1

Information Security Risk Analyst Jobs in Virginia

Build your knowledge as an information security risk specialist who knows how to break down complex threats into manageable plans of action. As a Cyber-Risk Analyst on our team, you'll use your ...

Collaborate with departments to improve security trust operations, communicate risk, and bolster ... analysis or security technology role Advanced knowledge of the following: โ€ข information systems ...

Third-Party Risk Analyst

Mclean, VA ยท On-site

$45 - $47/hr

Third-Party Risk Analyst Location: McLean, VA (5 days - Onsite) Job Overview The Third-Party Risk ... Knowledge of cybersecurity or information security incident management. * Familiarity with third ...

next page

Showing results 1-20

Information Security Risk Analyst information

See Virginia salary details

$31

$57

$74

How much do information security risk analyst jobs pay per hour?

As of Jul 12, 2026, the average hourly pay for information security risk analyst in Virginia is $57.95, according to ZipRecruiter salary data. Most workers in this role earn between $45.05 and $65.05 per hour, depending on experience, location, and employer.

What is the difference between Information Security Risk Analyst vs Cybersecurity Analyst?

AspectInformation Security Risk AnalystCybersecurity Analyst
CertificationsISO 27001, CISSP, CISACompTIA Security+, CEH, CISSP
Work EnvironmentRisk assessment teams, compliance departmentsSecurity operations centers, incident response teams
Employer & Industry UsageFinancial, healthcare, government sectorsTech companies, cybersecurity firms, enterprises

While both roles focus on protecting information assets, the Information Security Risk Analyst primarily assesses and manages risks related to information security policies and compliance. In contrast, the Cybersecurity Analyst actively monitors security systems, responds to threats, and handles incidents. Understanding these differences helps organizations assign the right responsibilities and professionals to safeguard their digital assets.

What are the key skills and qualifications needed to thrive as an Information Security Risk Analyst, and why are they important?

To thrive as an Information Security Risk Analyst, you need a solid understanding of cybersecurity principles, risk management frameworks, and a relevant degree or certifications such as CISSP, CISM, or CRISC. Familiarity with tools like risk assessment platforms, vulnerability scanners, and security information and event management (SIEM) systems is typically required. Strong analytical thinking, communication, and attention to detail help you translate complex risks into actionable recommendations and collaborate with stakeholders. These skills are crucial for effectively identifying, assessing, and mitigating security risks to protect organizational assets and ensure compliance.

What are Information Security Risk Analysts?

Information Security Risk Analysts are professionals responsible for identifying, assessing, and mitigating risks to an organization's information systems and data. They analyze potential threats, vulnerabilities, and impacts to ensure that appropriate security measures are in place. These analysts often develop risk management strategies, conduct security assessments, and recommend security enhancements. Their goal is to help organizations protect sensitive information and comply with relevant regulations.

What Does an Information Security Risk Analyst Do?

As an information security risk analyst, your job is to help assess each potential threat and determine whether or not your current network system suffers from vulnerability to that threat. In this IT role, you may monitor network activity, help implement and manage safety protocols, and research emerging threats to help determine the best response to them. Information security risk analysts often work with many other IT personnel at the same company to manage security needs and, somewhat unusually for an IT role, may also collaborate with outside experts and volunteers to find the best way to counter a particular threat. This is an extremely collaborative position, so the ability to work well with other people, including those you may be meeting for the first time, is essential to your success.

How does an Information Security Risk Analyst typically collaborate with other departments to address security risks?

Information Security Risk Analysts work closely with various departments such as IT, compliance, legal, and business units to identify and mitigate security risks. They often facilitate risk assessments, communicate findings, and recommend solutions tailored to each department's needs. Regular meetings and cross-functional projects are common, ensuring security measures align with business objectives while maintaining compliance. This collaborative approach helps foster a culture of security awareness throughout the organization.
What are popular job titles related to Information Security Risk Analyst jobs in Virginia? For Information Security Risk Analyst jobs in Virginia, the most frequently searched job titles are:
What job categories do people searching Information Security Risk Analyst jobs in Virginia look for? The top searched job categories for Information Security Risk Analyst jobs in Virginia are:
What are popular job titles related to Information Security Risk Analyst jobs in VA? For Information Security Risk Analyst jobs in VA, the most frequently searched job titles are:
Infographic showing various Information Security Risk Analyst job openings in Virginia as of July 2026, with employment types broken down into 67% Full Time, and 33% Contract. Highlights an 83% In-person, and 17% Hybrid job distribution, with an average salary of $120,534 per year, or $57.9 per hour.
Security Risk at Reston, Virginia

Security Risk at Reston, Virginia

disABLEDperson Inc

Reston, VA โ€ข On-site

Other

Posted 3 days ago

New


Job description

Security Risk Analyst

The Information Security Governance Risk and Compliance (ISGRC) team at the College Board works closely with other teams across the organization to assess and certify the security of College Board's information systems and processes. This dedicated team facilitates information security governance and compliance by assessing College Board's vendors, reviewing and negotiating contractual commitments to information security, planning for disaster response and recovery, testing system strength using industry-recognized frameworks (ISO 27001, PCI-DSS and SOC2) and obtaining related compliance certifications, implementing information security policies, promoting security awareness and training, and testing the acumen of College Board employees through robust and innovative training and phishing campaigns.

As a Security Risk Analyst, you will have the critical role of being responsible for evaluating and managing exceptions to IT security policies, for managing the Organization's Risk and Control Issues Register (Risk Register), and for developing reports and metrics. Your strong technical communication and negotiation skills will help you build relationships and collaborate with diverse stakeholders and reduce risk to the organization and ensure compliance. Under the direction of management, you will manage the Risk Register and perform security policy exceptions to help the College Board understand its critical risks. In this role you will:

  • Manage the Risk Register (20%)
  • Leads the management of the issues and risks and quickly escalates any untimely completion of audit actions.
  • Works independently to communicate risks and works with others to problem-solve risks to tolerance levels based on data and evidence.
  • Maintains data quality of Risk Register and executes any required data clean-up exercises.
  • Understands College Board work to be able to drive Risk or Control Owners to ensure consistent application of policies and standards.
  • Raises awareness about Risk & Control Issues, Policy exceptions, and available risk reduction options.
  • Fosters a culture of risk awareness and compliance within the technology department and across the organization.

Manage Policy Exceptions (65%)

  • Independently analyzes policy exception submissions and provides risk assessment reports for critical service lines, applications, and infrastructure hosted on-prem and in the cloud.
  • Evaluates and manage exceptions to IT security policies.
  • Manages materials for the Exception Review Board and presents exception information to executive leadership and senior team members.
  • Maintains an up-to-date knowledge and understanding of IT security policies and principles.
  • Maintains a customer-focused attitude in all interactions with customers and colleagues.

Support Vendor Risk Management (10%)

  • Support the Vendor Risk Management program by understanding policies and procedures.
  • Perform New Vendor Risk Assessments and Reassessments.
  • Serve as backup to the Sr. Risk Analyst.

Manage Metrics and Reporting (5%)

  • Provides weekly and monthly reporting for the Risk Register and policy exceptions.
  • Produces trending metrics and escalate exceptions.
  • Performs other duties as assigned.

To qualify for this role you must have:

  • 5-7 years of experience managing or supporting IT Security Risk and Control Risk Register and processing policy exceptions.
  • Strong understanding of risk management techniques such as risk identification, risk scoring, risk mitigation, and risk tracking.
  • Proven ability to lead conversations balancing risk and multiple business needs that result in positive outcomes with multiple stakeholders.
  • The capacity to assess risk information and make risk recommendations independently.
  • Strong organization and prioritization skills and the proven ability to manage multiple tasks simultaneously, both independently and as a member of the team.
  • Excellent verbal and written communication skills.
  • Experience with governance, risk, and compliance tools (e.g., OneTrust) preferred.
  • Experience with information security and privacy frameworks such as ISO 27001, COBIT, NIST-CSF, NIST 800-53, GDPR etc.
  • Current Information Security Certification (e.g., CISSP, CRISC, CISM, CISA, or related security certification) preferred or the ability to attain one within 6 months of hire.
  • Bachelor's degree in computer science, cybersecurity, engineering, IT management or four years equivalent IT and security industry experience.
  • The ability to travel 2-4 times a year to College Board offices or on behalf of College Board business.

All roles at College Board require:

  • A passion for expanding educational and career opportunities and mission-driven work
  • Curiosity and enthusiasm for emerging technologies, with a willingness to experiment with and adopt new AI-driven solutions and comfort with learning and applying new digital tools independently and proactively.
  • Clear and concise communication skills, written and verbal
  • A learner's mindset and a commitment to growth: welcoming diverse perspectives, giving and receiving timely, respectful feedback, and continuously improving through iterative learning and user input.
  • A drive for impact and excellence: solving complex problems, making data-informed decisions, prioritizing what matters most, and continuously improving through learning, user input, and external benchmarking.
  • A collaborative and empathetic approach: working across differences, fostering trust, and contributing to a culture of shared success
  • Authorization to work in the United States

Application review will begin immediately and will continue until the position is filled. This role is expected to accept applications for a minimum of 5 business days. While the hiring process may vary, it generally includes: resume and application submission, recruiter phone/video screen, hiring manager interview, performance exercise such as live coding, a panel interview, a conversation with leadership and reference checks.

At College Board, we offer more than a paycheck- we provide a meaningful career, a supportive team, and a comprehensive package designed to help you thrive. We're a self-sustaining nonprofit that believes in fair and competitive compensation grounded in your qualifications, experience, impact, and the market. A Thoughtful Approach to Compensation

  • The hiring range for this role is $72,000-$120,000.
  • Your exact salary will depend on your location, experience, and how your background compares to others in similar roles at the College Board.
  • We aim to make our best offer upfront, rooted in fairness, transparency, and market data.
  • We adjust salaries by location to ensure fairness, no matter where you live.