1

Cyber Security Risk Analyst Jobs in Baltimore, MD

... Risk Analyst, Cyber Defense Analyst, Network Security Analyst, IT Security Specialist, Security Consultant, Cybersecurity Specialist, Malware Analyst, Security Architect, ect. DEGREE (Level Desired ...

Supports security audits, compliance assessments, and risk management activities. * Performs threat analysis and evaluates emerging cybersecurity risks and trends that may impact the organization.

Supports security audits, compliance assessments, and risk management activities. * Performs threat analysis and evaluates emerging cybersecurity risks and trends that may impact the organization.

... analysis and remediation across infrastructure components. • Support integration of security ... Support cybersecurity risk reduction in rapid prototyping and iterative OTA environments.

next page

Showing results 1-20

Cyber Security Risk Analyst information

See Baltimore, MD salary details

$42.7K

$98.8K

$149K

How much do cyber security risk analyst jobs pay per year?

As of Jul 13, 2026, the average yearly pay for cyber security risk analyst in Baltimore, MD is $98,768.00, according to ZipRecruiter salary data. Most workers in this role earn between $79,000.00 and $114,800.00 per year, depending on experience, location, and employer.

What are the key skills and qualifications needed to thrive in the Cyber Security Risk Analyst position, and why are they important?

A Cyber Security Risk Analyst requires a solid understanding of information security principles, risk assessment methodologies, and a relevant degree such as computer science or cybersecurity. Familiarity with tools like risk management frameworks (NIST, ISO 27001), vulnerability scanners, and certifications such as CISSP, CISM, or CRISC is common in this role. Strong analytical thinking, attention to detail, effective communication, and problem-solving skills are vital soft skills. These competencies enable analysts to accurately identify, assess, and communicate cyber risks, protecting organizations from evolving threats.

Can you make $200,000 in cyber security?

Cyber Security Risk Analysts with extensive experience, advanced certifications, and specialized skills can potentially earn $200,000 or more annually, especially in high-demand industries or senior roles. Achieving this salary often requires a combination of technical expertise, certifications like CISSP or CISA, and a strong understanding of risk management and security frameworks.

What does a cyber security risk analyst do?

A cyber security risk analyst evaluates an organization’s security posture by identifying vulnerabilities, assessing potential threats, and recommending measures to mitigate risks. They analyze security data, develop risk management strategies, and often use tools like vulnerability scanners and risk assessment frameworks to protect information systems.

What is a Cyber Security Risk Analyst job?

A Cyber Security Risk Analyst is responsible for identifying, assessing, and mitigating cybersecurity risks within an organization. They analyze potential threats, evaluate security controls, and recommend improvements to protect sensitive data and systems. Their role often involves conducting risk assessments, ensuring compliance with industry regulations, and collaborating with IT and security teams to enhance defenses. They also monitor emerging threats and provide strategic insights to minimize vulnerabilities. Ultimately, they help organizations maintain a strong security posture against cyber threats.

What are some typical challenges faced by Cyber Security Risk Analysts on the job?

Cyber Security Risk Analysts commonly face the challenge of keeping up with constantly evolving threats and technology landscapes. They must balance the need for robust security with business objectives, often requiring nuanced decision-making and collaboration across departments. Analysts may also encounter difficulties in communicating complex technical risks to non-technical stakeholders. Successfully navigating these challenges is key to maintaining organizational security and fostering a culture of risk awareness.

How much does a cybersecurity risk analyst make?

A cybersecurity risk analyst's average salary in the United States ranges from $70,000 to $120,000 annually, depending on experience, certifications, and location. Entry-level positions typically start around $60,000, while experienced analysts with certifications like CISSP or CISA can earn over $130,000. The role often requires knowledge of risk assessment tools and security frameworks.

Can you make $500,000 a year in cyber security?

Cyber Security Risk Analysts typically earn between $70,000 and $130,000 annually, depending on experience, certifications, and location. Reaching a $500,000 salary usually requires senior roles such as Chief Information Security Officer (CISO) or executive positions, which involve strategic leadership and extensive industry experience. High salaries in cybersecurity are often associated with leadership, specialized skills, and working in high-demand sectors or organizations.
What are the most commonly searched types of Cyber Security Risk Analyst jobs in Baltimore, MD? The most popular types of Cyber Security Risk Analyst jobs in Baltimore, MD are:
What are popular job titles related to Cyber Security Risk Analyst jobs in Baltimore, MD? For Cyber Security Risk Analyst jobs in Baltimore, MD, the most frequently searched job titles are:
What job categories do people searching Cyber Security Risk Analyst jobs in Baltimore, MD look for? The top searched job categories for Cyber Security Risk Analyst jobs in Baltimore, MD are:
What cities near Baltimore, MD are hiring for Cyber Security Risk Analyst jobs? Cities near Baltimore, MD with the most Cyber Security Risk Analyst job openings:
Infographic showing various Cyber Security Risk Analyst job openings in Baltimore, MD as of July 2026, with employment types broken down into 1% Locum Tenens, 1% Internship, 86% Full Time, 6% Part Time, 1% Temporary, and 5% Contract. Highlights an 82% Physical, 5% Hybrid, and 13% Remote job distribution, with an average salary of $98,768 per year, or $47.5 per hour.

Cybersecurity Risk Assessment Consultant

GDR Defense

Annapolis, MD • On-site

Contractor

Re-posted 21 days ago


Job description

“Join GD Resources for dynamic opportunities in business management and IT, where innovation meets excellence.”

 About the Company:

GD Resources is a Veteran Women-Owned Business Management and Information Technology company committed to excellence. GD Resources provides dynamic opportunities for veterans and professionals alike to contribute to innovative projects and drive success in a collaborative and supportive environment. Join us to make a difference, advance your career, and grow with a company that values integrity, diversity, and continuous improvement.

Job Title: Cybersecurity Risk Assessment Consultant
Location: Hybrid (onsite work possibly at various locations throughout Maryland)
Rate: Competitive, DOE (W2 or 1099)

Position Overview

We are seeking a Cybersecurity GRC Data & Dashboard Consultant to support follow-on work from approximately 90 completed cybersecurity assessments for a client. The consultant will transform assessment results into structured data, dashboards, and reports that align with NIST CSF, CMMI maturity scoring, and the client’s Governance, Risk, and Compliance (GRC) platform (e.g., ServiceNow GRC). This role is ideal for someone with strong cybersecurity domain knowledge, GRC platform experience, and hands-on skills in data analytics and dashboard development. The consultant will help build real-time, interactive views of client-wide and agency-level cybersecurity maturity, risks, issues, and remediation progress to support executive decision-making and continuous improvement.

Responsibilities

  • Convert all assessment results into a format compatible with the client’s GRC platform import requirements.
  • Prepare and manage key data outputs, including assessment scope, maturity scores (CMMI 0–5 by NIST CSF function/category/control), findings, risks, issues, and recommended remediation actions.
  • Provide data files and reports in Client-specified formats and offer reasonable technical assistance to support successful import into the Client’s GRC platform.
  • Incorporate agency issue response status data from the Client’s GRC platform into reporting and analysis, as needed.
  • Design, develop, and maintain real-time reporting dashboards using cybersecurity assessment data at both client-wide (aggregated) and agency (disaggregated) levels.
  • Build dashboards that show:
    • Top control categories by maturity
    • Most common constraints
    • Top recommended areas of improvement
    • CMMI-based maturity levels (0–5) across Identify, Protect, Detect, Respond, and Recover
    • Top findings, risks, issues, and issue response by agency
  • Ensure all dashboards are interactive, allowing users to drill down into underlying assessment data behind summary metrics.
  • Implement robust filters in dashboards to support targeted analysis, including filters for: Executive Branch designation, enterprise agency, agency size tier, IT complexity tier, and overall Maturity Group.
  • Build agency-level dashboards that:
    • Display average maturity scores by NIST CSF area compared against client-wide averages using side-by-side bar charts
    • Show maturity averages by CSF categories (e.g., Communications, Maintenance, Access Control) compared to client-wide averages
    • Highlight recommended areas of improvement, top 10 findings, and percent completion of identified issues
  • Create comparison dashboards that allow users to select one or more agencies and compare ratings and metrics across NIST CSF areas and categories.
  • Integrate historical NIST CSF assessment data from prior years into dashboards to show year-over-year trends at both agency and client-wide levels.
  • Ensure all required data entry is completed before final project close-out unless an exception is approved by the client.
  • Provide reasonable technical assistance to support ongoing imports and integration into the Client’s GRC platform.
  • Participate in weekly status meetings with client stakeholders.
  • Prepare concise written status updates on a bi-weekly basis and join additional meetings/discussions as needed.
  • Maintain and follow quality procedures, methodologies, and standards relevant to this contract, including those associated with Client platforms such as ServiceNow GRC.

Qualifications

  • Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, Data Analytics, or related field (or equivalent experience).
  • 5+ years of experience in cybersecurity, GRC, or risk management roles supporting government or large enterprise environments.
  • Hands-on experience working with NIST Cybersecurity Framework (NIST CSF) and familiarity with NIST 800-53 and/or NIST 800-171 controls.
  • Experience with CMMI-style maturity scoring (0–5) and translating assessment results into structured data and reports.
  • Practical experience with Governance, Risk, and Compliance (GRC) platforms, preferably ServiceNow GRC or similar Client/enterprise platforms.
  • Strong skills in data analysis and dashboard/report development using tools such as Power BI, Tableau, or similar visualization platforms.
  • Proven ability to design interactive dashboards with drill-down and filter capabilities for different organizational tiers (e.g., client-wide vs. agency-level).
  • Experience integrating and analyzing historical assessment data to present trends and performance changes over time.
  • Strong attention to detail and ability to ensure data quality, consistency, and completeness prior to project close-out.
  • Excellent written and verbal communication skills, including experience preparing status reports and presenting findings to technical and non-technical stakeholders.
  • Demonstrated commitment to ongoing training and staying current with cybersecurity standards, tools, and assessment methodologies.
  • Ability to participate in weekly calls and other meetings during standard business hours and collaborate effectively with a remote, multi-organization team.

GDR is an Equal Opportunity Employer. We consider all qualified applicants without regard to race, color, religion, sex, gender identity, national origin, age, disability, veteran status, or any other protected status under applicable law. We are committed to equal opportunity in all aspects of employment, including hiring, promotion, compensation, and benefits.