1

Information Security Risk Analyst Jobs in Virginia

Demonstrated experience in Assessment & Authorization (A&A), risk assessment methodologies, information security, internet security, Portable Electronic Device (PED) vulnerabilities, threat analysis ...

Technical Risk Analyst Position Summary We are seeking a Technical Risk Analyst to support IT security controls testing, risk assessments, and assurance activities across a complex technology ...

Technical Risk Analyst Position Summary We are seeking a Technical Risk Analyst to support IT security controls testing, risk assessments, and assurance activities across a complex technology ...

Collaborate with business units, legal, information security, and other risk subject matter experts ... Strong analytical skills with the ability to identify and resolve complex issues. * Excellent ...

Provides research and analysis of information security data and responds to inquiries; identifies ... Participates in cross-functional linked teams to address IS policy/risk or compliance issues.

next page

Showing results 1-20

Information Security Risk Analyst information

See Virginia salary details

$31

$57

$74

How much do information security risk analyst jobs pay per hour?

As of Jul 13, 2026, the average hourly pay for information security risk analyst in Virginia is $57.95, according to ZipRecruiter salary data. Most workers in this role earn between $45.05 and $65.05 per hour, depending on experience, location, and employer.

What is the difference between Information Security Risk Analyst vs Cybersecurity Analyst?

AspectInformation Security Risk AnalystCybersecurity Analyst
CertificationsISO 27001, CISSP, CISACompTIA Security+, CEH, CISSP
Work EnvironmentRisk assessment teams, compliance departmentsSecurity operations centers, incident response teams
Employer & Industry UsageFinancial, healthcare, government sectorsTech companies, cybersecurity firms, enterprises

While both roles focus on protecting information assets, the Information Security Risk Analyst primarily assesses and manages risks related to information security policies and compliance. In contrast, the Cybersecurity Analyst actively monitors security systems, responds to threats, and handles incidents. Understanding these differences helps organizations assign the right responsibilities and professionals to safeguard their digital assets.

What are the key skills and qualifications needed to thrive as an Information Security Risk Analyst, and why are they important?

To thrive as an Information Security Risk Analyst, you need a solid understanding of cybersecurity principles, risk management frameworks, and a relevant degree or certifications such as CISSP, CISM, or CRISC. Familiarity with tools like risk assessment platforms, vulnerability scanners, and security information and event management (SIEM) systems is typically required. Strong analytical thinking, communication, and attention to detail help you translate complex risks into actionable recommendations and collaborate with stakeholders. These skills are crucial for effectively identifying, assessing, and mitigating security risks to protect organizational assets and ensure compliance.

What are Information Security Risk Analysts?

Information Security Risk Analysts are professionals responsible for identifying, assessing, and mitigating risks to an organization's information systems and data. They analyze potential threats, vulnerabilities, and impacts to ensure that appropriate security measures are in place. These analysts often develop risk management strategies, conduct security assessments, and recommend security enhancements. Their goal is to help organizations protect sensitive information and comply with relevant regulations.

What Does an Information Security Risk Analyst Do?

As an information security risk analyst, your job is to help assess each potential threat and determine whether or not your current network system suffers from vulnerability to that threat. In this IT role, you may monitor network activity, help implement and manage safety protocols, and research emerging threats to help determine the best response to them. Information security risk analysts often work with many other IT personnel at the same company to manage security needs and, somewhat unusually for an IT role, may also collaborate with outside experts and volunteers to find the best way to counter a particular threat. This is an extremely collaborative position, so the ability to work well with other people, including those you may be meeting for the first time, is essential to your success.

How does an Information Security Risk Analyst typically collaborate with other departments to address security risks?

Information Security Risk Analysts work closely with various departments such as IT, compliance, legal, and business units to identify and mitigate security risks. They often facilitate risk assessments, communicate findings, and recommend solutions tailored to each department's needs. Regular meetings and cross-functional projects are common, ensuring security measures align with business objectives while maintaining compliance. This collaborative approach helps foster a culture of security awareness throughout the organization.
What are popular job titles related to Information Security Risk Analyst jobs in Virginia? For Information Security Risk Analyst jobs in Virginia, the most frequently searched job titles are:
What job categories do people searching Information Security Risk Analyst jobs in Virginia look for? The top searched job categories for Information Security Risk Analyst jobs in Virginia are:
What are popular job titles related to Information Security Risk Analyst jobs in VA? For Information Security Risk Analyst jobs in VA, the most frequently searched job titles are:
Infographic showing various Information Security Risk Analyst job openings in Virginia as of July 2026, with employment types broken down into 67% Full Time, and 33% Contract. Highlights an 83% In-person, and 17% Hybrid job distribution, with an average salary of $120,534 per year, or $57.9 per hour.
Senior Information Security Office (ISO) Consultant, Cyber Risk

Senior Information Security Office (ISO) Consultant, Cyber Risk

Capital One

Richmond, VA

$99K - $127K/yr

Full-time

Posted 7 days ago


Capital One rating

7.8

Company rating: 7.8 out of 10

Based on 143 frontline employees who took The Breakroom Quiz

76th of 149 rated banks


Job description

Senior Information Security Office (ISO) Consultant, Cyber Risk

Capital One is one of the fastest growing organizations in the world today. The growth of the business is being accelerated by leveraging innovative and emerging technologies. We are serious about technology, we dream big, and we execute. Just as we prioritize driving innovation through technology, we equally prioritize cybersecurity and managing technology risk. Cybersecurity professionals at Capital One are trusted expert advisers who shape decisions, challenge activities to ensure they meet our standards, and generally oversee technology, cybersecurity, and information security risk across the business and Capital One organization.

As a Principal Associate in Capital One's Cyber Division supporting Financial Services (FS), you will work within the FS Information Security Office (FS ISO) Command Center providing support to FS business, stakeholders, and peers. The FS ISO Command Center is responsible for project management, oversight, tracking, and reporting of cyber initiatives, efforts, and metrics that impact the Financial Services Line of Business.

Success in this role requires someone to possess broad cyber experience, understanding of business efficiency frameworks (ITIL, AGILE, etc.), strong analytical skills, and strong capabilities in developing, facilitating, and delivering presentations to peers and leaders that includes both technical and non-technical information. In addition, we are seeking someone strategically minded, comfortable with challenging the status quo, disciplined, self-starter, professional, team player, and motivator of others.

Job Responsibilities:

  • As a member of the FS ISO Command Center, support and execute the mission providing oversight of Cyber priorities.

  • Serve as an expert in Capital One's Information Security capabilities, solutions, policies, procedures, and standards.

  • Partner with customers & stakeholders to anticipate their objectives and needs to better serve their needs.

  • Provide monitoring and reporting on various cyber initiatives.

  • Build relationships vertically and horizontally both within FS and the Capital One enterprise.

  • Maintain awareness and tracking of enterprise cyber initiatives that could impact the FS Division, communicating them as required.

  • Maintain a continuous service improvement mindset; seeking out improvement and efficiency opportunities at all times.

  • Lead and collaborate with various teams to drive the execution to improve, create, and validate requirements, processes, controls, and metrics to measure process efficiency and effectiveness.

  • Drive projects end-to-end, which may include the creation of formal process documents

  • Proficiently tailor verbal and written communications to audience needs and levels.

  • Develop and deliver presentations to peers, customers, and senior leadership.

  • Provide ad-hoc and special request support as needed.

  • Provide regular updates to leadership on the status of Cyber initiatives within FS.

Basic Qualifications:

  • High School Diploma, GED, or equivalent certification

  • At least 3 years of information security or risk management experience

  • At least 2 years of experience in cybersecurity, privacy, or technology industry standards

  • At least 2 years of project management experience

Preferred Qualifications:

  • Bachelor's Degree

  • 4+ years of experience managing, consulting, auditing, or working in the fields of information security, technology, or risk management

  • 4+ years of experience with cybersecurity or technology policies

  • Experience with Tableau development, JIRA, Confluence and AI products

  • Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM)

At this time, Capital One will not sponsor a new applicant for employment authorization, or offer any immigration related support for this position (i.e. H1B, F-1 OPT, F-1 STEM OPT, F-1 CPT, J-1, TN, or another type of work authorization).

The minimum and maximum full-time annual salaries for this role are listed below, by location. Please note that this salary information is solely for candidates hired to perform work within one of these locations, and refers to the amount Capital One is willing to pay at the time of this posting. Salaries for part-time roles will be prorated based upon the agreed upon number of hours to be regularly worked.

McLean, VA: $131,300 - $149,800 for Prin Assoc, Cyber Risk & Analysis


Plano, TX: $119,400 - $136,200 for Prin Assoc, Cyber Risk & Analysis


Richmond, VA: $119,400 - $136,200 for Prin Assoc, Cyber Risk & Analysis









Candidates hired to work in other locations will be subject to the pay range associated with that location, and the actual annualized salary amount offered to any candidate at the time of hire will be reflected solely in the candidate's offer letter.

This role is also eligible to earn performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI). Incentives could be discretionary or non discretionary depending on the plan.

Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. Learn more at theCapital One Careers website. Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level.

This role is expected to accept applications for a minimum of 5 business days.No agencies please. Capital One is an equal opportunity employer (EOE, including disability/vet) committed to non-discrimination in compliance with applicable federal, state, and local laws. Capital One promotes a drug-free workplace. Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries, including, to the extent applicable, Article 23-A of the New York Correction Law; San Francisco, California Police Code Article 49, Sections 4901-4920; New York City's Fair Chance Act; Philadelphia's Fair Criminal Records Screening Act; and other applicable federal, state, and local laws and regulations regarding criminal background inquiries.

If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at 1-800-304-9102 or via email at RecruitingAccommodation@capitalone.com. All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodations.

For technical support or questions about Capital One's recruiting process, please send an email to Careers@capitalone.com

Capital One does not provide, endorse nor guarantee and is not liable for third-party products, services, educational tools or other information available through this site.

Capital One Financial is made up of several different entities. Please note that any position posted in Canada is for Capital One Canada, any position posted in the United Kingdom is for Capital One Europe and any position posted in the Philippines is for Capital One Philippines Service Corp. (COPSSC).


What Capital One employees say

Pay

Benefits

Hours and flexibility

Workplace

Get the full story on Breakroom