1

It Risk Assurance Jobs (NOW HIRING)

IT Risk Analyst

San Diego, CA · On-site

$79K - $102K/yr

Position Summary The position of IT Risk Analyst is responsible for participating in IT compliance and risk management initiatives. The candidate should demonstrate a basic understanding of IT risk, ...

Previous experience in IT audit, operational risk management, regulatory compliance, or a Big Four consulting environment is preferred. * Relevant professional certications such as CISA, CISSP, CISM ...

Previous experience in IT audit, operational risk management, regulatory compliance, or a Big Four consulting environment is preferred. * Relevant professional certifications such as CISA, CISSP ...

The IT Security Risk Manager will lead the identification, assessment, monitoring, and mitigation of information technology and security risks across the health system, ensuring compliance with ...

Manager, IT Risk Operations

Palo Alto, CA · On-site

$147K - $198K/yr

Strengthen IT Governance & Controls * Lead the development of executive-level reporting on IT risk, compliance posture, and operational performance * Build and evolve KPI/KRI dashboards that provide ...

The Role: Lead, IT Risk The Lead of Technology Risk position is predominantly focused on helping the overall risk management group and different areas of technology to come together. This role will ...

Senior IT Risk Analyst (First Line of Defense) Rockland Trust is seeking a Senior IT Risk Analyst to advance the Bank's First Line of Defense IT Risk Management Program. This is a hybrid role, 3 days ...

Reporting to the Global Head of Internal Audit, this executive will lead Sedgwick's IT internal audit program, including IT audits, IT SOX, SAP controls, and technology risk assurance across a ...

New

Reporting to the Global Head of Internal Audit, this executive will lead Sedgwick's IT internal audit program, including IT audits, IT SOX, SAP controls, and technology risk assurance across a ...

New

Senior IT Risk Analyst (First Line of Defense) Rockland Trust is seeking a Senior IT Risk Analyst to advance the Bank's First Line of Defense IT Risk Management Program. This is a hybrid role, 3 days ...

Senior Principal, Internal Audit, IT

Bedford, MA · On-site

$88K - $110K/yr

... risk assurance activities, and help advance Internal Audit's use of data analytics, automation ... The Senior Principal, Global IT Internal Audit will partner closely with executive leadership ...

next page

Showing results 1-20

It Risk Assurance information

See salary details

$65K

$144.7K

$262.5K

How much do it risk assurance jobs pay per year?

As of Jul 16, 2026, the average yearly pay for it risk assurance in the United States is $144,712.00, according to ZipRecruiter salary data. Most workers in this role earn between $87,000.00 and $174,000.00 per year, depending on experience, location, and employer.

Is it risk a good career?

IT Risk Assurance is a growing field that involves identifying and managing technology-related risks within organizations. It offers opportunities for career advancement, certifications like CISA or CISSP, and a work environment that combines technical skills with business understanding. Many professionals find it a stable and rewarding career path due to increasing cybersecurity concerns and regulatory requirements.

What do you do in risk assurance?

In risk assurance, professionals evaluate and improve an organization's controls, processes, and systems to manage risks effectively. They perform audits, assess compliance with regulations, and use tools like data analytics to identify vulnerabilities and ensure operational integrity.

What is the difference between It Risk Assurance vs Cybersecurity Analyst?

AspectIt Risk AssuranceCybersecurity Analyst
CertificationsISO 27001, CISSP, CISACISSP, CompTIA Security+, CEH
Work EnvironmentAudit firms, consulting companies, corporate risk teamsIT security teams, corporate or government agencies
Primary FocusAssessing and managing IT risks, compliance, controlsDetecting, preventing, and responding to security threats

It Risk Assurance professionals focus on evaluating IT controls, compliance, and risk management processes, often within audit or consulting settings. Cybersecurity Analysts concentrate on protecting systems from threats through monitoring and incident response. While both roles require security certifications and involve IT security, their core responsibilities and work environments differ.

What are the typical challenges faced in an IT Risk Assurance role, and how can they be effectively managed?

Professionals in IT Risk Assurance often encounter the challenge of keeping up with rapidly evolving technology and regulatory requirements. Balancing thorough risk assessments with tight project deadlines can also be demanding, especially in large organizations with complex IT environments. Effective management involves continuous learning, strong communication with both technical and non-technical teams, and the ability to prioritize risks based on business impact. Leveraging industry frameworks and collaborating closely with stakeholders can help address these challenges and ensure robust risk mitigation.

Is SOC an entry level job?

SOC (Security Operations Center) analyst roles are often entry-level positions in cybersecurity, but requirements vary by organization. Many entry-level SOC jobs require basic knowledge of security tools, monitoring, and incident response, with some roles offering on-the-job training or requiring relevant certifications like CompTIA Security+.

What is IT Risk Assurance?

IT Risk Assurance refers to the process of identifying, evaluating, and managing risks related to an organization's information technology systems. Professionals in this field help ensure that IT systems are secure, reliable, and compliant with relevant regulations and standards. They perform assessments, audit IT processes, and recommend controls to minimize risks such as data breaches, system failures, or non-compliance. IT Risk Assurance is essential for protecting sensitive information and maintaining business continuity.

What are the key skills and qualifications needed to thrive as an IT Risk Assurance professional, and why are they important?

To thrive as an IT Risk Assurance professional, you need a solid understanding of information systems, risk management frameworks, and auditing principles, usually supported by a degree in information technology, cybersecurity, or a related field. Familiarity with tools like GRC (Governance, Risk, and Compliance) platforms, security assessment software, and certifications such as CISA or CISSP are typically required. Strong analytical thinking, attention to detail, and effective communication skills help professionals stand out in this role. These competencies are essential for accurately identifying, assessing, and mitigating IT risks to protect organizational assets and ensure regulatory compliance.

What jobs pay $500,000 a year in the US?

In IT Risk Assurance, senior roles such as Chief Information Security Officer (CISO) or senior risk management executives can reach or exceed $500,000 annually, especially with extensive experience, certifications like CISSP or CISA, and working in large organizations or consulting firms. These positions often involve overseeing cybersecurity strategies, compliance, and risk mitigation at the executive level.
More about It Risk Assurance jobs
What cities are hiring for It Risk Assurance jobs? Cities with the most It Risk Assurance job openings:
What states have the most It Risk Assurance jobs? States with the most job openings for It Risk Assurance jobs include:
Infographic showing various It Risk Assurance job openings in the United States as of July 2026, with employment types broken down into 1% As Needed, 90% Full Time, 7% Part Time, and 2% Contract. Highlights an 94% Physical, 2% Hybrid, and 4% Remote job distribution, with an average salary of $144,712 per year, or $69.6 per hour.
Principal Technology Risk Analyst - Program & Regulatory Assurance

Principal Technology Risk Analyst - Program & Regulatory Assurance

Fidelity Investments

Westlake, TX

Full-time

Posted 10 days ago


Fidelity Investments rating

8.7

Company rating: 8.7 out of 10

Based on 266 frontline employees who took The Breakroom Quiz

17th of 148 rated financial services


Job description

Job Description:

Title: Principal Technology Risk Analyst

Note: Fidelity will not provide immigration sponsorship for this position.

The Role

The Enterprise Technology Risk group is seeking a passionate, driven and experienced professional to contribute to the Technology Risk Program and Regulatory Assurance CoE team.This role is responsible for performing regulatory and program management responsibilities, including designing and maintaining technology controls to support program and regulatory requirements. This role will require networking and relationship management skills to collaborate with the Controls Testing team, and various business units and risk teams across the enterprise. You will be working on:

  • Ensuring risk and control taxonomy aligns with enterprise standards
  • Developing and monitoring technology controls for security and compliance
  • Providing technical support and acting as liaison for technology risk management
  • Managing control updates, annual mapping, and testing requirements
  • Design, document, and maintain Risk and Control Matrices (RCMs/RACMs) across business and IT processes
  • Continuously improve and standardize control documentation and governance practices
  • Overseeing control certification process
  • Partnering with Control Testing team to track progress and remediation
  • Representing ETRA in enterprise control initiatives and special projects
  • Supporting regulatory activities, risk assessments, and examinations
  • Leading and supporting SOX 404 compliance, including control documentation
  • Reviewing SOC reports, assessing CUECs, and communicating control gaps

The Team

The Technology Risk Program and Regulatory Assurance team is responsible for managing controls to support program requirements, monitoring the results of control testing to meet program requirements, and ensuring a consistent risk and control taxonomy is leveraged in accordance with enterprise best practices. Additionally, this team supports regulatory activities such as maintaining application, server, and database inventories by entity.Technology Risk is part of the broader Legal, Risk and Compliance group and partners with Corporate Audit, Enterprise Compliance, and Security to protect the interests of our customers, our employees, and Fidelity's brand. You will also work closely with the Enterprise Technology Risk teams as well as Fidelity technology and business owners, and Operational Risk teams.

The Expertise and Skills You Bring

  • 5 -7 years' experience in information technology risk, controls, or audit roles
  • Bachelor's degree in computer science, technology, or a related field of study preferred
  • Professional technology and associated risk certifications (CISSP, CISA, CRISC, CISM), Certified risk/fraud examiners (CRE, CFE), and/or Cloud Certification(s) (CCSP, CCSK, AWS) preferred
  • Experience documenting controls for large scale financial service organizations (cloud, distributed, vendor solutions, mainframe, network environments, and AI)
  • Demonstrated technical abilities in multiple areas (e.g., technology infrastructure and application controls, cyber security, access management, network and cloud, resiliency, etc.)
  • Working knowledge of Cloud security and controls and cloud technology environments (AWS/Azure, SaaS, PaaS)
  • You have a strong knowledge of information technology processes and controls, and a comprehensive understanding of risk, quality control and assurance functions
  • Your love of solving complex problems, and comfort with ambiguous situations, and your ability to help solution innovative ways to mitigate risk using your advanced analytical and critical thinking skills
  • Your ability to build and maintain collaborative working relationships with Information Technology and Business personnel to design effective controls
  • Your process orientation and understanding of operations and technology enabling you to provide support in the analysis, development, and monitoring of controls
  • Knowledge of Industry standards, regulations, frameworks and best practices, such as NIST SP 800-53, COBIT, AICPA Trust Principles, ISO27001, SWIFT, HITRUST, and SOX404 is preferred
  • ISO9001 and/or ISO27001 certification preferred, with responsibility to support and participate in ISO peer audit reviews.
  • Knowledge of Governance, Risk, and Compliance (GRC) tools, such as Archer is preferred
  • Your excellent verbal and written communication skills enabling you to prepare and present recommendations to senior management

Note: Fidelity will not provide immigration sponsorship for this position.

Fidelity's Onsite Working Model
Fidelity is transitioning to a full-time onsite working model through a phased rollout across regions and roles. Currently, some roles and locations require 100% onsite presence, while others require less. Onsite expectations are likely to evolve as the rollout continues. This transition does not apply to fully remote roles.

Certifications:Category:Information Technology

Please be advised that Fidelity's business is governed by the provisions of the Securities Exchange Act of 1934, the Investment Advisers Act of 1940, the Investment Company Act of 1940, ERISA, numerous state laws governing securities, investment and retirement-related financial activities and the rules and regulations of numerous self-regulatory organizations, including FINRA, among others. Those laws and regulations may restrict Fidelity from hiring and/or associating with individuals with certain Criminal Histories.


What Fidelity Investments employees say

Pay

Benefits

Hours and flexibility

Workplace

Get the full story on Breakroom