They are seeking a VP, Lead Security Risk Analyst to lead enterprise-wide Information Security risk engagement and drive the development and execution of the Information Security risk and GRC ...
They are seeking a VP, Lead Security Risk Analyst to lead enterprise-wide Information Security risk engagement and drive the development and execution of the Information Security risk and GRC ...
Information Security Risk Analyst - Cyber Resiliency
$120K - $130K/yr
As an Information Security Staff Risk Analyst at Deluxe, you will be instrumental in maintaining our high standards of security and compliance, in particular with our cyber resilience and ...
Information Security Risk Analyst - Cyber Resiliency
$120K - $130K/yr
As an Information Security Staff Risk Analyst at Deluxe, you will be instrumental in maintaining our high standards of security and compliance, in particular with our cyber resilience and ...
Title: Information Security Risk Analyst Location: Oklahoma City, OK Type: Full-time Salary: DOE Requirement: Under senior staff supervision, assist in information security policy development ...
Title: Information Security Risk Analyst Location: Oklahoma City, OK Type: Full-time Salary: DOE Requirement: Under senior staff supervision, assist in information security policy development ...
Title: Information Security Risk Analyst Location: Oklahoma City, OK Type: Full-time Salary: DOE Requirement: Under senior staff supervision, assist in information security policy development ...
Title: Information Security Risk Analyst Location: Oklahoma City, OK Type: Full-time Salary: DOE Requirement: Under senior staff supervision, assist in information security policy development ...
Summary Statement The Senior IT Security Risk Analyst is responsible for leading the organization's cybersecurity governance, risk, and compliance initiatives. This role drives the design ...
Summary Statement The Senior IT Security Risk Analyst is responsible for leading the organization's cybersecurity governance, risk, and compliance initiatives. This role drives the design ...
Summary Statement The Senior IT Security Risk Analyst is responsible for leading the organization's cybersecurity governance, risk, and compliance initiatives. This role drives the design ...
Summary Statement The Senior IT Security Risk Analyst is responsible for leading the organization's cybersecurity governance, risk, and compliance initiatives. This role drives the design ...
Summary Statement The Senior IT Security Risk Analyst is responsible for leading the organization's cybersecurity governance, risk, and compliance initiatives. This role drives the design ...
Summary Statement The Senior IT Security Risk Analyst is responsible for leading the organization's cybersecurity governance, risk, and compliance initiatives. This role drives the design ...
The Security Risk & Compliance Analyst supports the organizations global information security program by assisting in the identification, assessment, and management of information security risks and ...
The Security Risk & Compliance Analyst supports the organizations global information security program by assisting in the identification, assessment, and management of information security risks and ...
The Security Risk & Compliance Analyst supports the organizations global information security program by assisting in the identification, assessment, and management of information security risks and ...
The Security Risk & Compliance Analyst supports the organizations global information security program by assisting in the identification, assessment, and management of information security risks and ...
As an Information Security Staff Risk Analyst at Deluxe, you will be instrumental in maintaining our high standards of security and compliance, in particular with our cyber resilience and ...
As an Information Security Staff Risk Analyst at Deluxe, you will be instrumental in maintaining our high standards of security and compliance, in particular with our cyber resilience and ...
Information Security Risk Analyst - Cyber Resiliency
Atlanta, GA · On-site
$120K - $130K/yr
As an Information Security Staff Risk Analyst at Deluxe, you will be instrumental in maintaining our high standards of security and compliance, in particular with our cyber resilience and ...
Information Security Risk Analyst - Cyber Resiliency
Atlanta, GA · On-site
$120K - $130K/yr
As an Information Security Staff Risk Analyst at Deluxe, you will be instrumental in maintaining our high standards of security and compliance, in particular with our cyber resilience and ...
Familiarity with vulnerability management, threat intelligence analysis, and security architecture ... Performing information security risk assessments, evaluating control effectiveness, and analyzing ...
Quick apply
Familiarity with vulnerability management, threat intelligence analysis, and security architecture ... Performing information security risk assessments, evaluating control effectiveness, and analyzing ...
EITS Security Risk Analyst B (Engagement)--Remote Job
San Francisco, CA · Remote
$60 - $70/hr
Job43 EITS Security Risk Analyst B (Engagement) Location: 100% Remote Max Submissions: 5 Proposed ... Translate business IT risk requirements into technical control specifications. * Develop risk ...
Quick apply
EITS Security Risk Analyst B (Engagement)--Remote Job
San Francisco, CA · Remote
$60 - $70/hr
Job43 EITS Security Risk Analyst B (Engagement) Location: 100% Remote Max Submissions: 5 Proposed ... Translate business IT risk requirements into technical control specifications. * Develop risk ...
Job43 - EITS Security Risk Analyst B (Engagement) Location: 100% Remote Max Submissions: 5 Proposed ... Translate business IT risk requirements into technical control specifications. * Develop risk ...
Job43 - EITS Security Risk Analyst B (Engagement) Location: 100% Remote Max Submissions: 5 Proposed ... Translate business IT risk requirements into technical control specifications. * Develop risk ...
Operational Risk Analyst -Security Governance & Risk Issues Management Location: Merrifield VA ... Keep current with Information Security best practices and industry trends, and communicate/apply ...
Operational Risk Analyst -Security Governance & Risk Issues Management Location: Merrifield VA ... Keep current with Information Security best practices and industry trends, and communicate/apply ...
Information Security Risk and Compliance Analyst Department: Information Technology Location: Red Roof Pay Band: Professional Job Summary : The Information Security Risk & Compliance Analyst is ...
Information Security Risk and Compliance Analyst Department: Information Technology Location: Red Roof Pay Band: Professional Job Summary : The Information Security Risk & Compliance Analyst is ...
Information Security Risk and Compliance Analyst Department: Information Technology Location: Red Roof Pay Band: Professional Job Summary : The Information Security Risk & Compliance Analyst is ...
Information Security Risk and Compliance Analyst Department: Information Technology Location: Red Roof Pay Band: Professional Job Summary : The Information Security Risk & Compliance Analyst is ...
... information security program in collaboration with other key stakeholders in the Firm. Reporting to the Firm's Security Risk and Compliance Analyst, the assistant will have a range of ...
Quick apply
... information security program in collaboration with other key stakeholders in the Firm. Reporting to the Firm's Security Risk and Compliance Analyst, the assistant will have a range of ...
... information security program in collaboration with other key stakeholders in the Firm. Reporting to the Firm's Security Risk and Compliance Analyst, the assistant will have a range of ...
Quick apply
... information security program in collaboration with other key stakeholders in the Firm. Reporting to the Firm's Security Risk and Compliance Analyst, the assistant will have a range of ...
The Information Security Risk and Compliance Analyst performs recurring and ad hoc assessments such as user access reviews, vendor due diligence and monitoring, and other control validation tasks to ...
Quick apply
The Information Security Risk and Compliance Analyst performs recurring and ad hoc assessments such as user access reviews, vendor due diligence and monitoring, and other control validation tasks to ...
Information Security RISK Analyst information
See salary details
$31.97 - $35.93
6% of jobs
$35.93 - $39.88
5% of jobs
$39.88 - $43.84
8% of jobs
$45.72 is the 25th percentile. Wages below this are outliers.
$43.84 - $47.79
11% of jobs
$47.79 - $51.75
12% of jobs
The median wage is $55.46 / hr.
$51.75 - $55.70
8% of jobs
$55.70 - $59.66
7% of jobs
$59.66 - $63.61
9% of jobs
$65.41 is the 75th percentile. Wages above this are outliers.
$63.61 - $67.57
17% of jobs
$67.57 - $71.53
8% of jobs
$71.53 - $75.48
7% of jobs
$31
$58
$75
How much do information security risk analyst jobs pay per hour?
What is the difference between Information Security Risk Analyst vs Cybersecurity Analyst?
| Aspect | Information Security Risk Analyst | Cybersecurity Analyst |
|---|---|---|
| Certifications | ISO 27001, CISSP, CISA | CompTIA Security+, CEH, CISSP |
| Work Environment | Risk assessment teams, compliance departments | Security operations centers, incident response teams |
| Employer & Industry Usage | Financial, healthcare, government sectors | Tech companies, cybersecurity firms, enterprises |
While both roles focus on protecting information assets, the Information Security Risk Analyst primarily assesses and manages risks related to information security policies and compliance. In contrast, the Cybersecurity Analyst actively monitors security systems, responds to threats, and handles incidents. Understanding these differences helps organizations assign the right responsibilities and professionals to safeguard their digital assets.
What are the key skills and qualifications needed to thrive as an Information Security Risk Analyst, and why are they important?
What are Information Security Risk Analysts?
What Does an Information Security Risk Analyst Do?
As an information security risk analyst, your job is to help assess each potential threat and determine whether or not your current network system suffers from vulnerability to that threat. In this IT role, you may monitor network activity, help implement and manage safety protocols, and research emerging threats to help determine the best response to them. Information security risk analysts often work with many other IT personnel at the same company to manage security needs and, somewhat unusually for an IT role, may also collaborate with outside experts and volunteers to find the best way to counter a particular threat. This is an extremely collaborative position, so the ability to work well with other people, including those you may be meeting for the first time, is essential to your success.
How does an Information Security Risk Analyst typically collaborate with other departments to address security risks?

Banc Of California rating
7.9
Based on 5 frontline employees who took The Breakroom Quiz
63rd of 144 rated banks
Job description
Banc of California is a premier relationship-based business bank committed to delivering meaningful results and supporting local communities. They are seeking a VP, Lead Security Risk Analyst to lead enterprise-wide Information Security risk engagement and drive the development and execution of the Information Security risk and GRC programs, ensuring effective risk management aligned with the organization’s risk appetite.
Responsibilities:
• Lead enterprise Information Security engagement across all enterprise-wide corporate projects, championing security by design principles, influencing security decisions without direct authority and driving alignment across multiple business and technology domains.
• Contribute to the development, management, and ongoing improvement of the Information Security risk program, compliance initiatives, and overall security risk posture.
• Partner with senior management to design and implement maturity strategies and operations into the Information Security GRC team.
• Maintain Information Security risk register, report monthly to appropriately address key risk areas.
• Support policies and procedures maintenance aligned with in-scope security frameworks, regulations, and internal standards to manage identified risk effectively.
• Conduct regular risk assessments to identify potential threats and vulnerabilities across the organization analyzing their impact and likelihood of occurrence.
• Generate reports on risk assessments, compliance status, and control effectiveness to communicate findings to stakeholders at various levels within the organization.
• Lead and deliver enterprise and domain risk assessments (at least annually, or event driven) using consistent methodology that complies with regulatory requirements
• Conduct and lead the bank’s most complex and high-impact risk assessments, including those involving enterprise architecture, modernization initiatives, AI/ML platforms, cloud deployments, or third-party integrations.
• Drive cross-functional remediation initiatives, ensuring timely resolution of identified issues and alignment with enterprise risk appetite.
• Act as the primary GRC representative and senior advisor in enterprise security architecture projects, ensuring that security, compliance, and risk considerations are embedded in design decisions for cloud, infrastructure, and applications.
• Lead architecture-focused risk assessments for new technologies, major system integrations, cloud migrations, and high-impact projects to identify systemic risks and required compensating controls.
• Translate security policies, standards, regulatory requirements and control frameworks into detailed architectural requirements, control patterns, and secure design standards consumable by engineering and application teams.
• Advise solution architects, engineers, and product teams on secure design patterns, identity and access architecture, encryption frameworks, data protection requirements, and logging/monitoring standards.
• Evaluate the security implications of modernization initiatives, and system migrations ensuring risks are documented and mitigated through appropriate design.
• Define architecture-aligned security requirements and control baselines that engineering and architecture teams use to build secure-by-design systems.
• Partner with detection engineering and cloud teams to ensure logging, auditability, and monitoring capabilities are embedded in the technology stack.
• Lead complex and technical vendor security reviews, including onboarding assessments, and high-risk assessments involving cloud platforms, data integrations, and critical infrastructure providers.
• Follow all established policies and procedures.
• Perform other duties and projects as assigned.
Qualifications:
Required:
• Bachelor’s degree in information systems, engineering, business, risk management, or related field; and related certifications (e.g., CISSP ISSAP, SABSA, CCSP, GCAD, CRISC, CISSP).
• 7-9+ years of experience in GRC, cybersecurity, risk management or related fields, and most importantly cloud/security architecture, particularly in highly regulated industries such as financial, or professional services.
• Demonstrated history of influencing architectural decisions and driving enterprise-level security program improvements.
• High technical knowledge across Cybersecurity domains, including Security Operations, Incident Response, Security Engineering, Cloud Security, Artificial Intelligence (AI), Data Security, Configuration Management, Log Generation, Security Risk Assessments/testing methodologies, Secure Software Development Lifecycle, evaluating the adequacy and efficiency of internal controls.
• Advanced knowledge of cloud architecture, application security, identity governance, encryption, secure design patterns, network architecture, and telemetry design.
• Experience translating requirements into architectural controls and technical standards.
• Expert knowledge of GRC frameworks and regulations (e.g., PCI-DSS, GDPR, CCPA, GLBA, NIST, ISO 27001).
• Strong knowledge in OWASP, CIS and/or other security standards and secure configuration baselines.
• Excellent analytical skills with the ability to assess complex risks and develop effective mitigation security strategies.
• Comfortable solving ambiguous, enterprise-scale problems.
• Proven ability to lead multi-team initiatives and drive results in a fast-paced environment.
• Excellent communication and interpersonal skills, with the ability to influence senior engineers, architects, and business leaders.
• High School diploma or equivalent required.
Company:
Banc of California provides a full-service banking and home lending to individuals and their businesses and families. Founded in 1941, the company is headquartered in Irvine, USA, with a team of 1001-5000 employees. The company is currently Late Stage.
What Banc Of California employees say
Pay
Benefits
Hours and flexibility
Workplace
Get the full story on Breakroom
About Banc of California
Sourced by ZipRecruiter
Industry
Commercial banking
Company size
501 - 1,000 Employees
Headquarters location
Santa Ana, CA, US
Year founded
1941