1

It Risk Analyst Jobs (NOW HIRING)

IT Risk Analyst I

Charlotte, NC · On-site

$44 - $48/hr

... risk philosophy. * The EDD Analyst will conduct EDD reviews consistent with company policy and ... information, pregnancy, or any other protected characteristic as outlined by federal, state, or ...

New

This is a hands-on, cross-functional role that provides broad exposure to IT risk assessments, cybersecurity risk analysis, governance activities, issue management, and policy support. The position ...

Technical Risk Analyst Position Summary We are seeking a Technical Risk Analyst to support IT security controls testing, risk assessments, and assurance activities across a complex technology ...

Technical Risk Analyst Position Summary We are seeking a Technical Risk Analyst to support IT security controls testing, risk assessments, and assurance activities across a complex technology ...

IT Risk & Compliance Analyst

Andover, MA · On-site +1

$95K - $95K/yr

Scope of Position The IT Risk & Compliance Analyst, as part of the Information Security organization, is responsible for supporting the execution of Watts' IT compliance, audit readiness ...

New

next page

Showing results 1-20

It Risk Analyst information

See salary details

$15

$40

$65

How much do it risk analyst jobs pay per hour?

As of Jul 12, 2026, the average hourly pay for it risk analyst in the United States is $40.49, according to ZipRecruiter salary data. Most workers in this role earn between $29.81 and $49.28 per hour, depending on experience, location, and employer.

What does an IT Risk Analyst do?

An IT Risk Analyst is responsible for identifying, assessing, and mitigating risks that could impact an organization's information technology systems and data. They analyze potential threats, such as cyberattacks or data breaches, and develop strategies to minimize these risks. Their role involves working closely with other IT professionals to ensure compliance with security policies and regulatory requirements, as well as preparing risk reports and recommending improvements. Ultimately, IT Risk Analysts help organizations protect sensitive information and maintain secure, reliable IT operations.

What are the key skills and qualifications needed to thrive as an IT Risk Analyst, and why are they important?

To thrive as an IT Risk Analyst, you need a strong understanding of risk management frameworks, cybersecurity principles, and regulatory compliance—often supported by a degree in information technology or a related field. Familiarity with tools such as risk assessment software, vulnerability scanners, and certifications like CISSP or CISA is typically required. Analytical thinking, attention to detail, and effective communication are vital soft skills that distinguish top performers in this role. These competencies are crucial for accurately identifying risks, ensuring regulatory compliance, and effectively communicating findings to stakeholders.

What are some common challenges IT Risk Analysts face when collaborating with other departments?

IT Risk Analysts often work closely with various departments such as IT, compliance, and operations to identify and mitigate risks. One common challenge is translating technical risk information into terms that non-technical stakeholders can understand. Additionally, balancing the need for rigorous security measures with business objectives can sometimes lead to conflicting priorities. Effective communication and building strong relationships across teams are key to overcoming these challenges and ensuring that risk controls are both practical and effective.

What is the difference between It Risk Analyst vs Cybersecurity Analyst?

AspectIt Risk AnalystCybersecurity Analyst
CertificationsISO 27001, CISSP, CISACISSP, CEH, CompTIA Security+
Work EnvironmentFinancial, healthcare, corporate sectors focusing on risk managementIT security teams, cybersecurity firms, tech companies
Employer & Industry UsageFinancial institutions, large corporations, consulting firmsTech companies, government agencies, security firms

While both roles focus on protecting information, the It Risk Analyst primarily assesses and manages overall IT risks within organizations, emphasizing compliance and risk mitigation strategies. In contrast, the Cybersecurity Analyst concentrates on defending systems from cyber threats and attacks. Both roles often collaborate but serve distinct functions in an organization's security framework.

More about It Risk Analyst jobs
What cities are hiring for It Risk Analyst jobs? Cities with the most It Risk Analyst job openings:
What states have the most It Risk Analyst jobs? States with the most job openings for It Risk Analyst jobs include:
Infographic showing various It Risk Analyst job openings in the United States as of July 2026, with employment types broken down into 1% Locum Tenens, 1% Internship, 86% Full Time, 6% Part Time, 1% Temporary, and 5% Contract. Highlights an 82% Physical, 5% Hybrid, and 13% Remote job distribution, with an average salary of $84,210 per year, or $40.5 per hour.
Principal Technology Risk Analyst

Principal Technology Risk Analyst

Fidelity Investments

Boston, MA • On-site

$129K - $137K/yr

Full-time

Re-posted 2 days ago


Fidelity Investments rating

8.7

Company rating: 8.7 out of 10

Based on 266 frontline employees who took The Breakroom Quiz

17th of 148 rated financial services


Job description


Position Description:
Documents and communicates risk findings, while building data drive dashboards and trend reports to support leadership decision-making, using NIST, SOC, and COSO frameworks for governance, risk management, and compliance. Supports enterprise risk management by partnering with technology domains to assess the effectiveness of controls, implements automated monitoring and data analysis solutions to identify emerging risks, and informs proactive mitigation strategies. Identifies, assesses, and quantifies risks via data analytics, using MS Excel, SQL, Python, PowerBI and Tableau, and technical assessments (penetration testing, risk assessments, audits and vendor security assessments), enabling teams to proactively self-identify and remediate issues. Analyzes Key Performance Indicators (KPIs) to assess technology performance and optimize delivery models to improve scalability and operational efficiency. Develops plans to safeguard computer files against accidental or unauthorized modification, destruction, or disclosure, and to meet emergency data processing needs.
Primary Responsibilities:
  • Collaborates across cross-functional teams to break down complex solutions, drive consensus, and align enterprise-wide strategies.
  • Monitors and reports security compliance on computing platforms including end user devices, critical enterprise APIs, server, and database systems to strengthen their protection against computer virus and other cyberattacks.
  • Conducts risk assessments and tests data processing systems to ensure the operational integrity and security measures.
  • Enables audit readiness and risk alignment by guiding technical teams through internal audits and risk assessments, to ensure control effectiveness and audit-ready documentation.
  • Builds risk monitoring solutions to detect emerging risk patterns, track control performance, and provide actionable insights for continuous improvement.
  • Collaborates with architects and engineering leads to define scalable, secure, and resilient controls across business units, embedding risk awareness into delivery practices.
  • Support strategic risk initiatives by communicating complex technical issues to leadership, fostering trust and a strong risk control culture.
  • Support operating model optimization by analyzing performance and risk metrics to identify inefficiencies and recommend improvements aligned with strategic goals.

Education and Experience:
Bachelor's degree in Computer Science, Engineering, Information Technology, Information Systems, Cybersecurity, or a closely related field (or foreign education equivalent) and five (5) years of experience as a Principal Technology Risk Analyst (or closely related occupation) performing IT audits, penetration testing, and risk assessments using Cloud security, operating system technologies, SecDevOps, networking and cybersecurity tools, and scripting and data analytics, in an Enterprise Technology domain.
Or, alternatively, Master's degree in Computer Science, Engineering, Information Technology, Information Systems, Cybersecurity, or a closely related field (or foreign education equivalent) and three (3) years of experience as a Principal Technology Risk Analyst (or closely related occupation) performing IT audits, penetration testing, and risk assessments using Cloud security, operating system technologies, SecDevOps, networking and cybersecurity tools, and scripting and data analytics, in an Enterprise Technology domain.
Skills and Knowledge:
Candidate must also possess:
  • Demonstrated Expertise ("DE") performing cybersecurity technology audit and risk analysis of applications within Cloud infrastructure environments (AWS and Azure services), using DivvyCloud, CloudDiscovery, Datadog, Snowflake, and SecureTrak; and performing cybersecurity assessments -- including system hardening, identity management, and data protection of server platforms (Linux, Unix, and Windows), databases (SQL, NoSQL, and Cloud-native), Mainframe TSS Z/OS, and IBM MQs -- using Microsoft Defender, Unix Shell scripting, Powershell Scripting, Splunk, and JSonar.
  • DE planning and executing data-driven risk identification and mitigation engagements for large-scale digital platforms, using Splunk Logging, PowerShell scripting, Python Scripting, MS Excel, PowerBI for data analytics and visualization, and AWS Cloudtrail.
  • DE evaluating end-to-end security of platforms and Continuous Integration and Continuous Delivery (CI/CD) pipelines (including penetration testing), using GitHub, Jenkins, CyberArk, HashiCorp Vault, and Artifactory.

Salary: $129,600.00 - $137,000.00/year.
#PE1M2
#LI-DNI
Certifications:
Category:
Information Technology
Please be advised that Fidelity's business is governed by the provisions of the Securities Exchange Act of 1934, the Investment Advisers Act of 1940, the Investment Company Act of 1940, ERISA, numerous state laws governing securities, investment and retirement-related financial activities and the rules and regulations of numerous self-regulatory organizations, including FINRA, among others. Those laws and regulations may restrict Fidelity from hiring and/or associating with individuals with certain Criminal Histories.

What Fidelity Investments employees say

Pay

Benefits

Hours and flexibility

Workplace

Get the full story on Breakroom