ZipRecruiter

Log In

1

It Risk Manager Jobs in Boston, MA (NOW HIRING)

Rockland Trust

Senior IT Risk Analyst

Plymouth, MA · Hybrid

Senior IT Risk Analyst (First Line of Defense) Rockland Trust is seeking a Senior IT Risk Analyst to advance the Bank's First Line of Defense IT Risk Management Program. This is a hybrid role, 3 days ...

Rockland Trust

Senior IT Risk Analyst

Plymouth, MA · Hybrid

Senior IT Risk Analyst (First Line of Defense) Rockland Trust is seeking a Senior IT Risk Analyst to advance the Bank's First Line of Defense IT Risk Management Program. This is a hybrid role, 3 days ...

Thinkbrg

IT Risk and Compliance Analyst

Boston, MA · On-site

$90K - $115K/yr

Reporting Relationships: * IT Risk and Compliance Manager Key Contacts: * Works closely with the Legal and Business Unit stakeholders. * This role will work with the clients in response to security ...

next page

Showing results 1-20

People also search for

All JobsIt Risk Manager JobsIt Risk Manager Jobs in Boston, MA

It Risk Manager information

See Boston, MA salary details

$55.9K

$121.2K

$184.7K

How much do it risk manager jobs pay per year?

As of May 28, 2026, the average yearly pay for it risk manager in Boston, MA is $121,193.00, according to ZipRecruiter salary data. Most workers in this role earn between $97,800.00 and $140,100.00 per year, depending on experience, location, and employer.

What are the key skills and qualifications needed to thrive as an IT Risk Manager, and why are they important?

To thrive as an IT Risk Manager, you need a solid understanding of risk assessment, information security, and compliance frameworks, often backed by a bachelor's degree in information technology or related fields. Familiarity with tools such as risk management software, GRC platforms, and certifications like CISSP, CISM, or CRISC is typically required. Strong analytical thinking, communication skills, and the ability to influence stakeholders are crucial soft skills in this role. These skills ensure effective identification, mitigation, and communication of IT risks, supporting organizational resilience and compliance.

What are some common challenges faced by IT Risk Managers when implementing risk mitigation strategies across different departments?

IT Risk Managers often encounter challenges such as varying levels of risk awareness among departments, resistance to new controls or procedures, and balancing business objectives with security requirements. Successful risk mitigation requires clear communication, stakeholder buy-in, and tailored training to ensure all teams understand the importance of compliance. Building strong relationships and fostering a culture of shared responsibility are key to overcoming these hurdles and ensuring effective risk management across the organization.

What does an IT Risk Manager do?

An IT Risk Manager is responsible for identifying, assessing, and mitigating risks that could impact an organization's information technology systems and data. They develop and implement risk management strategies, policies, and procedures to protect against cybersecurity threats, data breaches, and compliance violations. IT Risk Managers also work closely with other departments to ensure security best practices are followed and often lead risk assessments, audits, and incident response planning.

What is the difference between It Risk Manager vs Cybersecurity Analyst?

AspectIt Risk ManagerCybersecurity Analyst
CertificationsCRISC, CISSP, CISMCISSP, Security+, CEH
Work EnvironmentOversees risk management strategies across IT systemsMonitors and responds to security threats and incidents
Industry UsageUsed in organizations with complex IT infrastructuresCommon in security-focused roles across industries

The It Risk Manager focuses on identifying and managing IT risks at an organizational level, ensuring compliance and risk mitigation strategies. In contrast, a Cybersecurity Analyst primarily monitors security threats and responds to incidents. While both roles require similar certifications and work within the IT security domain, the It Risk Manager has a broader scope related to risk management policies, whereas the Cybersecurity Analyst concentrates on threat detection and response.

What are popular job titles related to It Risk Manager jobs in Boston, MA? For It Risk Manager jobs in Boston, MA, the most frequently searched job titles are:
What job categories do people searching It Risk Manager jobs in Boston, MA look for? The top searched job categories for It Risk Manager jobs in Boston, MA are:
It Risk Manager jobs near you
Senior IT Risk Analyst

Senior IT Risk Analyst

Rockland Trust

Plymouth, MA • Hybrid

Other

Medical, Dental, Life, Retirement, PTO

Posted 14 days ago

Job description

Senior IT Risk Analyst (First Line of Defense)

Rockland Trust is seeking a Senior IT Risk Analyst to advance the Bank's First Line of Defense IT Risk Management Program. 

This is a hybrid role, 3 days Mon-Wed in the Plymouth office then remaining days working remotely. 

This senior professional contributes to the identification, assessment, and mitigation of technology risks, providing informed recommendations to IT and business stakeholders. The role emphasizes accountability for high-quality risk assessments, strong judgment in interpreting results, and proactive contributions to process improvement and risk awareness across the organization.

This role serves as a resource and mentor to less-experienced colleagues, supporting development and consistent execution of sound risk management practices. The Senior IT Risk Analyst works closely with stakeholders across IT and business areas to ensure risks are adequately identified and managed, controls are designed and operating effectively, and necessary remediation activities are completed in a timely manner.

Key Responsibilities

IT Risk Assessment & Control Evaluation

  • Lead comprehensive IT risk assessments across applications, infrastructure, and IT processes, including inherent and residual risk evaluations.
  • Evaluate the design and operating effectiveness of controls, ensuring assessments are evidence-based and aligned with internal methodologies and regulatory requirements.
  • Conduct detailed walkthroughs and interviews with IT and business stakeholders to validate processes and risks, identify control gaps, and obtain and evaluate appropriate documentation and evidence.
  • Analyze risk and control data to identify trends, recurring issues, or systemic weaknesses to translate findings into actionable insights.
  • Maintain sufficient documentation of assessments performed, tests conducted, and issues noted in the Bank's systems of record, ensuring clarity, completeness, and alignment with Bank and regulatory methodology and requirements.

Risk Communication & Issue Resolution

  • Communicate findings, risk implications, control gaps, or other such issues to stakeholders in a professional, credible, and constructive manner.
  • Support, advise, and challenge remediation plans to ensure proposed actions effectively mitigate identified risks.
  • Coordinate responses to audit, regulatory, or other internal inquiries, ensuring timely and accurate resolution of outstanding issues.
  • Track and monitor remediation efforts and key milestones to facilitate risk closure, proactively identifying potential bottlenecks or emerging risks.

Program Support & Mentorship

  • Provide guidance and informal coaching to junior team members, reviewing work products to ensure adherence to risk assessment standards and quality expectations.
  • Contribute to continuous improvement initiatives for IT risk assessment methodologies, reporting practices, and other opportunities.
  • Serve as a trusted resource for IT and business teams on risk-related topics, fostering a risk-aware culture and promoting best practices.
  • Stay current with regulatory guidance, industry standards, and emerging risks to support program maturity and long-term risk management effectiveness.

Required Qualifications

  • Bachelor's degree in Information Technology, Computer Science, Cybersecurity, Accounting, Finance, or a related field with equitable risk and controls experience.
  • Minimum of 5 years of professional experience in IT risk management, technology audit, or control testing, including execution of risk assessments, control evaluation, and reporting.
  • Must be able to work the hybrid schedule:  3 days Mon-Wed in the Plymouth office then remaining days work remotely. 
  • Experience with GRC platforms (e.g., Archer) and risk reporting tools (e.g., PowerBI dashboards).
  • Familiarity with risk and control frameworks such as NIST, CIS, COBIT, FFIEC, or ISO.
  • Demonstrated ability to effectively communicate, both written and verbally, complex IT risk and control concepts effectively to technical and non-technical stakeholders.
  • Experience navigating highly regulated or matrixed environments, interacting with audit, compliance, and/ or regulatory stakeholders.
  • Strong analytical skills, attention to detail, and ability to make independent, informed decisions.
  • Proven ability to influence outcomes and drive follow-through on risk identification and mitigation activities.

Highly preferred:

  • Professional certifications: CISA, CRISC, CISM, CISSP, or equivalent.
  • Financial services industry experience.

Required Qualifications

  • Bachelor's degree in Information Technology, Computer Science, Cybersecurity, Accounting, Finance, or a related field with equitable risk and controls experience.
  • Minimum of 5 years of professional experience in IT risk management, technology audit, or control testing, including execution of risk assessments, control evaluation, and reporting.
  • Must be able to work the hybrid schedule: 3 days Mon-Wed in the Plymouth office then remaining days work remotely.
  • Experience with GRC platforms (e.g., Archer) and risk reporting tools (e.g., PowerBI dashboards).
  • Familiarity with risk and control frameworks such as NIST, CIS, COBIT, FFIEC, or ISO.
  • Demonstrated ability to effectively communicate, both written and verbally, complex IT risk and control concepts effectively to technical and non-technical stakeholders.
  • Experience navigating highly regulated or matrixed environments, interacting with audit, compliance, and/ or regulatory stakeholders.
  • Strong analytical skills, attention to detail, and ability to make independent, informed decisions.
  • Proven ability to influence outcomes and drive follow-through on risk identification and mitigation activities.

Highly preferred:

  • Professional certifications: CISA, CRISC, CISM, CISSP, or equivalent.
  • Financial services industry experience.

Our goal is to offer our colleagues the most generous benefits package possible. We strive to provide colleagues with a comprehensive benefits package and an environment that supports a healthy work-life balance. Benefits include: Competitive compensation with performance incentive awards, Health Insurance, Dental Insurance, a 401K and DC Plan for your retirement, LTD & Life Insurance, Vacation Time, Day Care Reimbursement, Tuition Assistance for graduate and undergraduate programs, an Award Winning Wellness program and much more!

At Rockland Trust you'll find a respectful and inclusive environment where everyone is given the chance to succeed. We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law.

Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Key Responsibilities

IT Risk Assessment & Control Evaluation

  • Lead comprehensive IT risk assessments across applications, infrastructure, and IT processes, including inherent and residual risk evaluations.
  • Evaluate the design and operating effectiveness of controls, ensuring assessments are evidence-based and aligned with internal methodologies and regulatory requirements.
  • Conduct detailed walkthroughs and interviews with IT and business stakeholders to validate processes and risks, identify control gaps, and obtain and evaluate appropriate documentation and evidence.
  • Analyze risk and control data to identify trends, recurring issues, or systemic weaknesses to translate findings into actionable insights.
  • Maintain sufficient documentation of assessments performed, tests conducted, and issues noted in the Bank's systems of record, ensuring clarity, completeness, and alignment with Bank and regulatory methodology and requirements.

Risk Communication & Issue Resolution

  • Communicate findings, risk implications, control gaps, or other such issues to stakeholders in a professional, credible, and constructive manner.
  • Support, advise, and challenge remediation plans to ensure proposed actions effectively mitigate identified risks.
  • Coordinate responses to audit, regulatory, or other internal inquiries, ensuring timely and accurate resolution of outstanding issues.
  • Track and monitor remediation efforts and key milestones to facilitate risk closure, proactively identifying potential bottlenecks or emerging risks.

Program Support & Mentorship

  • Provide guidance and informal coaching to junior team members, reviewing work products to ensure adherence to risk assessment standards and quality expectations.
  • Contribute to continuous improvement initiatives for IT risk assessment methodologies, reporting practices, and other opportunities.
  • Serve as a trusted resource for IT and business teams on risk-related topics, fostering a risk-aware culture and promoting best practices.
  • Stay current with regulatory guidance, industry standards, and emerging risks to support program maturity and long-term risk management effectiveness.


Apply