1

It Risk Analyst Jobs (NOW HIRING)

LRS Consulting is on the hunt for an IT Audit & Risk Analyst to support third party risk management, ITGC testing, vendor assessments, and audit readiness. This role blends IT auditing, process ...

Overview Senior Consultant (IT Risk) USA: Los Angeles, CA | Hybrid At MGO (Macias, Gini & O'Connell ... Excellent analytical, communication, and client service skills Why MGO: We offer a collaborative ...

Compliance & Risk Analyst (Audit & Controls) Location-Type: Hybrid (Owings Mills, MD - 2 Days ... technology organizations. Preferred Certifications: • Certified Information Systems Auditor (CISA ...

Senior Consultant (IT Risk) USA: Los Angeles, CA | Hybrid At MGO (Macias, Gini & O'Connell LLP), we ... Excellent analytical, communication, and client service skills Why MGO: We offer a collaborative ...

Compliance & Risk Analyst (Audit & Controls) Location-Type: Hybrid (Owings Mills, MD - 2 Days ... technology organizations. Preferred Certifications: • Certified Information Systems Auditor (CISA ...

What you'll do The IT Risk Senior Analyst is a strategic advisor responsible for integrating IT risk management and compliance into enterprise technology transformation initiatives. This role ensures ...

next page

Showing results 1-20

IT Risk Analyst information

See salary details

$15

$40

$65

How much do it risk analyst jobs pay per hour?

As of Jul 12, 2026, the average hourly pay for it risk analyst in the United States is $40.49, according to ZipRecruiter salary data. Most workers in this role earn between $29.81 and $49.28 per hour, depending on experience, location, and employer.

What does an IT Risk Analyst do?

An IT Risk Analyst is responsible for identifying, assessing, and mitigating risks that could impact an organization's information technology systems and data. They analyze potential threats, such as cyberattacks or data breaches, and develop strategies to minimize these risks. Their role involves working closely with other IT professionals to ensure compliance with security policies and regulatory requirements, as well as preparing risk reports and recommending improvements. Ultimately, IT Risk Analysts help organizations protect sensitive information and maintain secure, reliable IT operations.

What are the key skills and qualifications needed to thrive as an IT Risk Analyst, and why are they important?

To thrive as an IT Risk Analyst, you need a strong understanding of risk management frameworks, cybersecurity principles, and regulatory compliance—often supported by a degree in information technology or a related field. Familiarity with tools such as risk assessment software, vulnerability scanners, and certifications like CISSP or CISA is typically required. Analytical thinking, attention to detail, and effective communication are vital soft skills that distinguish top performers in this role. These competencies are crucial for accurately identifying risks, ensuring regulatory compliance, and effectively communicating findings to stakeholders.

What are some common challenges IT Risk Analysts face when collaborating with other departments?

IT Risk Analysts often work closely with various departments such as IT, compliance, and operations to identify and mitigate risks. One common challenge is translating technical risk information into terms that non-technical stakeholders can understand. Additionally, balancing the need for rigorous security measures with business objectives can sometimes lead to conflicting priorities. Effective communication and building strong relationships across teams are key to overcoming these challenges and ensuring that risk controls are both practical and effective.

What is the difference between It Risk Analyst vs Cybersecurity Analyst?

AspectIt Risk AnalystCybersecurity Analyst
CertificationsISO 27001, CISSP, CISACISSP, CEH, CompTIA Security+
Work EnvironmentFinancial, healthcare, corporate sectors focusing on risk managementIT security teams, cybersecurity firms, tech companies
Employer & Industry UsageFinancial institutions, large corporations, consulting firmsTech companies, government agencies, security firms

While both roles focus on protecting information, the It Risk Analyst primarily assesses and manages overall IT risks within organizations, emphasizing compliance and risk mitigation strategies. In contrast, the Cybersecurity Analyst concentrates on defending systems from cyber threats and attacks. Both roles often collaborate but serve distinct functions in an organization's security framework.

More about IT Risk Analyst jobs
What cities are hiring for It Risk Analyst jobs? Cities with the most It Risk Analyst job openings:
What states have the most It Risk Analyst jobs? States with the most job openings for It Risk Analyst jobs include:
Infographic showing various It Risk Analyst job openings in the United States as of July 2026, with employment types broken down into 1% Locum Tenens, 1% Internship, 86% Full Time, 6% Part Time, 1% Temporary, and 5% Contract. Highlights an 82% Physical, 5% Hybrid, and 13% Remote job distribution, with an average salary of $84,210 per year, or $40.5 per hour.
IT Risk & Compliance Analyst

IT Risk & Compliance Analyst

Superbeo

San Francisco, CA • On-site

Contractor

Re-posted 17 hours ago


Job description

Job Title: IT Risk & Compliance Analyst

Job Location: San Francisco, CA 94104

  • Please local candidates that are able to work hybrid work schedule, Tuesday and Wednesday, at the SF Offices.

Job Duration: 6 months (Possibility of extension)

Qualifications (Must Have):

  • Ability to map key Information Security and Technology controls identified in policies, standards, and process documents to industry frameworks such as NIST CSF, NIST 800-53, CSA CCM, CIS v8.1, and regulatory requirements in FHFA Advisory Bulletins.
  • Interpret compliance information to create a recurring cadence of reports of open findings, observations, self-identified issues, progress on risk and compliance initiatives.
  • Willingness to learn/use ITRC tools (e.g., ProcessUnity, Black Kite) and support ITRC team lead with supply chain cyber risk program management

Primary Responsibilities:

  • Conduct readiness assessments, including reviews of relevant documentation in advance of audits, 2LOD assessments, and external assessments.
  • Maintain the inventory of SOX IT General Controls (ITGC) and control tests in ServiceNow, updating as directed, and identifying opportunities for improvements in reporting and in using automation.
  • Liaison between control owner and internal auditors, and 2LOD assessors during audits and assessments, responsible for supporting control owners in the timely submission of artifacts.
  • Ability to map key Information Security and Technology controls identified in policies, standards, and process documents to industry frameworks such as NIST CSF, NIST 800-53, CSA CCM, CIS v8.1, and regulatory requirements in FHFA Advisory Bulletins.
  • Ability to identify and document technology processes.
  • Manage the LogicGate Governance Library ensuring Information Security and Technology documents align with approval and publication requirements, relying equally on automated reminders as well as active engagement with document owners.
  • Maintain ITRC document archives in the ITRC shared repository.
  • Responsible for reporting status at a recurring cadence of open findings, observations, recommendations, and self-identified issues, and for submitting formal audit observation closure documentation.
  • As directed by the ITRC MD, document and report the progress and value of in-flight ITRC initiatives, identified risks, and planned initiatives.
  • Provide compliance review of requests for deviations from Information Security and Technology policies and standards, confirming compliance with Technology Exception requirements for components such as compensating controls, risk assessment, and  documentation supporting exception request rationale.
  • Participate as a key stakeholder in the Architecture Assessment Review process, documenting meeting decisions,  tracking deliverable commitments, and ensuring next steps are completed for proposed new technologies or changes in existing technologies.
  • Support ITRC team members as needed in conducting third-party security risk assessments for changes to existing third parties or proposed third party technologies.

Skills/Knowledge:

  • Required Core Competencies:  Customer Focus, Decision Quality, Ensures Accountability, Drives Results, Drives Engagement, Collaborates, Values Differences, Communicates Effectively with all levels of staff and management, Instills Trust
  • 3 - 5 years of experience in technology risk or IT audit.
  • Knowledge and experience with technology frameworks is required, e.g., CIS v8.1, CSA CCM, CoBIT, NIST, ITIL, et al.
  • Knowledge of Operational Risk Management and Technology Risk Management.
  • Demonstrated ability to promote teamwork, act as a change agent, effectively remove obstacles, maintain high level of morale and motivation, and lead by example.
  • Familiarity with SOX ITGC
  • Must be proficient with Microsoft Office (Word, Excel, PowerPoint) and Microsoft SharePoint.
  • Must have strong communication skills and be able to effectively communicate with all functional levels of the organization.
  • Project management, planning, problem-solving and organizational skills required, preferably using Atlassian JIRA
  • Strong analytical, issue identification, prioritization, resolution, and report writing skills required.
  • Must be proactive and must be able to meet established deadlines.
  • Experience with a Governance, Risk and Compliance (GRC) tool is highly desirable, preferably ServiceNow and LogicGate.
  • Ability to learn use of the ProcessUnity/CyberGRX third party risk management platform