IT Risk Analyst (First Line of Defense) Rockland Trust is seeking a Senior IT Risk Analyst ... Bachelor's degree in Information Technology, Computer Science, Cybersecurity, Accounting, Finance ...

... analysis, documentation, stakeholder communications, and overall project delivery efficiency. * Identify opportunities to apply AI-enabled solutions to compliance, cybersecurity, risk management, and ...

Be Seen First

Compliance Risk Analyst - Mid-Level Location: Marlborough, MA (01701), Hybrid: 2 days a week ... Partner with IT, Legal, Privacy, Cybersecurity, and AI Governance Committee to align governance ...

New

Sr. Cyber Security Analyst

Boston, MA · Hybrid

$108K - $140K/yr

... Sr. Cyber Security Analyst Locations: Waltham, MA / Boston, MA - Hybrid / New York / Florida ... Collaborating with cross-functional teams, you will drive risk-informed decision-making, support ...

Sr. Cyber Security Analyst

Waltham, MA · Hybrid

$107K - $139K/yr

... Sr. Cyber Security Analyst Locations: Waltham, MA / Boston, MA - Hybrid / New York / Florida ... Collaborating with cross-functional teams, you will drive risk-informed decision-making, support ...

GRC Analyst - Third Party Risk

Boston, MA · On-site

$70K - $110K/yr

As a GRC Analyst, you will support the WHOOP Governance, Risk, and Compliance program. You will ... Understanding of Cybersecurity compliance frameworks and cybersecurity compliance controls - ISO ...

Sr. Cyber Security Analyst

Waltham, MA · On-site

$107K - $139K/yr

... Sr. Cyber Security Analyst Locations: Waltham, MA / Boston, MA - Hybrid / New York / Florida ... Collaborating with cross-functional teams, you will drive risk-informed decision-making, support ...

As a GRC Analyst, you will support the WHOOP Governance, Risk, and Compliance program. You will ... Understanding of Cybersecurity compliance frameworks and cybersecurity compliance controls - ISO ...

GRC Analyst - Third Party Risk

Boston, MA · On-site

$70K - $110K/yr

As a GRC Analyst, you will support the WHOOP Governance, Risk, and Compliance program. You will ... Understanding of Cybersecurity compliance frameworks and cybersecurity compliance controls - ISO ...

The analyst monitors threats and incidents, supports resilience and training platforms, and ... Bachelor's degree in Cybersecurity, Information Technology, Risk Management, Business Continuity ...

The analyst monitors threats and incidents, supports resilience and training platforms, and ... Bachelor's degree in Cybersecurity, Information Technology, Risk Management, Business Continuity ...

The analyst monitors threats and incidents, supports resilience and training platforms, and ... Bachelor's degree in Cybersecurity, Information Technology, Risk Management, Business Continuity ...

next page

Showing results 1-20

Cyber Security Risk Analyst information

See Massachusetts salary details

$47K

$108.6K

$163.8K

How much do cyber security risk analyst jobs pay per year?

As of Jul 16, 2026, the average yearly pay for cyber security risk analyst in Massachusetts is $108,557.00, according to ZipRecruiter salary data. Most workers in this role earn between $86,800.00 and $126,100.00 per year, depending on experience, location, and employer.

What are the key skills and qualifications needed to thrive in the Cyber Security Risk Analyst position, and why are they important?

A Cyber Security Risk Analyst requires a solid understanding of information security principles, risk assessment methodologies, and a relevant degree such as computer science or cybersecurity. Familiarity with tools like risk management frameworks (NIST, ISO 27001), vulnerability scanners, and certifications such as CISSP, CISM, or CRISC is common in this role. Strong analytical thinking, attention to detail, effective communication, and problem-solving skills are vital soft skills. These competencies enable analysts to accurately identify, assess, and communicate cyber risks, protecting organizations from evolving threats.

Can you make $200,000 in cyber security?

Cyber Security Risk Analysts with extensive experience, advanced certifications, and specialized skills can potentially earn $200,000 or more annually, especially in high-demand industries or senior roles. Achieving this salary often requires a combination of technical expertise, certifications like CISSP or CISA, and a strong understanding of risk management and security frameworks.

What does a cyber security risk analyst do?

A cyber security risk analyst evaluates an organization’s security posture by identifying vulnerabilities, assessing potential threats, and recommending measures to mitigate risks. They analyze security data, develop risk management strategies, and often use tools like vulnerability scanners and risk assessment frameworks to protect information systems.

What is a Cyber Security Risk Analyst job?

A Cyber Security Risk Analyst is responsible for identifying, assessing, and mitigating cybersecurity risks within an organization. They analyze potential threats, evaluate security controls, and recommend improvements to protect sensitive data and systems. Their role often involves conducting risk assessments, ensuring compliance with industry regulations, and collaborating with IT and security teams to enhance defenses. They also monitor emerging threats and provide strategic insights to minimize vulnerabilities. Ultimately, they help organizations maintain a strong security posture against cyber threats.

What are some typical challenges faced by Cyber Security Risk Analysts on the job?

Cyber Security Risk Analysts commonly face the challenge of keeping up with constantly evolving threats and technology landscapes. They must balance the need for robust security with business objectives, often requiring nuanced decision-making and collaboration across departments. Analysts may also encounter difficulties in communicating complex technical risks to non-technical stakeholders. Successfully navigating these challenges is key to maintaining organizational security and fostering a culture of risk awareness.

How much does a cybersecurity risk analyst make?

A cybersecurity risk analyst's average salary in the United States ranges from $70,000 to $120,000 annually, depending on experience, certifications, and location. Entry-level positions typically start around $60,000, while experienced analysts with certifications like CISSP or CISA can earn over $130,000. The role often requires knowledge of risk assessment tools and security frameworks.

Can you make $500,000 a year in cyber security?

Cyber Security Risk Analysts typically earn between $70,000 and $130,000 annually, depending on experience, certifications, and location. Reaching a $500,000 salary usually requires senior roles such as Chief Information Security Officer (CISO) or executive positions, which involve strategic leadership and extensive industry experience. High salaries in cybersecurity are often associated with leadership, specialized skills, and working in high-demand sectors or organizations.
What are the most commonly searched types of Cyber Security Risk Analyst jobs in Massachusetts? The most popular types of Cyber Security Risk Analyst jobs in Massachusetts are:
What are popular job titles related to Cyber Security Risk Analyst jobs in Massachusetts? For Cyber Security Risk Analyst jobs in Massachusetts, the most frequently searched job titles are:
What job categories do people searching Cyber Security Risk Analyst jobs in Massachusetts look for? The top searched job categories for Cyber Security Risk Analyst jobs in Massachusetts are:
Senior IT Risk Analyst

Senior IT Risk Analyst

Rockland Trust

Plymouth, MA • Hybrid

Other

Medical, Dental, Life, Retirement, PTO

Re-posted 3 days ago


Job description

Senior IT Risk Analyst (First Line of Defense)

Rockland Trust is seeking a Senior IT Risk Analyst to advance the Bank's First Line of Defense IT Risk Management Program. 

This is a hybrid role, 3 days Mon-Wed in the Plymouth office then remaining days working remotely. 

This senior professional contributes to the identification, assessment, and mitigation of technology risks, providing informed recommendations to IT and business stakeholders. The role emphasizes accountability for high-quality risk assessments, strong judgment in interpreting results, and proactive contributions to process improvement and risk awareness across the organization.

This role serves as a resource and mentor to less-experienced colleagues, supporting development and consistent execution of sound risk management practices. The Senior IT Risk Analyst works closely with stakeholders across IT and business areas to ensure risks are adequately identified and managed, controls are designed and operating effectively, and necessary remediation activities are completed in a timely manner.

Key Responsibilities

IT Risk Assessment & Control Evaluation

  • Lead comprehensive IT risk assessments across applications, infrastructure, and IT processes, including inherent and residual risk evaluations.
  • Evaluate the design and operating effectiveness of controls, ensuring assessments are evidence-based and aligned with internal methodologies and regulatory requirements.
  • Conduct detailed walkthroughs and interviews with IT and business stakeholders to validate processes and risks, identify control gaps, and obtain and evaluate appropriate documentation and evidence.
  • Analyze risk and control data to identify trends, recurring issues, or systemic weaknesses to translate findings into actionable insights.
  • Maintain sufficient documentation of assessments performed, tests conducted, and issues noted in the Bank's systems of record, ensuring clarity, completeness, and alignment with Bank and regulatory methodology and requirements.

Risk Communication & Issue Resolution

  • Communicate findings, risk implications, control gaps, or other such issues to stakeholders in a professional, credible, and constructive manner.
  • Support, advise, and challenge remediation plans to ensure proposed actions effectively mitigate identified risks.
  • Coordinate responses to audit, regulatory, or other internal inquiries, ensuring timely and accurate resolution of outstanding issues.
  • Track and monitor remediation efforts and key milestones to facilitate risk closure, proactively identifying potential bottlenecks or emerging risks.

Program Support & Mentorship

  • Provide guidance and informal coaching to junior team members, reviewing work products to ensure adherence to risk assessment standards and quality expectations.
  • Contribute to continuous improvement initiatives for IT risk assessment methodologies, reporting practices, and other opportunities.
  • Serve as a trusted resource for IT and business teams on risk-related topics, fostering a risk-aware culture and promoting best practices.
  • Stay current with regulatory guidance, industry standards, and emerging risks to support program maturity and long-term risk management effectiveness.

Required Qualifications

  • Bachelor's degree in Information Technology, Computer Science, Cybersecurity, Accounting, Finance, or a related field with equitable risk and controls experience.
  • Minimum of 5 years of professional experience in IT risk management, technology audit, or control testing, including execution of risk assessments, control evaluation, and reporting.
  • Must be able to work the hybrid schedule:  3 days Mon-Wed in the Plymouth office then remaining days work remotely. 
  • Experience with GRC platforms (e.g., Archer) and risk reporting tools (e.g., PowerBI dashboards).
  • Familiarity with risk and control frameworks such as NIST, CIS, COBIT, FFIEC, or ISO.
  • Demonstrated ability to effectively communicate, both written and verbally, complex IT risk and control concepts effectively to technical and non-technical stakeholders.
  • Experience navigating highly regulated or matrixed environments, interacting with audit, compliance, and/ or regulatory stakeholders.
  • Strong analytical skills, attention to detail, and ability to make independent, informed decisions.
  • Proven ability to influence outcomes and drive follow-through on risk identification and mitigation activities.

Highly preferred:

  • Professional certifications: CISA, CRISC, CISM, CISSP, or equivalent.
  • Financial services industry experience.

Required Qualifications

  • Bachelor's degree in Information Technology, Computer Science, Cybersecurity, Accounting, Finance, or a related field with equitable risk and controls experience.
  • Minimum of 5 years of professional experience in IT risk management, technology audit, or control testing, including execution of risk assessments, control evaluation, and reporting.
  • Must be able to work the hybrid schedule: 3 days Mon-Wed in the Plymouth office then remaining days work remotely.
  • Experience with GRC platforms (e.g., Archer) and risk reporting tools (e.g., PowerBI dashboards).
  • Familiarity with risk and control frameworks such as NIST, CIS, COBIT, FFIEC, or ISO.
  • Demonstrated ability to effectively communicate, both written and verbally, complex IT risk and control concepts effectively to technical and non-technical stakeholders.
  • Experience navigating highly regulated or matrixed environments, interacting with audit, compliance, and/ or regulatory stakeholders.
  • Strong analytical skills, attention to detail, and ability to make independent, informed decisions.
  • Proven ability to influence outcomes and drive follow-through on risk identification and mitigation activities.

Highly preferred:

  • Professional certifications: CISA, CRISC, CISM, CISSP, or equivalent.
  • Financial services industry experience.

Our goal is to offer our colleagues the most generous benefits package possible. We strive to provide colleagues with a comprehensive benefits package and an environment that supports a healthy work-life balance. Benefits include: Competitive compensation with performance incentive awards, Health Insurance, Dental Insurance, a 401K and DC Plan for your retirement, LTD & Life Insurance, Vacation Time, Day Care Reimbursement, Tuition Assistance for graduate and undergraduate programs, an Award Winning Wellness program and much more!

At Rockland Trust you'll find a respectful and inclusive environment where everyone is given the chance to succeed. We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law.

Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Key Responsibilities

IT Risk Assessment & Control Evaluation

  • Lead comprehensive IT risk assessments across applications, infrastructure, and IT processes, including inherent and residual risk evaluations.
  • Evaluate the design and operating effectiveness of controls, ensuring assessments are evidence-based and aligned with internal methodologies and regulatory requirements.
  • Conduct detailed walkthroughs and interviews with IT and business stakeholders to validate processes and risks, identify control gaps, and obtain and evaluate appropriate documentation and evidence.
  • Analyze risk and control data to identify trends, recurring issues, or systemic weaknesses to translate findings into actionable insights.
  • Maintain sufficient documentation of assessments performed, tests conducted, and issues noted in the Bank's systems of record, ensuring clarity, completeness, and alignment with Bank and regulatory methodology and requirements.

Risk Communication & Issue Resolution

  • Communicate findings, risk implications, control gaps, or other such issues to stakeholders in a professional, credible, and constructive manner.
  • Support, advise, and challenge remediation plans to ensure proposed actions effectively mitigate identified risks.
  • Coordinate responses to audit, regulatory, or other internal inquiries, ensuring timely and accurate resolution of outstanding issues.
  • Track and monitor remediation efforts and key milestones to facilitate risk closure, proactively identifying potential bottlenecks or emerging risks.

Program Support & Mentorship

  • Provide guidance and informal coaching to junior team members, reviewing work products to ensure adherence to risk assessment standards and quality expectations.
  • Contribute to continuous improvement initiatives for IT risk assessment methodologies, reporting practices, and other opportunities.
  • Serve as a trusted resource for IT and business teams on risk-related topics, fostering a risk-aware culture and promoting best practices.
  • Stay current with regulatory guidance, industry standards, and emerging risks to support program maturity and long-term risk management effectiveness.