1

Cyber Security Risk Analyst Jobs in Washington (NOW HIRING)

ECLARO is a leading technology solutions provider seeking a Cybersecurity Risk Analyst for their client in Manassas, VA. The role involves managing Third-Party Risk Management (TPRM) operations and ...

Partner with technology, cybersecurity, compliance, and risk teams to strengthen control ... Strong analytical, organizational, and documentation skills. * Experience reviewing documentation ...

Partner with technology, cybersecurity, compliance, and risk teams to strengthen control ... Strong analytical, organizational, and documentation skills. * Experience reviewing documentation ...

next page

Showing results 1-20

Cyber Security Risk Analyst information

See Washington salary details

$48.7K

$112.6K

$169.9K

How much do cyber security risk analyst jobs pay per year?

As of Jul 4, 2026, the average yearly pay for cyber security risk analyst in Washington is $112,580.00, according to ZipRecruiter salary data. Most workers in this role earn between $90,000.00 and $130,800.00 per year, depending on experience, location, and employer.

What are the key skills and qualifications needed to thrive in the Cyber Security Risk Analyst position, and why are they important?

A Cyber Security Risk Analyst requires a solid understanding of information security principles, risk assessment methodologies, and a relevant degree such as computer science or cybersecurity. Familiarity with tools like risk management frameworks (NIST, ISO 27001), vulnerability scanners, and certifications such as CISSP, CISM, or CRISC is common in this role. Strong analytical thinking, attention to detail, effective communication, and problem-solving skills are vital soft skills. These competencies enable analysts to accurately identify, assess, and communicate cyber risks, protecting organizations from evolving threats.

Can you make $200,000 in cyber security?

Cyber Security Risk Analysts with extensive experience, advanced certifications, and specialized skills can potentially earn $200,000 or more annually, especially in high-demand industries or senior roles. Achieving this salary often requires a combination of technical expertise, certifications like CISSP or CISA, and a strong understanding of risk management and security frameworks.

What does a cyber security risk analyst do?

A cyber security risk analyst evaluates an organization’s security posture by identifying vulnerabilities, assessing potential threats, and recommending measures to mitigate risks. They analyze security data, develop risk management strategies, and often use tools like vulnerability scanners and risk assessment frameworks to protect information systems.

What is a Cyber Security Risk Analyst job?

A Cyber Security Risk Analyst is responsible for identifying, assessing, and mitigating cybersecurity risks within an organization. They analyze potential threats, evaluate security controls, and recommend improvements to protect sensitive data and systems. Their role often involves conducting risk assessments, ensuring compliance with industry regulations, and collaborating with IT and security teams to enhance defenses. They also monitor emerging threats and provide strategic insights to minimize vulnerabilities. Ultimately, they help organizations maintain a strong security posture against cyber threats.

What are some typical challenges faced by Cyber Security Risk Analysts on the job?

Cyber Security Risk Analysts commonly face the challenge of keeping up with constantly evolving threats and technology landscapes. They must balance the need for robust security with business objectives, often requiring nuanced decision-making and collaboration across departments. Analysts may also encounter difficulties in communicating complex technical risks to non-technical stakeholders. Successfully navigating these challenges is key to maintaining organizational security and fostering a culture of risk awareness.

How much does a cybersecurity risk analyst make?

A cybersecurity risk analyst's average salary in the United States ranges from $70,000 to $120,000 annually, depending on experience, certifications, and location. Entry-level positions typically start around $60,000, while experienced analysts with certifications like CISSP or CISA can earn over $130,000. The role often requires knowledge of risk assessment tools and security frameworks.

Can you make $500,000 a year in cyber security?

Cyber Security Risk Analysts typically earn between $70,000 and $130,000 annually, depending on experience, certifications, and location. Reaching a $500,000 salary usually requires senior roles such as Chief Information Security Officer (CISO) or executive positions, which involve strategic leadership and extensive industry experience. High salaries in cybersecurity are often associated with leadership, specialized skills, and working in high-demand sectors or organizations.
What are the most commonly searched types of Cyber Security Risk Analyst jobs in Washington? The most popular types of Cyber Security Risk Analyst jobs in Washington are:
What are popular job titles related to Cyber Security Risk Analyst jobs in Washington? For Cyber Security Risk Analyst jobs in Washington, the most frequently searched job titles are:
What job categories do people searching Cyber Security Risk Analyst jobs in Washington look for? The top searched job categories for Cyber Security Risk Analyst jobs in Washington are:
What cities in Washington are hiring for Cyber Security Risk Analyst jobs? Cities in Washington with the most Cyber Security Risk Analyst job openings:
Infographic showing various Cyber Security Risk Analyst job openings in Washington as of June 2026, with employment types broken down into 82% Full Time, 15% Part Time, 1% Temporary, and 2% Contract. Highlights an 92% Physical, 3% Hybrid, and 5% Remote job distribution, with an average salary of $112,580 per year, or $54.1 per hour.
Cybersecurity Risk Analyst

Cybersecurity Risk Analyst

ECLARO

Manassas, VA • On-site

Full-time

Posted 4 days ago


Job description

Job Summary:
ECLARO is a leading technology solutions provider seeking a Cybersecurity Risk Analyst for their client in Manassas, VA. The role involves managing Third-Party Risk Management (TPRM) operations and supporting the broader Cyber Governance & Risk initiatives, requiring strong analytical skills and the ability to translate technical risk data into business intelligence.
Responsibilities:
• Other related duties may be assigned.
• Third-Party Risk Management (TPRM) Operations:
• Evaluate new and prospective vendors through structured cybersecurity risk assessments to determine cyber clearance eligibility before contract execution or system access.
• Serve as the primary SME and platform administrator for TPRM solution (SAFe), maintaining data integrity, configuring risk workflows, and driving continuous platform optimization.
• Maintain and continuously update the enterprise vendor inventory, tracking risk tier classification, assessment status, contract dates, and lifecycle position for all third parties.
• Execute structured vendor onboarding workflows, including security due diligence, contractual security requirements review, and formal risk acceptance documentation.
• Monitor and triage automated vendor security alerts generated through SAFe; analyze alert severity and communicate actionable risk intelligence to appropriate business and security stakeholders on time.
• Manage vendor offboarding procedures, ensuring complete termination of data and system access, contractual closure, and record retention compliance.
• Conduct periodic reassessments and ongoing monitoring of in-scope vendors according to risk tiering methodology and assessment calendar.
• Develop and maintain Power BI dashboards and reports presenting vendor risk metrics, assessment completion rates, open risks, and trend analysis for leadership and risk committees.
• Cyber Governance, Risk & Insider Threat:
• Support Insider Threat program by monitoring behavioral risk indicators, documenting escalation procedures, and maintaining governance records.
• Assist in the preparation of cybersecurity governance artifacts, including risk registers, policy documents, control metrics, and compliance reports aligned to NIST CSF and applicable regulatory frameworks.
• Generate periodic cyber risk reports for IT leadership, audit, and regulatory audiences, summarizing risk posture, open findings, control gaps, and remediation status.
• Build and maintain Power BI dashboards to visualize governance and risk metrics, control effectiveness trends, and risk KPIs across the organization.
• Participate in risk assessment activities and support internal control evaluations relevant to IT environments.
• Cybersecurity Awareness Training & Metrics Reporting:
• Design and develop custom cybersecurity awareness training content tailored to the specific business operations and risk profiles of individual departments (e.g., Operations, Finance, Customer Engagement, Engineering).
• Assisting in collaborating with department leads to schedule, deploy, and track training completion across the organization.
• Assist in administering phishing simulation campaigns; analyze results and produce actionable reports identifying at-risk user populations and trending behaviors.
• Build and maintain Power BI dashboards tracking cybersecurity awareness KPIs, including training completion rates, phishing click-through rates, repeat offender trends, and department-level performance over time.
• Assist in preparing and presenting monthly and quarterly Cyber Awareness Reports for leadership, translating program metrics into clear risk narratives and recommended actions.
• Stay current with evolving social engineering tactics, threat actor techniques, and regulatory guidance (e.g., CISA advisories) to keep training content timely and impactful.
• Evaluate training platform effectiveness and recommend enhancements or alternative tools to improve learner engagement and retention.
• Disaster Recovery (DR) Coordination & Reporting:
• Coordinate and facilitate Disaster Recovery testing exercises for core business applications in collaboration with technical SMEs across IT Operations.
• Develop DR test plans, scoping documents, timelines, and stakeholder communication plans in coordination with system owners and application custodians.
• Document test execution results, capture gaps or failures, and produce comprehensive post-exercise reports for IT leadership and executive stakeholders.
• Track remediation of identified DR gaps to closure; maintain updated DR runbooks, test records, and lessons-learned logs.
• Assist in the broader Business Continuity Planning (BCP) process as it pertains to cybersecurity resilience and recovery readiness.
• SharePoint Intranet & Stakeholder Dashboard Publishing:
• Design, build, and maintain dedicated SharePoint sites and pages serving as the centralized hub for cybersecurity communications, dashboards, and reporting artifacts.
• Embed and publish Power BI reports directly into SharePoint pages, ensuring stakeholders can access live, role-appropriate dashboards without requiring Power BI licensing or direct platform access.
• Develop audience-specific SharePoint pages tailored to the information needs of distinct stakeholder groups, including IT leadership, department managers, executive sponsors, audit / compliance teams, and general staff, applying role-based access controls and page permissions accordingly.
• Maintain separate SharePoint views for TPRM metrics, cyber awareness training completion and phishing stats, governance and risk posture indicators, and DR testing results, ensuring content remains current and accurate.
• Collaborating with department heads and business units leads to understanding their reporting consumption preferences and translating those needs into intuitive, self-service SharePoint dashboard pages.
• Establish and enforce a publishing cadence (monthly, quarterly) for dashboard refreshes and narrative updates aligned to governance reporting calendar.
• Apply SharePoint governance best practices, including naming conventions, version control, content lifecycle management, and access review procedures.
• Coordinate with IT infrastructure and Microsoft 365 administrators as needed for site provisioning, permissions architecture, and integration with Power BI Service workspaces.
• Internal:
• Communicate within the assigned department and with other departments to ensure understanding and achievement of department and organization goals and standards; provide the highest level of service to internal customers; exchange information and ideas for improvements in the department and organization; coordinate customer service activities, plans, and requirements; and improve the knowledge base of company policies, procedures, and programs.
• Participate in staff meetings to develop and implement present and plans; monitor and revise strategies and programs; confer on mutual issues; exchange information; and share in the determination and formulation of policies and procedures.
• External:
• Provide the highest level of quality customer service to external customers through various forms of communication as well as proactive and professional relationships with customers, the business community, and the general public.
Qualifications:
Required:
• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, Risk Management, or a closely related field.
• Equivalent combination of education and demonstrated professional experience will be considered.
• Minimum 3-5 years of progressive experience in cybersecurity, IT risk management, or a related GRC discipline.
• Demonstrated experience operating or administering a formal TPRM program or third-party risk platform.
• Proven ability to build Power BI reports and dashboards that translate security data into executive-ready metrics.
• Experience developing and delivering cybersecurity awareness training and reporting program metrics.
• Familiarity with Disaster Recovery planning, tabletop exercises, or DR test coordination.
• Power BI Report & Dashboard Development
• Vendor Risk Assessment & Lifecycle Management
• TPRM Platform Administration (SAFe or Equivalent)
• GRC Documentation & Control Mapping
• Security Questionnaire Evaluation (SIG, Custom)
• Phishing Simulation Analysis & Reporting
• Cyber Awareness Metrics Tracking & Presentation
• DR Test Planning, Facilitation & Post-Exercise Reporting
• Insider Threat Monitoring Support
• Advanced Microsoft Excel (Pivot Tables, Data Models)
• Executive-Ready PowerPoint Presentations
• SharePoint Site Management
• Clear written & verbal communication at all org levels.
• Executive-Level Risk Storytelling & Data Narration
• Cross-Functional Stakeholder Engagement
• Analytical Thinking & Risk Prioritization
• Project Coordination & Deadline Management
• Detail Orientation & Documentation Discipline
• Ability to manage multiple concurrent workstreams.
• Vendor Relationship Professionalism
• Collaborative team player with independent initiative.
• Adaptability in a fast-paced utility environment.
• Continuous learning mindset in evolving threat landscape.
• SharePoint site design and intranet page development.
Preferred:
• Experience in a regulated industry (electric utility, energy, financial services, or healthcare).
• Hands-on experience with the SAFe TPRM platform or comparable solutions (One Trust, Process Unity, Prevalent, BitSight, Security Scorecard).
• Working knowledge of NIST CSF (v2.0), NIST SP 800-161 (C-SCRM), or ISO / IEC 27036 supply chain risk standards.
• Familiarity with Insider Threat frameworks and behavioral analytics monitoring.
• Experience with Business Continuity Management frameworks (ISO 22301).
• Background in Learning Management System (LMS) administration and instructional design principles for security awareness content.
• Advanced Power BI skills: DAX measures, row-level security, scheduled refresh, paginated reports.
• One or more of the following certifications: PL-300: Microsoft Power BI Data Analyst, CTPRP: Certified Third Party Risk Professional, Security+: CompTIA Security+
Company:
ECLARO is an award-winning Talent Solutions firm headquartered in New York City and operating in the U.S., Canada and the Philippines. Founded in 1999, the company is headquartered in New York, NY, US, , with a team of 1001-5000 employees. The company is currently Late Stage.