1

It Risk Analyst Jobs (NOW HIRING)

IT Risk Analyst I

Charlotte, NC · On-site

$44 - $48/hr

... risk philosophy. * The EDD Analyst will conduct EDD reviews consistent with company policy and ... information, pregnancy, or any other protected characteristic as outlined by federal, state, or ...

This is a hands-on, cross-functional role that provides broad exposure to IT risk assessments, cybersecurity risk analysis, governance activities, issue management, and policy support. The position ...

This is a hands-on, cross-functional role that provides broad exposure to IT risk assessments, cybersecurity risk analysis, governance activities, issue management, and policy support. The position ...

Technical Risk Analyst Position Summary We are seeking a Technical Risk Analyst to support IT security controls testing, risk assessments, and assurance activities across a complex technology ...

IT Risk & Compliance Analyst

Andover, MA · On-site +1

$95K - $95K/yr

Scope of Position The IT Risk & Compliance Analyst, as part of the Information Security organization, is responsible for supporting the execution of Watts' IT compliance, audit readiness ...

... analyst continuously evaluates the assurance of the risk management program.The Senior Technology ... Ability to effectively and accurately convey riskrelated information to stakeholders at all levels.

... analyst continuously evaluates the assurance of the risk management program.The Senior Technology ... Ability to effectively and accurately convey riskrelated information to stakeholders at all levels.

next page

Showing results 1-20

IT Risk Analyst information

See salary details

$15

$40

$65

How much do it risk analyst jobs pay per hour?

As of Jul 12, 2026, the average hourly pay for it risk analyst in the United States is $40.49, according to ZipRecruiter salary data. Most workers in this role earn between $29.81 and $49.28 per hour, depending on experience, location, and employer.

What does an IT Risk Analyst do?

An IT Risk Analyst is responsible for identifying, assessing, and mitigating risks that could impact an organization's information technology systems and data. They analyze potential threats, such as cyberattacks or data breaches, and develop strategies to minimize these risks. Their role involves working closely with other IT professionals to ensure compliance with security policies and regulatory requirements, as well as preparing risk reports and recommending improvements. Ultimately, IT Risk Analysts help organizations protect sensitive information and maintain secure, reliable IT operations.

What are the key skills and qualifications needed to thrive as an IT Risk Analyst, and why are they important?

To thrive as an IT Risk Analyst, you need a strong understanding of risk management frameworks, cybersecurity principles, and regulatory compliance—often supported by a degree in information technology or a related field. Familiarity with tools such as risk assessment software, vulnerability scanners, and certifications like CISSP or CISA is typically required. Analytical thinking, attention to detail, and effective communication are vital soft skills that distinguish top performers in this role. These competencies are crucial for accurately identifying risks, ensuring regulatory compliance, and effectively communicating findings to stakeholders.

What are some common challenges IT Risk Analysts face when collaborating with other departments?

IT Risk Analysts often work closely with various departments such as IT, compliance, and operations to identify and mitigate risks. One common challenge is translating technical risk information into terms that non-technical stakeholders can understand. Additionally, balancing the need for rigorous security measures with business objectives can sometimes lead to conflicting priorities. Effective communication and building strong relationships across teams are key to overcoming these challenges and ensuring that risk controls are both practical and effective.

What is the difference between It Risk Analyst vs Cybersecurity Analyst?

AspectIt Risk AnalystCybersecurity Analyst
CertificationsISO 27001, CISSP, CISACISSP, CEH, CompTIA Security+
Work EnvironmentFinancial, healthcare, corporate sectors focusing on risk managementIT security teams, cybersecurity firms, tech companies
Employer & Industry UsageFinancial institutions, large corporations, consulting firmsTech companies, government agencies, security firms

While both roles focus on protecting information, the It Risk Analyst primarily assesses and manages overall IT risks within organizations, emphasizing compliance and risk mitigation strategies. In contrast, the Cybersecurity Analyst concentrates on defending systems from cyber threats and attacks. Both roles often collaborate but serve distinct functions in an organization's security framework.

More about IT Risk Analyst jobs
What cities are hiring for It Risk Analyst jobs? Cities with the most It Risk Analyst job openings:
What states have the most It Risk Analyst jobs? States with the most job openings for It Risk Analyst jobs include:
Infographic showing various It Risk Analyst job openings in the United States as of July 2026, with employment types broken down into 1% Locum Tenens, 1% Internship, 86% Full Time, 6% Part Time, 1% Temporary, and 5% Contract. Highlights an 82% Physical, 5% Hybrid, and 13% Remote job distribution, with an average salary of $84,210 per year, or $40.5 per hour.
Principal Technology Risk Analyst

Principal Technology Risk Analyst

Fidelity Investments

Boston, MA • On-site, Remote

$140K - $150K/yr

Full-time

Re-posted 2 days ago


Fidelity Investments rating

8.7

Company rating: 8.7 out of 10

Based on 266 frontline employees who took The Breakroom Quiz

17th of 148 rated financial services


Job description

Job Description:

Position Description:

***Applicants are permitted to work remotely from an at-home worksite anywhere in the United States.***

Facilitates all external audit activity related to financial reporting, independent controls attestation, and compliance with regulatory requirements. Performs proactive risk assessments and develops control strategies for emerging technologies, including AI, Machine Learning, and Snowflake data services. Runs external audits and technology risk support for inquiries from technology and operational stakeholders. Supports systems and technology for external audit activity, including attestation and financial statement audits.

Primary Responsibilities:

  • Enhances the external audit program activities focused on key technology areas, including DevOps, Cloud, and Technology Operations.
  • Coordinates external auditor readiness engagements and readiness assessments, and provides timely status updates to management.
  • Plans and coordinates audit cycles with external auditors and internal stakeholders.
  • Facilitates requests from external auditor and monitors the progress to ensure timely completion.
  • Performs technology risk assessments and develops control strategies; including documenting controls, identifying potential gaps and inconsistencies, and making recommendations for improvement and mitigation.
  • Provides technical assistance on risk related systems issues.
  • Serves as a liaison with technology and risk teams to track external audit findings and perform issues follow-up.
  • Consults with other team members to generate action plans and resolve technical issues.
  • Assesses the various information technology risks that the business faces in its operations and implements action plans, policy, and procedural changes for risk avoidance and mitigation.
  • Evaluates control maturity by performing control design and operating effectiveness reviews and

peer reviews.

  • Assists with conducting Cloud Risk assessments and readiness reviews for applications and workloads migrating to the public Cloud environment.

Education and Experience:

Bachelor's degree in Computer Science, Engineering, Information Technology, Information Systems, Management Information Systems, or a closely related field (or foreign education equivalent) and five (5) years of experience as a Principal Technology Risk Analyst (or closely related occupation) performing Information Technology (IT) audits, risk assessments, and cybersecurity control reviews.

Or, alternatively, Master's degree in Computer Science, Engineering, Information Technology, Information Systems, Management Information Systems, or a closely related field (or foreign education equivalent) and three (3) years of experience as a Principal Technology Risk Analyst (or closely related occupation) performing Information Technology (IT) audits, risk assessments, and cybersecurity control reviews.

Skills and Knowledge:

Candidate must also possess:

  • Demonstrated Expertise ("DE") performing or coordinating external audit engagements (SOC 1, SOC 2, SOC 3, controls attestation reports, financial audits, ISO 27001, or COBIT external IT audit programs) in distributed environments; and maintaining in-scope IT General Control (ITGCs) and IT Application (ITAC) documentation and procedures.
  • DE performing an IT controls assurance program -- identifying and designing new controls, evaluating control procedures and evidence documentation, and conducting control assessments through formal design and operating effectiveness reviews; and establishing control maturity and control/process enhancements using industry control frameworks - AICPA Trust Service Criteria, HiTRUST, ISO 27001 certification standard, or NIST Cybersecurity frameworks.
  • DE performing risk management and IT audits, and implementing ITGC or cybersecurity controls for large-scale, complex IT infrastructures, including mainframe, distributed, network, cloud, and vendor hosted (SaaS/PaaS) infrastructure; reviewing vendor's independent SOC 1 or SOC 2 audit reports to confirm the appropriate controls are in place for the services provided and to safeguard data; and creating executive communications focusing on risk, impact, and corrective actions, using Governance, Risk, and Compliance (GRC) tools.
  • DE performing risk assessments and IT audits of secure software development lifecycle processes and procedures -- automated build and deployment pipelines in a DevOps solutions framework, using Github, SonarQube, Jenkins, Artifactory, or uDeploy; and assessing software development controls, identifying potential gaps and inconsistencies, and making recommendations for improvement and mitigation.

Salary: $140,000.00 - $150,000.00/year.

#PE1M2

#LI-DNI

Certifications:Category:Information Technology

Please be advised that Fidelity's business is governed by the provisions of the Securities Exchange Act of 1934, the Investment Advisers Act of 1940, the Investment Company Act of 1940, ERISA, numerous state laws governing securities, investment and retirement-related financial activities and the rules and regulations of numerous self-regulatory organizations, including FINRA, among others. Those laws and regulations may restrict Fidelity from hiring and/or associating with individuals with certain Criminal Histories.


What Fidelity Investments employees say

Pay

Benefits

Hours and flexibility

Workplace

Get the full story on Breakroom