1

It Risk Jobs in Massachusetts (NOW HIRING)

Bachelor's degree in Cybersecurity, Information Technology, Risk Management, Business Continuity, or a related field (or equivalent experience) * 2-5 years of experience in cybersecurity, business ...

Bachelor's degree in Cybersecurity, Information Technology, Risk Management, Business Continuity, or a related field (or equivalent experience) * 2-5 years of experience in cybersecurity, business ...

Bachelor's degree in Cybersecurity, Information Technology, Risk Management, Business Continuity, or a related field (or equivalent experience) * 2-5 years of experience in cybersecurity, business ...

Own and evolve the IT risk assessment program, ensuring risks areidentified, prioritized, and addressed across the enterprise. * Lead end-to-end IT SOX compliance including risk assessment, control ...

Own and evolve the IT risk assessment program, ensuring risks are identified, prioritized, and addressed across the enterprise. * Lead end-to-end IT SOX compliance including risk assessment, control ...

IT SOX Analyst

Billerica, MA · On-site

$105K - $130K/yr

Maintain and update SOX documentation, including narratives, risk and control matrices, and process flows * Collaborate with IT, Finance, and business teams to strengthen controls and improve ...

next page

Showing results 1-20

It Risk information

See Massachusetts salary details

$15

$33

$80

How much do it risk jobs pay per hour?

As of Jul 8, 2026, the average hourly pay for it risk in Massachusetts is $33.13, according to ZipRecruiter salary data. Most workers in this role earn between $21.25 and $42.26 per hour, depending on experience, location, and employer.

What is IT risk?

IT risk refers to the potential for losses or negative impacts to an organization resulting from the use of information technology. This includes threats such as data breaches, cyberattacks, system failures, and non-compliance with regulations. IT risk management involves identifying, assessing, and mitigating these risks to protect an organization’s information assets and ensure business continuity.

What is the difference between It Risk vs Cybersecurity Analyst?

AspectIt RiskCybersecurity Analyst
Required CredentialsCertifications like CRISC, CISSP, CISACertifications like CompTIA Security+, CISSP, CEH
Work EnvironmentRisk management teams, compliance departmentsSecurity operations centers, IT departments
Employer & Industry UsageFinancial, healthcare, and large enterprisesTech firms, finance, government agencies

It Risk professionals focus on identifying, assessing, and mitigating risks related to IT systems and compliance. Cybersecurity Analysts primarily monitor and respond to security threats and incidents. While both roles require similar certifications and work in overlapping environments, It Risk emphasizes risk management strategies, whereas Cybersecurity Analysts concentrate on security operations and threat response.

What are the key skills and qualifications needed to thrive as an IT Risk professional, and why are they important?

To thrive as an IT Risk professional, you need a strong understanding of information security principles, risk management frameworks, and relevant regulations, typically supported by a degree in information technology or cybersecurity. Familiarity with risk assessment tools, GRC (Governance, Risk, and Compliance) systems, and certifications such as CISM or CISSP is highly valued. Analytical thinking, attention to detail, and effective communication are vital soft skills for identifying vulnerabilities and collaborating with stakeholders. These competencies are crucial for proactively managing threats and ensuring the organization's information assets remain secure and compliant.

What are some common challenges faced by IT Risk professionals when working with cross-functional teams?

IT Risk professionals often collaborate with various departments such as IT, compliance, finance, and operations. A common challenge is effectively communicating technical risks in terms that non-technical stakeholders can understand, ensuring alignment on priorities and mitigation strategies. Navigating differing risk tolerances and balancing business needs with security requirements can also present difficulties. Building strong relationships and fostering ongoing dialogue are key to overcoming these challenges and ensuring successful risk management across the organization.
What are the most commonly searched types of It Risk jobs in Massachusetts? The most popular types of It Risk jobs in Massachusetts are:
Infographic showing various It Risk job openings in Massachusetts as of July 2026, with employment types broken down into 100% Full Time. Highlights an 86% In-person, and 14% Hybrid job distribution, with an average salary of $68,913 per year, or $33.1 per hour.
Principal Technology Risk Analyst

Principal Technology Risk Analyst

Fidelity Investments

Boston, MA • On-site

$129K - $137K/yr

Full-time

Posted 27 days ago


Fidelity Investments rating

8.7

Company rating: 8.7 out of 10

Based on 266 frontline employees who took The Breakroom Quiz

16th of 146 rated financial services


Job description

Job Description:

Position Description:

Documents and communicates risk findings, while building data drive dashboards and trend reports to support leadership decision-making, using NIST, SOC, and COSO frameworks for governance, risk management, and compliance. Supports enterprise risk management by partnering with technology domains to assess the effectiveness of controls, implements automated monitoring and data analysis solutions to identify emerging risks, and informs proactive mitigation strategies. Identifies, assesses, and quantifies risks via data analytics, using MS Excel, SQL, Python, PowerBI and Tableau, and technical assessments (penetration testing, risk assessments, audits and vendor security assessments), enabling teams to proactively self-identify and remediate issues. Analyzes Key Performance Indicators (KPIs) to assess technology performance and optimize delivery models to improve scalability and operational efficiency. Develops plans to safeguard computer files against accidental or unauthorized modification, destruction, or disclosure, and to meet emergency data processing needs.

Primary Responsibilities:

  • Collaborates across cross-functional teams to break down complex solutions, drive consensus, and align enterprise-wide strategies.

  • Monitors and reports security compliance on computing platforms including end user devices, critical enterprise APIs, server, and database systems to strengthen their protection against computer virus and other cyberattacks.

  • Conducts risk assessments and tests data processing systems to ensure the operational integrity and security measures.

  • Enables audit readiness and risk alignment by guiding technical teams through internal audits and risk assessments, to ensure control effectiveness and audit-ready documentation.

  • Builds risk monitoring solutions to detect emerging risk patterns, track control performance, and provide actionable insights for continuous improvement.

  • Collaborates with architects and engineering leads to define scalable, secure, and resilient controls across business units, embedding risk awareness into delivery practices.

  • Support strategic risk initiatives by communicating complex technical issues to leadership, fostering trust and a strong risk control culture.

  • Support operating model optimization by analyzing performance and risk metrics to identify inefficiencies and recommend improvements aligned with strategic goals.

Education and Experience:

Bachelor's degree in Computer Science, Engineering, Information Technology, Information Systems, Cybersecurity, or a closely related field (or foreign education equivalent) and five (5) years of experience as a Principal Technology Risk Analyst (or closely related occupation) performing IT audits, penetration testing, and risk assessments using Cloud security, operating system technologies, SecDevOps, networking and cybersecurity tools, and scripting and data analytics, in an Enterprise Technology domain.

Or, alternatively, Master's degree in Computer Science, Engineering, Information Technology, Information Systems, Cybersecurity, or a closely related field (or foreign education equivalent) and three (3) years of experience as a Principal Technology Risk Analyst (or closely related occupation) performing IT audits, penetration testing, and risk assessments using Cloud security, operating system technologies, SecDevOps, networking and cybersecurity tools, and scripting and data analytics, in an Enterprise Technology domain.

Skills and Knowledge:

Candidate must also possess:

  • Demonstrated Expertise ("DE") performing cybersecurity technology audit and risk analysis of applications within Cloud infrastructure environments (AWS and Azure services), using DivvyCloud, CloudDiscovery, Datadog, Snowflake, and SecureTrak; and performing cybersecurity assessments -- including system hardening, identity management, and data protection of server platforms (Linux, Unix, and Windows), databases (SQL, NoSQL, and Cloud-native), Mainframe TSS Z/OS, and IBM MQs -- using Microsoft Defender, Unix Shell scripting, Powershell Scripting, Splunk, and JSonar.

  • DE planning and executing data-driven risk identification and mitigation engagements for large-scale digital platforms, using Splunk Logging, PowerShell scripting, Python Scripting, MS Excel, PowerBI for data analytics and visualization, and AWS Cloudtrail.

  • DE evaluating end-to-end security of platforms and Continuous Integration and Continuous Delivery (CI/CD) pipelines (including penetration testing), using GitHub, Jenkins, CyberArk, HashiCorp Vault, and Artifactory.

Salary: $129,600.00 - $137,000.00/year.

#PE1M2

#LI-DNI

Certifications:Category:Information Technology

Please be advised that Fidelity's business is governed by the provisions of the Securities Exchange Act of 1934, the Investment Advisers Act of 1940, the Investment Company Act of 1940, ERISA, numerous state laws governing securities, investment and retirement-related financial activities and the rules and regulations of numerous self-regulatory organizations, including FINRA, among others. Those laws and regulations may restrict Fidelity from hiring and/or associating with individuals with certain Criminal Histories.


What Fidelity Investments employees say

Pay

Benefits

Hours and flexibility

Workplace

Get the full story on Breakroom