1

Cybersecurity Risk Analyst Jobs in Massachusetts

Cybersecurity Risk Analyst

Cambridge, MA · On-site

$82K - $220K/yr

The Cybersecurity Risk Analyst is a member of Draper's Cybersecurity Risk Management team, responsible primarily for unclassified information system risk and compliance efforts. This role contributes ...

The Cybersecurity Risk Analyst is a member of Draper's Cybersecurity Risk Management team, responsible primarily for unclassified information system risk and compliance efforts. This role contributes ...

Partner with Cybersecurity leaders, risk stakeholders, and non‑Cyber teams to define and deliver data‑driven Cyber use cases, aligned to enterprise risk priorities and frameworks (e.g., NIST CSF)

The IT Risk Analyst's primary responsibility will be to conduct various risk assessments, including ... Bachelor's degree, preferably in Accounting, Cybersecurity (Information Assurance), Computer ...

The IT Risk Analyst's primary responsibility will be to conduct various risk assessments, including ... Bachelor's degree, preferably in Accounting, Cybersecurity (Information Assurance), Computer ...

The IT Risk Analyst's primary responsibility will be to conduct various risk assessments, including ... Bachelor's degree, preferably in Accounting, Cybersecurity (Information Assurance), Computer ...

Senior IT Risk Analyst (First Line of Defense) Rockland Trust is seeking a Senior IT Risk Analyst ... Bachelor's degree in Information Technology, Computer Science, Cybersecurity, Accounting, Finance ...

Senior IT Risk Analyst (First Line of Defense) Rockland Trust is seeking a Senior IT Risk Analyst ... Bachelor's degree in Information Technology, Computer Science, Cybersecurity, Accounting, Finance ...

next page

Showing results 1-20

Cybersecurity Risk Analyst information

See Massachusetts salary details

$16

$44

$71

How much do cybersecurity risk analyst jobs pay per hour?

As of Jul 3, 2026, the average hourly pay for cybersecurity risk analyst in Massachusetts is $44.21, according to ZipRecruiter salary data. Most workers in this role earn between $32.55 and $53.80 per hour, depending on experience, location, and employer.

What is the difference between Cybersecurity Risk Analyst vs Cybersecurity Analyst?

AspectCybersecurity Risk AnalystCybersecurity Analyst
CertificationsCompTIA Security+, CISSP, CISACompTIA Security+, CEH, CISSP
Primary FocusAssessing and managing security risksMonitoring, detecting, and responding to security threats
Work EnvironmentRisk management teams, security departmentsSecurity operations centers, IT teams
Industry UsageFinance, healthcare, governmentAll industries with cybersecurity needs

While both roles involve cybersecurity, the Cybersecurity Risk Analyst primarily focuses on identifying and mitigating security risks, whereas the Cybersecurity Analyst concentrates on monitoring and responding to security incidents. Understanding these differences helps organizations assign the right roles for their security needs.

What are the key skills and qualifications needed to thrive as a Cybersecurity Risk Analyst, and why are they important?

To thrive as a Cybersecurity Risk Analyst, you need a deep understanding of information security principles, risk management frameworks, and typically hold a degree in computer science or a related field. Familiarity with tools like vulnerability scanners, SIEM systems, and certifications such as CISSP or CISM is highly valued. Strong analytical thinking, effective communication, and attention to detail help you identify risks and convey complex information to stakeholders. These skills and qualifications are vital to proactively safeguard organizational assets and ensure compliance in an evolving threat landscape.

Is 30 too old for cyber security?

Cybersecurity Risk Analysts can enter the field at any age, as experience, skills, and certifications like CompTIA Security+ or CISSP are often more important than age. Many professionals transition into cybersecurity later in their careers, bringing valuable perspectives and expertise. Age is generally not a barrier to starting or advancing in cybersecurity roles.

How much does a cybersecurity risk analyst make?

A cybersecurity risk analyst's average salary in the United States ranges from $70,000 to $120,000 annually, depending on experience, certifications, and location. Entry-level positions typically start around $60,000, while experienced analysts with certifications like CISSP or CISA can earn over $130,000. The role often requires knowledge of risk assessment tools and security frameworks.

What are some common challenges faced by Cybersecurity Risk Analysts when working with cross-functional teams?

Cybersecurity Risk Analysts often collaborate with IT, compliance, and business units to assess and mitigate risks. A common challenge is translating complex technical risks into language that non-technical stakeholders can understand and act upon. Additionally, balancing security requirements with business objectives may require negotiation and creative problem-solving. Effective communication and relationship-building skills are key to ensuring that security recommendations are adopted across the organization.

What does a Cybersecurity Risk Analyst do?

A Cybersecurity Risk Analyst is responsible for identifying, assessing, and mitigating risks related to an organization’s information systems and data. They evaluate potential threats and vulnerabilities, develop strategies to minimize risks, and ensure compliance with security policies and regulations. Their work helps protect sensitive data and maintain the integrity and confidentiality of digital assets. Analysts often collaborate with IT and business teams to implement security controls and respond to security incidents.

What does a cyber security risk analyst do?

A cybersecurity risk analyst evaluates an organization’s security posture by identifying vulnerabilities, assessing potential threats, and recommending measures to mitigate risks. They often use tools like risk assessment frameworks and require knowledge of security protocols, compliance standards, and threat intelligence. Their work helps organizations protect sensitive data and maintain secure systems.

Can you make $500,000 a year in cyber security?

Cybersecurity Risk Analysts typically earn between $70,000 and $130,000 annually, with top-tier professionals in senior or specialized roles potentially earning over $200,000. Achieving a salary of $500,000 usually requires advanced certifications, extensive experience, leadership positions, or working in high-paying industries or consulting roles.
Infographic showing various Cybersecurity Risk Analyst job openings in Massachusetts as of June 2026, with employment types broken down into 98% Full Time, and 2% Part Time. Highlights an 85% Physical, 5% Hybrid, and 10% Remote job distribution, with an average salary of $91,967 per year, or $44.2 per hour.
Cybersecurity Risk Analyst

Cybersecurity Risk Analyst

Draper

Cambridge, MA • On-site

$82K - $220K/yr

Full-time

Posted 12 days ago


Job description

Overview:
Draper is an independent, nonprofit research and development company headquartered in Cambridge, MA. The 2,000+ employees of Draper tackle important national challenges with a promise of delivering successful and usable solutions. From military defense and space exploration to biomedical engineering, lives often depend on the solutions we provide. Our multidisciplinary teams of engineers and scientists work in a collaborative environment that inspires the cross-fertilization of ideas necessary for true innovation. For more information about Draper, visit www.draper.com.
Job Description Summary:
The Cybersecurity Risk Analyst is a member of Draper's Cybersecurity Risk Management team, responsible primarily for unclassified information system risk and compliance efforts. This role contributes to the Cybersecurity Risk Management team in applying contractual and regulatory requirements to include DFARS and CMMC to Draper's unclassified computing environments. This team serves as the Governance Risk and Compliance (GRC) tool product owner, performs compliance and risk analyses, develops policy, procedures, and standards, and partners closely with peer IT, security, and engineering teams to ensure compliance and risks are appropriately managed thorough the organization.
Job Description:
Duties/Responsibilities
  • Serve as a subject matter expert for cybersecurity risk management and compliance frameworks including NIST SP 800-171/53, DAAPM, CMMC, RMF
  • Lead CMMC compliance and certification efforts to conduct gap assessments against CMMC requirements, develop and manage remediation plans, support audit readiness and interface with assessors, and ensure ongoing compliance with DFARS and CUI protection requirements
  • Provide technical risk guidance on cloud security (Azure, AWS), hybrid infrastructures, and Zero Trust initiatives
  • Perform risk assessments, vulnerability analysis, and compliance reviews using tools such as ServiceNow IRM, Nessus, Splunk
  • Conduct continuous monitoring of security controls
  • Deliver reports and recommendations to executive leadership on risk posture, compliance status, and emerging threats
  • Serve as a trusted cybersecurity advisor across the organization
  • Develop and promote processes and procedures to analyze and assess cybersecurity risks across an enterprise environment

Skills/Abilities
  • Technical and functional experience in domain of Governance, Audit, Risk Management and Regulatory Compliance.
  • Understand risk assessment methodologies, frameworks, and procedures and the ability to work flexibly with them to meet organizational size, maturity, and culture consideration.
  • Ability to read, understand, and apply government regulation (FAR, DFARS).
  • Strong working knowledge of NIST SP 800-171, NIST SP 800-53, CMMC, NIST Risk Management Framework (RMF), FedRAMP
  • Knowledge of CUI and the control sets and documentation necessary for adherence to CUI management and safe keeping.
  • Ability to develop organizational cybersecurity policy, procedures, standards, and guidelines
  • Ability to think strategically about security risks and tie those to tactical organizational activities and goals.
  • Ability and experience developing and maintaining System Security Plans and associated artifacts, such as a Plans of Action & Milestones, Risk Assessment Report, and Continuous Monitoring Strategy
  • A thorough knowledge of risk assessment methodologies, such as NIST SP 800-30, Factor Analysis of Information Risk (FAIR), Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE), or other risk assessment practices

Education
  • Bachelor's degree in Information Systems, Cybersecurity, or related field (or equivalent experience)

Experience
  • 4 years of cybersecurity and IT experience, including compliance, risk management, and assessment roles.
  • Experience supporting the Defense Industrial Base (DIB) and cleared contractor facilities preferred.
  • Ability to obtain a Secret clearance is required.

Additional Job Description:
Applicants selected for this position will be required to obtain and maintain a government security clearance.
Connect With Draper for Future Opportunities! If you don't find the right posting in our Career Opportunities, you may submit your resume for future consideration.
Job Location - City:
Cambridge
Job Location - State:
Massachusetts
Job Location - Postal Code:
02139-3563
The US base salary range for this full-time position is
$82,300.00 - $220,000.00
Our salary ranges are determined by role, level, and location. The range displayed on each job posting reflects the minimum and maximum target salaries for the position across all US locations. Within the range, individual pay is determined by work location and additional factors, including job-related skills, experience, and relevant education or training. Union ranges will be in compliance with the collective bargaining agreement's approved rates by location and role. Your recruiter can share more about the specific salary range for your preferred location during the hiring process. Please note that the compensation details listed in US role postings reflect the base salary only, and does not include bonuses or benefits.
Our work is very important to us, but so is our life outside of work. Draper supports many programs to improve work-life balance including workplace flexibility, employee clubs ranging from photography to yoga, health and finance workshops, off site social events and discounts to local museums and cultural activities. If this specific job opportunity and the chance to work at a nationally renowned R&D innovation company appeals to you, apply now www.draper.com/careers.
Draper is committed to creating an inclusive environment. We understand the value of inclusivity and its impact on a high-performance culture. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, disability, age, sexual orientation, national origin, veteran status, or genetic information. Draper is committed to providing access, equal opportunity, and reasonable accommodation for individuals with disabilities in employment, its services, programs, and activities. To request reasonable accommodation, please contact hr@draper.com.