1

Cybersecurity Risk Management Analyst Jobs in California

Cybersecurity Consultant

Roseville, CA · On-site

$118K - $133K/yr

This role brings cybersecurity, risk management, and regulatory expertise to consulting engagements ... Strong analytical, problem-solving, prioritization, and professional judgment skills. * Strong ...

... cybersecurity risk management, IT audit, compliance, or related areas Experience leading or ... security Strong analytical, organizational, documentation, communication, and stakeholder ...

... cybersecurity risk management, IT audit, compliance, or related areas • Experience leading or ... analytical, organizational, documentation, communication, and stakeholder management skills • ...

Cybersecurity Consultant

Roseville, CA · On-site

$118K - $133K/yr

This role brings cybersecurity, risk management, and regulatory expertise to consulting engagements ... Strong analytical, problem-solving, prioritization, and professional judgment skills. * Strong ...

This role brings cybersecurity, risk management, and regulatory expertise to consulting engagements ... Strong analytical, problem-solving, prioritization, and professional judgment skills. * Strong ...

Conduct cybersecurity risk assessments, vulnerability analyses, security control evaluations, and remediation planning; manage vulnerability tracking and compliance activities using tools and ...

next page

Showing results 1-20

Cybersecurity Risk Management Analyst information

What are the key skills and qualifications needed to thrive as a Cybersecurity Risk Management Analyst, and why are they important?

To thrive as a Cybersecurity Risk Management Analyst, you need a solid understanding of information security principles, risk assessment methodologies, and regulatory frameworks, typically backed by a degree in cybersecurity or a related field. Familiarity with tools such as risk management software, vulnerability scanners, and certifications like CISSP, CISM, or CRISC is highly valued. Strong analytical thinking, attention to detail, and effective communication skills help in translating technical risks into actionable insights for stakeholders. These skills ensure organizations can proactively identify, assess, and mitigate cyber risks to protect sensitive information and maintain regulatory compliance.

What does a Cybersecurity Risk Management Analyst do?

A Cybersecurity Risk Management Analyst is responsible for identifying, assessing, and mitigating risks to an organization's information systems and data. They analyze security policies, conduct risk assessments, and recommend controls to minimize potential threats. Their work involves monitoring security measures, ensuring compliance with regulations, and helping develop strategies to protect the organization from cyberattacks. Ultimately, they play a crucial role in safeguarding sensitive information and supporting overall cybersecurity posture.

What are some typical challenges a Cybersecurity Risk Management Analyst faces when working with cross-functional teams?

Cybersecurity Risk Management Analysts often collaborate with IT, legal, compliance, and business units to identify and mitigate risks. A common challenge is bridging the communication gap between technical and non-technical stakeholders, ensuring that risk recommendations are understood and actionable. Additionally, balancing business objectives with security requirements can be complex, requiring strong negotiation and diplomacy skills. Analysts must also stay updated on evolving threats while tailoring solutions to each department’s unique needs.

What is the difference between Cybersecurity Risk Management Analyst vs Cybersecurity Analyst?

AspectCybersecurity Risk Management AnalystCybersecurity Analyst
CertificationsCompTIA Security+, CISSP, CISMCompTIA Security+, CEH, CISSP
Work EnvironmentFocus on risk assessment, policy development, and complianceFocus on threat detection, incident response, and system monitoring
Employer & Industry UsageUsed in organizations prioritizing risk mitigation and complianceUsed across various sectors for security operations and monitoring

While both roles involve cybersecurity, the Cybersecurity Risk Management Analyst primarily assesses and manages risks, ensuring compliance and policy adherence. In contrast, the Cybersecurity Analyst concentrates on identifying threats, monitoring security systems, and responding to incidents. Both roles are essential but focus on different aspects of cybersecurity defense.

What are popular job titles related to Cybersecurity Risk Management Analyst jobs in California? For Cybersecurity Risk Management Analyst jobs in California, the most frequently searched job titles are:
What job categories do people searching Cybersecurity Risk Management Analyst jobs in California look for? The top searched job categories for Cybersecurity Risk Management Analyst jobs in California are:
Infographic showing various Cybersecurity Risk Management Analyst job openings in California as of July 2026, with employment types broken down into 1% Locum Tenens, 1% Internship, 83% Full Time, 8% Part Time, 2% Temporary, and 5% Contract. Highlights an 82% Physical, 5% Hybrid, and 13% Remote job distribution.
VP, Lead Security Risk Analyst

VP, Lead Security Risk Analyst

Banc of California

Los Angeles, CA • On-site

Full-time

Re-posted 8 days ago


Banc Of California rating

7.9

Company rating: 7.9 out of 10

Based on 5 frontline employees who took The Breakroom Quiz

67th of 149 rated banks


Job description

Job Summary:
Banc of California is a premier relationship-based business bank committed to delivering meaningful results and supporting local communities. They are seeking a VP, Lead Security Risk Analyst to lead enterprise-wide Information Security risk engagement and drive the development and execution of the Information Security risk and GRC programs, ensuring effective risk management aligned with the organization’s risk appetite.
Responsibilities:
• Lead enterprise Information Security engagement across all enterprise-wide corporate projects, championing security by design principles, influencing security decisions without direct authority and driving alignment across multiple business and technology domains.
• Contribute to the development, management, and ongoing improvement of the Information Security risk program, compliance initiatives, and overall security risk posture.
• Partner with senior management to design and implement maturity strategies and operations into the Information Security GRC team.
• Maintain Information Security risk register, report monthly to appropriately address key risk areas.
• Support policies and procedures maintenance aligned with in-scope security frameworks, regulations, and internal standards to manage identified risk effectively.
• Conduct regular risk assessments to identify potential threats and vulnerabilities across the organization analyzing their impact and likelihood of occurrence.
• Generate reports on risk assessments, compliance status, and control effectiveness to communicate findings to stakeholders at various levels within the organization.
• Lead and deliver enterprise and domain risk assessments (at least annually, or event driven) using consistent methodology that complies with regulatory requirements
• Conduct and lead the bank’s most complex and high-impact risk assessments, including those involving enterprise architecture, modernization initiatives, AI/ML platforms, cloud deployments, or third-party integrations.
• Drive cross-functional remediation initiatives, ensuring timely resolution of identified issues and alignment with enterprise risk appetite.
• Act as the primary GRC representative and senior advisor in enterprise security architecture projects, ensuring that security, compliance, and risk considerations are embedded in design decisions for cloud, infrastructure, and applications.
• Lead architecture-focused risk assessments for new technologies, major system integrations, cloud migrations, and high-impact projects to identify systemic risks and required compensating controls.
• Translate security policies, standards, regulatory requirements and control frameworks into detailed architectural requirements, control patterns, and secure design standards consumable by engineering and application teams.
• Advise solution architects, engineers, and product teams on secure design patterns, identity and access architecture, encryption frameworks, data protection requirements, and logging/monitoring standards.
• Evaluate the security implications of modernization initiatives, and system migrations ensuring risks are documented and mitigated through appropriate design.
• Define architecture-aligned security requirements and control baselines that engineering and architecture teams use to build secure-by-design systems.
• Partner with detection engineering and cloud teams to ensure logging, auditability, and monitoring capabilities are embedded in the technology stack.
• Lead complex and technical vendor security reviews, including onboarding assessments, and high-risk assessments involving cloud platforms, data integrations, and critical infrastructure providers.
• Follow all established policies and procedures.
• Perform other duties and projects as assigned.
Qualifications:
Required:
• Bachelor’s degree in information systems, engineering, business, risk management, or related field; and related certifications (e.g., CISSP ISSAP, SABSA, CCSP, GCAD, CRISC, CISSP).
• 7-9+ years of experience in GRC, cybersecurity, risk management or related fields, and most importantly cloud/security architecture, particularly in highly regulated industries such as financial, or professional services.
• Demonstrated history of influencing architectural decisions and driving enterprise-level security program improvements.
• High technical knowledge across Cybersecurity domains, including Security Operations, Incident Response, Security Engineering, Cloud Security, Artificial Intelligence (AI), Data Security, Configuration Management, Log Generation, Security Risk Assessments/testing methodologies, Secure Software Development Lifecycle, evaluating the adequacy and efficiency of internal controls.
• Advanced knowledge of cloud architecture, application security, identity governance, encryption, secure design patterns, network architecture, and telemetry design.
• Experience translating requirements into architectural controls and technical standards.
• Expert knowledge of GRC frameworks and regulations (e.g., PCI-DSS, GDPR, CCPA, GLBA, NIST, ISO 27001).
• Strong knowledge in OWASP, CIS and/or other security standards and secure configuration baselines.
• Excellent analytical skills with the ability to assess complex risks and develop effective mitigation security strategies.
• Comfortable solving ambiguous, enterprise-scale problems.
• Proven ability to lead multi-team initiatives and drive results in a fast-paced environment.
• Excellent communication and interpersonal skills, with the ability to influence senior engineers, architects, and business leaders.
• High School diploma or equivalent required.
Company:
Banc of California provides a full-service banking and home lending to individuals and their businesses and families. Founded in 1941, the company is headquartered in Irvine, USA, with a team of 1001-5000 employees. The company is currently Late Stage.

What Banc Of California employees say

Pay

Benefits

Hours and flexibility

Workplace

Get the full story on Breakroom