ZipRecruiter

Log In

1

Information Security Risk Officer Jobs (NOW HIRING)

next page

Showing results 1-20

All JobsInformation Security Risk Officer Jobs

Information Security Risk Officer information

See salary details

$29.5K

$94.9K

$170.5K

How much do information security risk officer jobs pay per year?

As of Jun 27, 2026, the average yearly pay for information security risk officer in the United States is $94,926.00, according to ZipRecruiter salary data. Most workers in this role earn between $49,500.00 and $127,500.00 per year, depending on experience, location, and employer.

How much does a CISO get paid?

Chief Information Security Officers (CISOs) typically earn between $150,000 and $300,000 annually, depending on the size of the organization, industry, and location. Experienced CISOs with certifications like CISSP or CISM and strong leadership skills can earn higher salaries, often supplemented with bonuses and stock options.

Can you make $500,000 a year in cyber security?

Information Security Risk Officers typically earn salaries ranging from $100,000 to $200,000 annually, depending on experience, certifications, and location. Reaching a $500,000 annual salary usually requires senior roles such as Chief Information Security Officer (CISO) or executive-level positions, which involve strategic leadership, extensive experience, and often additional compensation like bonuses or stock options.

Is SOC an entry level job?

A Security Operations Center (SOC) analyst role is typically not entry-level and usually requires some experience in cybersecurity, network monitoring, or related fields. Entry-level positions in cybersecurity may include roles like SOC analyst I or security technician, but higher-tier SOC roles often demand certifications such as CompTIA Security+ or Certified SOC Analyst (CSA) and familiarity with security tools and incident response processes.

What are the key skills and qualifications needed to thrive as an Information Security Risk Officer, and why are they important?

To thrive as an Information Security Risk Officer, you need a strong background in cybersecurity principles, risk management frameworks, and typically a degree in information technology or a related field. Familiarity with technical tools such as risk assessment software, SIEM systems, and certifications like CISSP or CISM is often required. Strong analytical thinking, attention to detail, and effective communication skills are crucial for translating complex risks to stakeholders and driving organizational change. These skills are vital for identifying, assessing, and mitigating security threats, ensuring the organization's information assets remain protected and compliant.

What does an Information Security Risk Officer do?

An Information Security Risk Officer is responsible for identifying, assessing, and mitigating risks that could threaten an organization's information systems and data. They develop and implement risk management strategies, conduct security assessments, and help ensure compliance with relevant laws and regulations. Their role often involves coordinating with other departments to promote security best practices and preparing reports for senior management on potential threats and risk mitigation efforts.

What is the difference between Information Security Risk Officer vs Cybersecurity Analyst?

AspectInformation Security Risk OfficerCybersecurity Analyst
CertificationsISO 27001 Lead Implementer, CISSP, CISMCompTIA Security+, CEH, CISSP
Work EnvironmentRisk management teams, compliance departmentsSecurity operations centers, incident response teams
Employer & Industry UsageFinancial, healthcare, government sectorsIT firms, cybersecurity service providers
Primary FocusAssessing and managing security risks, complianceDetecting and responding to security threats

The main difference is that an Information Security Risk Officer focuses on identifying, assessing, and managing security risks and ensuring compliance, while a Cybersecurity Analyst primarily detects, investigates, and responds to security threats. Both roles require relevant certifications and work in security-focused environments, but their core responsibilities differ in scope and focus.

What are some common challenges Information Security Risk Officers face when balancing security requirements with business objectives?

Information Security Risk Officers often encounter the challenge of aligning robust security controls with the organization's need for operational efficiency and innovation. Balancing compliance and risk mitigation with the urgency of business initiatives requires strong communication and negotiation skills, as well as a deep understanding of both technical risks and business goals. Successfully navigating these challenges involves collaborating closely with IT, legal, and business stakeholders to develop practical solutions that protect assets without hindering productivity or growth.

Is CISO a high paying job?

A Chief Information Security Officer (CISO) is typically a high-paying executive role in cybersecurity, with salaries often exceeding six figures depending on the organization size and industry. The role requires extensive experience, leadership skills, and often relevant certifications like CISSP or CISM.
More about Information Security Risk Officer jobs
What cities are hiring for Information Security Risk Officer jobs? Cities with the most Information Security Risk Officer job openings:
What job categories do people searching Information Security Risk Officer jobs look for? The top searched job categories for Information Security Risk Officer jobs are:
Information Security Risk Officer jobs near you
Infographic showing various Information Security Risk Officer job openings in the United States as of June 2026, with employment types broken down into 93% Full Time, and 7% Part Time. Highlights an 96% Physical, 1% Hybrid, and 3% Remote job distribution, with an average salary of $94,926 per year, or $45.6 per hour.
Senior Director, Global Information Security & Risk

Senior Director, Global Information Security & Risk

Broad Institute

Cambridge, MA โ€ข On-site

$207K - $304K/yr

Full-time

Medical, Dental, Vision, Life, Retirement, PTO

This job post hasย expired today.ย Applications are no longer accepted.

Job description

The Senior Director, Global Information Security and Risk is the senior-most leader accountable for the organization's enterprise-wide information security posture, risk management, and compliance maturity. Reporting to the CIO, this role provides strategic direction, technical authority, and operational oversight for security across enterprise IT, cloud platforms, research environments, and external partnerships.
Operating at the intersection of academia and industry, the Senior Director ensures that security enables scientific innovation while meeting the expectations of commercial partners, regulators, and funding organizations. This role translates executive risk tolerance and institutional priorities into a coherent, defensible, and scalable security program, and ensures consistent execution through strong domain leadership across Enterprise & Cloud Security, Security Operations, and Risk management.
The Senior Director is the primary authority on security risk, control effectiveness, and program maturity, and serves as a trusted advisor to executive leadership on the organization's readiness to engage in increasingly complex industry partnerships.
This role is a hybrid position, requiring 3 days a week onsite at our office in Cambridge, MA.
What You Will Be Doing
  • Define, own, and continuously mature the organization's global information security and risk strategy, aligning security investments with institutional mission, growth objectives, and partnership requirements.
  • Establish and maintain a multi-year security roadmap that integrates enterprise, cloud, application, data, and operational security capabilities.
  • Own the enterprise security risk management program, including risk identification, assessment, prioritization, and reporting, and maintain the authoritative enterprise risk register.
  • Translate executive and board-level risk tolerance into actionable security architectures, control frameworks, and operational priorities.
  • Provide oversight and direction to Associate Directors and senior leaders across Enterprise & Cloud Security, Security Operations, and GRC, ensuring clear accountability and consistent execution.
  • Build, mentor, and sustain a high-performing security leadership team with strong technical depth and management capability.
  • Own the overall Information Security budget, including planning, prioritization, forecasting, and investment decision-making.
  • Govern strategic security tooling, vendor relationships, and managed service providers to ensure architectural coherence and measurable value.
  • Lead the maturation of the organization's compliance and assurance posture, supporting frameworks such as HIPAA, NIST, ISO 27001, SOC 2, FISMA, and related standards.
  • Ensure security controls are not only compliant but operationally effective, repeatable, and auditable, supporting both regulatory obligations and partner due diligence.
  • Serve as the senior technical authority during audits, assessments, and industry partner security reviews.
  • Act as the primary security advisor to the CIO and executive leadership, providing clear, accurate insight into security posture, risk trends, and investment needs.
  • Develop and deliver executive- and board-level reporting on security risk, incidents, program maturity, and strategic initiatives.
  • Own executive-level oversight of security incident response, ensuring preparedness, effective coordination, and durable remediation.
  • Partner with Legal, Compliance and Data Privacy, Research, Engineering, IT, Finance, and external stakeholders to embed security into institutional initiatives by design.
  • Drive continuous improvement and security transformation through automation, standardization, and scalable security platforms.

What You Bring Along
  • Bachelor's degree in Computer Science, Information Security, Engineering, or equivalent professional experience.
  • 15+ years of progressive experience in information security, with at least 10+ years leading large, multi-domain security programs and teams.
  • Demonstrated experience operating at the senior executive level in complex, regulated, and research-driven environments.
  • Deep understanding of enterprise and cloud security architectures, identity and access management, data protection, detection and response, and vulnerability management.
  • Proven expertise in regulatory and assurance frameworks including HIPAA, NIST, ISO 27001, SOC 2, FISMA, and related standards, particularly in life sciences contexts.
  • Track record of building and leading senior security leadership teams and influencing organizational change at scale.
  • Experience managing significant security budgets, complex vendor ecosystems, and enterprise-wide security initiatives.
  • Strong executive communication skills, with the ability to clearly articulate technical risk and security posture to non-technical leaders and boards.
  • Pragmatic, risk-based approach to security that balances protection, usability, and scientific velocity.
  • CISSP required; additional certifications such as CISM, CRISC, or cloud security credentials are strongly preferred.

The Broad will not support sponsorship for this position.
The expected base pay range for this position as listed above is based on a 40 hour per week schedule. Broad provides pay ranges representing its reasonable and good faith estimate of what the organization reasonably expects to pay for a position at the time of posting. Actual compensation will vary based on factors including but not limited to, relevant skills, experience, education, qualifications, and other factors permissible by law.
At Broad, your base pay is just one part of a comprehensive total rewards package. From day one, this role offers a competitive benefits package including medical, dental, vision, life, and disability insurance; a 401(k) retirement plan; flexible spending and health savings accounts; at least 13 paid holidays; winter closure; paid time off; parental and family care leave; and an employee assistance program, among other Broad benefits.
The Broad Institute is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, national origin, religion, age, color, sex, disability, protected veteran status, or any other characteristic protected by local, state, or federal laws, rules, or regulations.
Should you need a reasonable accommodation to complete the application or interview process, please contact recruiting@broadinstitute.org for assistance.

Apply