ZipRecruiter

Log In

1

Cybersecurity Risk Analyst Jobs in Massachusetts

STR

Senior Cybersecurity Analyst

Woburn, MA · On-site

$115K - $145K/yr

The cybersecurity analyst will provide day-to-day cybersecurity operations support ... Strong understanding of security frameworks (e.g., NIST, ISO 27001) and risk management ...

IPG Photonics

Senior Cyber Security Analyst

Marlborough, MA

$103K - $133K/yr

As a Cybersecurity Analyst, you will support the growth and operational security of this fast-paced ... Proactively collect, assess, and leverage cyber threat intelligence to reduce IPG's risk exposure ...

Onto

Manager, Information Security

Wilmington, MA · Hybrid

... analytics; and lithography for advanced semiconductor packaging. Our breadth of offerings across ... Lead vendor, partner, and supply-chain IT and cybersecurity risk management programs. * Define ...

IPG Photonics

Senior Cyber Security Analyst

Marlborough, MA · On-site

$103K - $133K/yr

As a Cybersecurity Analyst, you will support the growth and operational security of this fast-paced ... Proactively collect, assess, and leverage cyber threat intelligence to reduce IPG's risk exposure ...

IPG Photonics

Sr. Cyber Security Analyst

Marlborough, MA

$112K - $148K/yr

As a Cybersecurity Analyst, you will support the growth and operational security of this fast-paced ... Proactively collect, assess, and leverage cyber threat intelligence to reduce IPG's risk exposure ...

IPG Photonics

Sr. Cyber Security Analyst

Marlborough, MA · On-site

$112K - $148K/yr

As a Cybersecurity Analyst, you will support the growth and operational security of this fast-paced ... Proactively collect, assess, and leverage cyber threat intelligence to reduce IPG's risk exposure ...

next page

Showing results 1-20

All JobsCybersecurity Risk Analyst JobsCybersecurity Risk Analyst Jobs in Massachusetts

Cybersecurity Risk Analyst information

See Massachusetts salary details

$16

$44

$71

How much do cybersecurity risk analyst jobs pay per hour?

As of Jun 11, 2026, the average hourly pay for cybersecurity risk analyst in Massachusetts is $44.21, according to ZipRecruiter salary data. Most workers in this role earn between $32.55 and $53.80 per hour, depending on experience, location, and employer.

What is the difference between Cybersecurity Risk Analyst vs Cybersecurity Analyst?

AspectCybersecurity Risk AnalystCybersecurity Analyst
CertificationsCompTIA Security+, CISSP, CISACompTIA Security+, CEH, CISSP
Primary FocusAssessing and managing security risksMonitoring, detecting, and responding to security threats
Work EnvironmentRisk management teams, security departmentsSecurity operations centers, IT teams
Industry UsageFinance, healthcare, governmentAll industries with cybersecurity needs

While both roles involve cybersecurity, the Cybersecurity Risk Analyst primarily focuses on identifying and mitigating security risks, whereas the Cybersecurity Analyst concentrates on monitoring and responding to security incidents. Understanding these differences helps organizations assign the right roles for their security needs.

What are the key skills and qualifications needed to thrive as a Cybersecurity Risk Analyst, and why are they important?

To thrive as a Cybersecurity Risk Analyst, you need a deep understanding of information security principles, risk management frameworks, and typically hold a degree in computer science or a related field. Familiarity with tools like vulnerability scanners, SIEM systems, and certifications such as CISSP or CISM is highly valued. Strong analytical thinking, effective communication, and attention to detail help you identify risks and convey complex information to stakeholders. These skills and qualifications are vital to proactively safeguard organizational assets and ensure compliance in an evolving threat landscape.

Can I make $200,000 a year in cyber security?

Cybersecurity Risk Analysts can potentially earn $200,000 or more annually, especially with advanced certifications like CISSP, extensive experience, and specialized skills in areas such as threat management or security architecture. High salaries are often found in senior roles, management positions, or in organizations with complex security needs. Factors like location, industry, and company size also influence earning potential.

What does a cyber risk analyst do?

A cybersecurity risk analyst evaluates an organization’s information systems to identify vulnerabilities and assess potential threats. They analyze security data, develop risk mitigation strategies, and recommend security improvements, often using tools like risk assessment frameworks and security software. The role requires strong analytical skills and knowledge of cybersecurity principles and standards.

What are some common challenges faced by Cybersecurity Risk Analysts when working with cross-functional teams?

Cybersecurity Risk Analysts often collaborate with IT, compliance, and business units to assess and mitigate risks. A common challenge is translating complex technical risks into language that non-technical stakeholders can understand and act upon. Additionally, balancing security requirements with business objectives may require negotiation and creative problem-solving. Effective communication and relationship-building skills are key to ensuring that security recommendations are adopted across the organization.

Is SOC 1 entry level?

SOC 1 (Service Organization Control 1) reports are audit reports used by organizations to demonstrate controls over financial reporting. The term SOC 1 itself does not specify an entry-level position; however, roles involved in preparing or auditing SOC 1 reports, such as cybersecurity risk analysts or auditors, typically require some experience in controls, compliance, or auditing, but entry-level positions may assist with documentation and testing under supervision.

What does a Cybersecurity Risk Analyst do?

A Cybersecurity Risk Analyst is responsible for identifying, assessing, and mitigating risks related to an organization’s information systems and data. They evaluate potential threats and vulnerabilities, develop strategies to minimize risks, and ensure compliance with security policies and regulations. Their work helps protect sensitive data and maintain the integrity and confidentiality of digital assets. Analysts often collaborate with IT and business teams to implement security controls and respond to security incidents.

Can you make $500,000 a year in cyber security?

Cybersecurity Risk Analysts typically earn between $70,000 and $130,000 annually, depending on experience, certifications, and location. Reaching a $500,000 salary usually requires advanced roles such as cybersecurity executives, consultants, or specialists with extensive expertise and leadership responsibilities.
Cybersecurity Risk Analyst jobs near you
Infographic showing various Cybersecurity Risk Analyst job openings in Massachusetts as of June 2026, with employment types broken down into 70% Full Time, 5% Temporary, and 25% Contract. Highlights an 80% In-person, 5% Hybrid, and 15% Remote job distribution, with an average salary of $91,967 per year, or $44.2 per hour.
Technology Risk and Governance

Technology Risk and Governance

Arrowstreet Capital LP

Boston, MA • On-site

$110K - $315K/yr

Full-time

Posted yesterday

Job description

Job Overview
The position reports to the Chief Information Security Officer and leads the enterprise-wide technology risk and governance program. This role establishes the risk framework, policies, and governance needed to identify, assess, and mitigate risk across IT services, platforms, and third parties.
Partnering with senior leadership across Technology, Cyber Security, Compliance, Legal, and business, the role translates complex technical and control issues into clear business risk narratives (operational, regulatory, reputational, and financial) and drives risk-based prioritization of remediation.
The position owns the technology risk policy suite and associated standards and oversees the technological aspects of the third-party risk program, including vendor onboarding due diligence and ongoing monitoring in partnership with Compliance and procurement stakeholders.
This role is a key contributor to enterprise risk management, partnering with the Chief Compliance Officer and risk owners to ensure technology risks are identified, documented, reported, and addressed through effective controls, risk acceptance, and continuous improvement. It also evaluates and implements tools and reporting to increase risk visibility and strengthen governance.
Responsibilities
  • Own the enterprise technology risk framework and governance model, aligned to the organization's enterprise risk framework.
  • Provide advisory support for material technology decisions (new systems, products, vendors, and significant changes), translating technical and control issues into business impact.
  • Establish clear governance and reporting for senior management and committees on material IT, cyber, third-party, and emerging technology risks, including key risk indicators and metrics.
  • Design and continuously improve technology risk assessment and control evaluation processes, including remediation tracking and governance for risk acceptance, waivers, and exceptions.
  • Lead and mature AI risk governance in partnership with IT, Security, Compliance, and the business.
  • Support enterprise data governance initiatives (classification, retention, and handling) in collaboration with Technology and business stakeholders.
  • Own the technology risk policy suite and standards, ensuring they are implemented, reviewed regularly, and supported through training and awareness.
  • Oversee technology aspects of third-party risk, including onboarding due diligence, review of assurance (e.g., SOC reports), remediation tracking, and ongoing monitoring in partnership with Compliance and procurement stakeholders.
  • Partner with Cyber Security to ensure threat, vulnerability, patch, and incident risk governance aligns to the current threat landscape and control expectations.
  • Drive operational resilience for technology services, including business continuity planning, crisis/incident governance, root-cause analysis, and lessons learned.
  • Support client, regulator, and internal audit engagements related to technology risk, including responses to inquiries and evidence of control design and effectiveness.

Qualifications
  • Experience leading technology risk, IT risk, cyber/operational risk, or technology governance in a regulated environment.
  • Demonstrated ability to design and implement risk frameworks and governance processes, including assessment, prioritization, remediation tracking, and risk acceptance.
  • Broad technical knowledge across enterprise IT (infrastructure, applications, identity and access management, cloud/SaaS, and data governance) and how controls mitigate risk.
  • Strong stakeholder management skills with a track record of influencing senior leaders and driving outcomes across Technology, Compliance, Legal, and Internal Audit.
  • Excellent written, verbal, and presentation skills; able to communicate complex technical risk issues clearly to executives and governance committees.
  • Experience in developing and defining enterprise risk level appetite, tolerance thresholds, and escalation criteria.
  • Ability to challenge control owners constructively and drive accountability and remediation.

Preferred
  • Familiarity with industry regulations and standards (SOX, PCI, DORA) and technical frameworks (e.g., NIST, ISO 27001) and attack frameworks (e.g., MITRE ATT&CK or similar).
  • Experience interacting directly with regulators, auditors, and board risk committees.
  • Understanding of secure software development and application security risks

The base salary range for this position is $110,000 - $315,000 per year.
Arrowstreet Capital operates a robust talent acquisition program, and we also seek to compensate and reward our employees competitively within our industry and in line with our merit-based culture. Our approach to total compensation includes base salaries and annual discretionary bonuses, as well as a robust benefits package. The determination of a successful candidate's base salary placement within the listed range will vary based on the candidate's relevant experience and qualifications (which may also include relevant certifications, credentials and other education), the job responsibilities and scope, the commensurate resulting level of the position and other relevant factors. The listed range is also an estimate, and additional information regarding base salary and other elements of total compensation offered by Arrowstreet Capital to successful applicants will be communicated during the recruitment process.
Arrowstreet Capital is a Boston-based systematic investment firm that manages global equity portfolios for institutional investors around the world.
All qualified applicants will receive consideration for employment without regard to sex, race, color, religion, national origin, ancestry, genetic information, age, pregnancy, medical condition, disability, veteran or military status, marital status or any other characteristic protected by federal, state, or local law.
Arrowstreet Capital is committed to working with and providing reasonable accommodations for qualified individuals with disabilities and disabled veterans. If you need a reasonable accommodation for any part of the employment process due to a disability, contact us to discuss the nature of your request and contact information.

Apply