1

Cyber Security Risk Assessment Jobs (NOW HIRING)

The Analyst independently leads risk assessments and partners closely with IT, OT, audit, andsenior leadersto ensure cybersecurity risks are understood, documented, mitigated, and monitored in ...

The Analyst independently leads risk assessments and partners closely with IT, OT, audit, andsenior leadersto ensure cybersecurity risks are understood, documented, mitigated, and monitored in ...

The Cybersecurity Risk Analyst is a member of Draper's Cybersecurity Risk Management team ... Perform risk assessments, vulnerability analysis, and compliance reviews using tools such as ...

Key Responsibilities Governance, Risk Assessment & Management * Lead cybersecurity risk assessments for systems, applications, business processes, and third-party * Drive the identification, analysis ...

Why GMF Cybersecurity? Innovation isn't just a talking point at GM Financial, it's how we operate ... Perform third party risk assessments * Partner with Application Custodians to perform application ...

Cybersecurity Governance, Risk Management, Legal Regulations, IT or Security Audit, IT or Security Compliance preferred * 3+ years of experience performing risk assessments and/or cybersecurity ...

Cybersecurity Risk Analyst

Evansville, IN · On-site

$36.93 - $55.40/hr

Conduct cybersecurity risk assessments for systems, applications, infrastructure, and business processes * Identify, evaluate, and monitor security risks across the organization * Assess third-party ...

Cybersecurity Risk Manager

Houston, TX · On-site +1

$70K - $140K/yr

As a 1LTR - Cybersecurity team member, you will apply your cybersecurity expertise, knowledge of ... Execute risk assessments against defined scopes and planned initiatives in alignment with our ...

Cybersecurity Risk Manager

Atlanta, GA · On-site +1

$70K - $140K/yr

As a 1LTR - Cybersecurity team member, you will apply your cybersecurity expertise, knowledge of ... Execute risk assessments against defined scopes and planned initiatives in alignment with our ...

Cybersecurity Risk Manager

Dallas, TX · On-site +1

$70K - $140K/yr

As a 1LTR - Cybersecurity team member, you will apply your cybersecurity expertise, knowledge of ... Execute risk assessments against defined scopes and planned initiatives in alignment with our ...

next page

Showing results 1-20

Cyber Security Risk Assessment information

See salary details

$57K

$133K

$186K

How much do cyber security risk assessment jobs pay per year?

As of Jul 11, 2026, the average yearly pay for cyber security risk assessment in the United States is $132,962.00, according to ZipRecruiter salary data. Most workers in this role earn between $111,000.00 and $150,000.00 per year, depending on experience, location, and employer.

Can you make $500,000 a year in cyber security?

Cyber security risk assessment professionals can potentially earn $500,000 annually, especially at senior levels or in high-demand industries, often requiring advanced certifications like CISSP or CISA, extensive experience, and specialized skills. Such high salaries are typically associated with leadership roles, consulting positions, or working for large organizations with complex security needs.

What are the key skills and qualifications needed to thrive in Cyber Security Risk Assessment, and why are they important?

To excel in Cyber Security Risk Assessment, you need a solid understanding of information security principles, risk management frameworks, and often a degree in cybersecurity, IT, or related fields. Familiarity with tools like vulnerability scanners, SIEM systems, and certifications such as CISSP or CISM are commonly required. Analytical thinking, attention to detail, and strong communication skills help professionals effectively assess risks and convey findings to stakeholders. These skills are crucial for identifying vulnerabilities, prioritizing threats, and ensuring the organization’s data and systems are adequately protected.

What is the role of risk assessment in cyber security?

In cyber security, risk assessment is a critical process that identifies, evaluates, and prioritizes potential threats and vulnerabilities to an organization's information systems. For a cyber security risk assessor, conducting thorough assessments helps determine where to implement controls, improve security posture, and comply with standards like ISO 27001 or NIST. This process supports informed decision-making and resource allocation to mitigate cyber threats effectively.

What is the difference between Cyber Security Risk Assessment vs Cyber Security Analyst?

AspectCyber Security Risk AssessmentCyber Security Analyst
Primary FocusIdentifying and evaluating security risks and vulnerabilitiesMonitoring, analyzing, and responding to security threats
CertificationsCompTIA Security+, CISSP, CISACompTIA Security+, CISSP, CEH
Work EnvironmentRisk assessment teams, consulting firms, security departmentsSecurity operations centers, IT departments, incident response teams

While both roles require similar certifications and work within cybersecurity, a Cyber Security Risk Assessment focuses on evaluating potential vulnerabilities and risks to an organization’s assets. In contrast, a Cyber Security Analyst actively monitors and responds to security threats, ensuring ongoing protection. Understanding these differences helps organizations assign the right responsibilities to each role.

What are some common challenges faced by professionals conducting cyber security risk assessments?

Professionals in cyber security risk assessment often face challenges such as keeping up with rapidly evolving threats, effectively communicating technical risks to non-technical stakeholders, and ensuring comprehensive coverage across complex IT environments. Balancing thoroughness with tight deadlines can also be demanding, as assessments must be both detailed and timely. Collaborating with various departments to gather accurate information and maintain up-to-date asset inventories is crucial for effective risk analysis and mitigation.

Can I make $200,000 a year in cyber security?

Cyber security professionals, including risk assessors, can earn $200,000 or more annually, especially with advanced skills, certifications like CISSP or CISA, and experience in high-demand areas such as threat management or security architecture. Salaries vary based on location, industry, and level of expertise, with senior roles and specialized skills commanding higher pay.

How much does a cybersecurity risk analyst make?

A cybersecurity risk analyst typically earns between $70,000 and $120,000 annually, depending on experience, certifications, and location. Entry-level positions may start lower, while experienced analysts with certifications like CISSP or CISA can earn higher salaries, especially in larger organizations or high-demand areas.

What is a cyber security risk assessment?

A cyber security risk assessment is a process used to identify, evaluate, and prioritize potential threats and vulnerabilities that could negatively impact an organization's information systems. By analyzing assets, threats, vulnerabilities, and impacts, organizations can determine the likelihood and consequences of cyber incidents. The goal is to implement appropriate measures to reduce risks to acceptable levels, ensuring data protection and regulatory compliance. Regular risk assessments help organizations stay ahead of evolving cyber threats and make informed security decisions.
More about Cyber Security Risk Assessment jobs
What cities are hiring for Cyber Security Risk Assessment jobs? Cities with the most Cyber Security Risk Assessment job openings:
What states have the most Cyber Security Risk Assessment jobs? States with the most job openings for Cyber Security Risk Assessment jobs include:
What job categories do people searching Cyber Security Risk Assessment jobs look for? The top searched job categories for Cyber Security Risk Assessment jobs are:
Infographic showing various Cyber Security Risk Assessment job openings in the United States as of July 2026, with employment types broken down into 3% As Needed, 77% Full Time, 17% Part Time, and 3% Contract. Highlights an 93% Physical, 1% Hybrid, and 6% Remote job distribution, with an average salary of $132,962 per year, or $63.9 per hour.
Cyber Security Risk Analyst

Cyber Security Risk Analyst

Alcoa

New Kensington, PA • On-site

Full-time

Retirement, PTO

Posted 10 days ago


Alcoa rating

7.8

Company rating: 7.8 out of 10

Based on 15 frontline employees who took The Breakroom Quiz


Job description

Shape Your World

At Alcoa, you will become an essential part of our purpose: to turn raw potential into real progress. The way we see it, every Alcoan is a work-shaper, team-shaper, idea-shaper & world-shaper.

Alcoa is seeking a Cyber Security Risk Analyst to serve as a key contributor to the cybersecurity risk management program, providing subject matter expertise in identifying, assessing, and managing risks across both Information Technology (IT) and Operational Technology (OT) environments.This role supports informed business decision-making by translating complex technicalrisksinto business and operational impact.The Analyst independently leads risk assessments and partners closely with IT, OT, audit, andsenior leadersto ensure cybersecurity risks are understood, documented, mitigated, and monitored in accordance with corporate policies and industry standards.

As Alcoa's Cybersecurity Risk Management program continues to mature, the Analyst plays a critical role in shaping and enhancing program capabilities.

About the Role:

  • Contribute to the development, implementation, and continuous improvement of the Cybersecurity Risk Management Program, including frameworks, methodologies, policies, standards, and supporting tools.

  • Perform cybersecurity risk assessments across IT, OT, cloud, and third-party environments, including enterprise systems and manufacturing/process control systems (PCS).

  • Facilitate risk workshops with technical and business stakeholders to evaluate risks associated with new technologies, projects, and operational changes.

  • Serve as a subject matter expert on risk methodology, scoring, and evaluation.

  • Maintain and enhance the cybersecurity risk register, including risk scoring, treatment plans, and residual risk tracking.

  • Support and guide risk treatment strategies (mitigation, acceptance, transfer, avoidance) and partner with compliance teams to design and implement appropriate controls.

  • Translate technical risk findings into clear business and operational impact statements for non-technical audiences and senior leadership.

  • Advise leadership on risk exposure, trends, and residual risks, including impacts to business operations and production.

  • Define, monitor, and report Key Risk Indicators (KRIs) and emerging threat trends.

  • Support audit, regulatory, and compliance activities (e.g., ISO 27001, NIST, SOC) related to cybersecurity risk management.

  • Collaborate with Enterprise Risk Management (ERM) and Operations Risk Management teams to ensure alignment and integration of cybersecurity risks into broader risk reporting.

  • Build and maintain strong relationships with stakeholders across IT, OT, business units, and risk management functions.

  • Continuously monitor evolving cyber threats, emerging technologies, and industry practices to enhance risk management processes and capabilities.

What you can bring to this role:

  • Bachelor's degree in Cybersecurity, Information Technology, Computer Science, Engineering, Risk Management, or a related discipline; equivalent professional experience may be considered in lieu of a degree.

  • 6+ years of experience in cybersecurity, IT risk management, information security, governance, compliance, or IT operations within enterprise environments.

  • Demonstrated experience assessing cybersecurity risk across IT and OT environments; experience in manufacturing or industrial organizations preferred.

  • Strong knowledge of cybersecurity frameworks and standards (e.g., ISO 27001, NIST CSF, NIST 800-53, CIS Controls, SOX).

  • Proven experience executing core GRC activities, including risk assessments, policy and standard development, control validation, audit support, and remediation tracking.

  • Expertise in cybersecurity governance, risk assessment, and compliance program implementation.

  • Experience using Governance, Risk, and Compliance (GRC) tools and risk reporting dashboards.

  • Solid understanding of security principles, including security controls, threat modeling, vulnerability management, and incident risk analysis.

  • Excellent written, verbal, and facilitation skills, with the ability to translate complex technical risks into clear business impacts.

  • Demonstrated ability to collaborate effectively with cross-functional stakeholders, including technical teams, operations, and senior leadership, while managing multiple priorities in fast-paced environments.

PreferredQualifications

  • Relevant industry certifications such as CISSP, CISM, CRISC, CISA, CGRC, Security+, GRCP, or equivalent.

  • Experience withthird-party/vendor risk management, regulatory compliance assessments, and security awareness programs.

  • Experience supporting global environments and contributing to enterprise-wide security or compliance initiatives.

  • Experience supporting audits and assurance activities, including ISO/IEC 27001 certification and SOC report reviews.

  • Familiarity with security operations capabilities, including SIEM, log analysis, and event monitoring for compliance and incident response.

  • Understanding of enterprise security domains, including cloud security, infrastructure security, and identity and access management (IAM).

  • Working knowledge of project management methodologies and practices.

  • Experience in metals, mining, manufacturing, or other heavy industrial environments.

What we offer:

  • Competitive compensation packages, including pay-for performance variable pay, recognition and rewards programs, and stock-based compensation awards (3-year vesting schedule)

  • Flexible spending accounts and generous employer contribution to the HSA

  • 401(k), employer match up to 6%, additional employer retirement income contribution (no vesting period), and a non-qualified deferred compensation plan

  • 12 paid holidays per year.

  • 15 days of paid vacation (pro-rated from hire date).

  • Employee Assistance Program (EAP)

#LI-TL2

Employees must be legally authorized to work in the United States. Verification of employment eligibility will be required at the time of hire. Visa sponsorship is not available for this position.

About the Location

Alcoa is an international company with multiple locations and joint ventures across six continents. Wherever you choose to join us, you'll be joining a global team committed to advancing sustainability and delivering excellence and innovation. As industry pioneers, we are redefining what it means to be a sustainable aluminum company, bridging the journey from mines to metal.

We are values led, vision driven and united by our purpose of transforming raw potential into real progress. Our commitments to Inclusion, Diversity & Equity include providing trusting workplaces that are safe, respectful and inclusive of all individuals, free from discrimination, bullying and harassment and that our workplaces reflect the diversity of the communities in which we operate.

As a proud equal opportunity workplace and affirmative action employer, Alcoa is dedicated to providing equal opportunities and equal access to all individuals regardless of a person's gender, age, race, ethnicity, sexual orientation, gender identity, religion, nation of origin, disability, veteran status, language spoken or any other characteristic or status protected by the laws or regulations in the places where we operate.

If you have visited our website in search of information on U.S. employment opportunities or to apply for a position, and you require an accommodation, please contact Alcoa Recruiting via email at gssrecruiting@alcoa.com.

This is a place where you are empowered to do your best work, be your authentic self, and feel a true sense of belonging. Come join us and shape your career!

Your work. Your world. Shape them for the better.


What Alcoa employees say

Pay

Benefits

Hours and flexibility

Workplace

Get the full story on Breakroom


Alcoa logo

About Alcoa

Sourced by ZipRecruiter

Alcoa is a global industry leader in the production of bauxite, alumina and aluminum, a position enhanced by a portfolio of value-added cast products and select energy assets. Since developing the aluminum industry more than 135 years ago, Alcoa has built a legacy of breakthrough innovations and best practices that have led to efficiency, safety, sustainability and stronger communities wherever we operate.

Industry

Manufacturing

Company size

10,000+ Employees

Headquarters location

Pittsburgh, PA, US

Year founded

1888

Social media