Support and help mature quantitative cyber risk analysis approaches such as FAIR to improve how risk is measured and communicated. * Prepare materials and analysis to support the Cyber Risk Committee ...
Support and help mature quantitative cyber risk analysis approaches such as FAIR to improve how risk is measured and communicated. * Prepare materials and analysis to support the Cyber Risk Committee ...
Support and help mature quantitative cyber risk analysis approaches such as FAIR to improve how risk is measured and communicated. * Prepare materials and analysis to support the Cyber Risk Committee ...
Quick apply
Support and help mature quantitative cyber risk analysis approaches such as FAIR to improve how risk is measured and communicated. * Prepare materials and analysis to support the Cyber Risk Committee ...
Support and help mature quantitative cyber risk analysis approaches such as FAIR to improve how risk is measured and communicated. > * Prepare materials and analysis to support the Cyber Risk ...
Support and help mature quantitative cyber risk analysis approaches such as FAIR to improve how risk is measured and communicated. > * Prepare materials and analysis to support the Cyber Risk ...
Lead enterprise cyber risk quantification using FAIR, Monte Carlo simulation, calibrated estimation ... Mentor analysts and uplift 1LOD quant capabilities while preserving 2LOD independence; coordinate ...
Lead enterprise cyber risk quantification using FAIR, Monte Carlo simulation, calibrated estimation ... Mentor analysts and uplift 1LOD quant capabilities while preserving 2LOD independence; coordinate ...
Lead enterprise cyber risk quantification using FAIR, Monte Carlo simulation, calibrated estimation ... Mentor analysts and uplift 1LOD quant capabilities while preserving 2LOD independence; coordinate ...
Lead enterprise cyber risk quantification using FAIR, Monte Carlo simulation, calibrated estimation ... Mentor analysts and uplift 1LOD quant capabilities while preserving 2LOD independence; coordinate ...
Cloud/Cyber Risk Management Analyst Sr
New York, NY · On-site
$90K - $150K/yr
Assesses and report Cyber risk profile based on quantitative and qualitative risk measures and including assessment of effectiveness of planned remediation/mitigation of excess risk exposure and ...
Cloud/Cyber Risk Management Analyst Sr
New York, NY · On-site
$90K - $150K/yr
Assesses and report Cyber risk profile based on quantitative and qualitative risk measures and including assessment of effectiveness of planned remediation/mitigation of excess risk exposure and ...
As the Director, Technology & Cyber Risk Metrics & Reporting will be a seasoned leader with strong knowledge of quantitative methods applied to technology/cyber risk, who can think strategically, is ...
As the Director, Technology & Cyber Risk Metrics & Reporting will be a seasoned leader with strong knowledge of quantitative methods applied to technology/cyber risk, who can think strategically, is ...
As the Director, Technology & Cyber Risk Metrics & Reporting will be a seasoned leader with strong knowledge of quantitative methods applied to technology/cyber risk, who can think strategically, is ...
As the Director, Technology & Cyber Risk Metrics & Reporting will be a seasoned leader with strong knowledge of quantitative methods applied to technology/cyber risk, who can think strategically, is ...
As the Director, Technology & Cyber Risk Metrics & Reporting will be a seasoned leader with strong knowledge of quantitative methods applied to technology/cyber risk, who can think strategically, is ...
As the Director, Technology & Cyber Risk Metrics & Reporting will be a seasoned leader with strong knowledge of quantitative methods applied to technology/cyber risk, who can think strategically, is ...
Conduct vendor cyber risk assessments, software supply chain reviews, and broader cyber SCRM ... Develop clear, customer-ready written deliverables, quantitative analyses, visualizations, and ...
Conduct vendor cyber risk assessments, software supply chain reviews, and broader cyber SCRM ... Develop clear, customer-ready written deliverables, quantitative analyses, visualizations, and ...
Conduct vendor cyber risk assessments, software supply chain reviews, and broader cyber SCRM ... Develop clear, customer-ready written deliverables, quantitative analyses, visualizations, and ...
Conduct vendor cyber risk assessments, software supply chain reviews, and broader cyber SCRM ... Develop clear, customer-ready written deliverables, quantitative analyses, visualizations, and ...
Senior Manager - Digital Risk (Remote)
Chicago, IL · On-site +1
Join our Cybersecurity and Digital Risk (CDR) team to help lead the industry in cyber safety ... Strong understanding of risk assessment methodologies including qualitative and quantitative risk ...
Senior Manager - Digital Risk (Remote)
Chicago, IL · On-site +1
Join our Cybersecurity and Digital Risk (CDR) team to help lead the industry in cyber safety ... Strong understanding of risk assessment methodologies including qualitative and quantitative risk ...
Senior Security Analyst
Overland Park, KS · On-site
$93K - $122K/yr
Quantitative Risk Analysis * Develop and perform quantitative cyber risk assessments using models such as FAIR to estimate loss exposure, probability of threat events, and financial impact across ...
Senior Security Analyst
Overland Park, KS · On-site
$93K - $122K/yr
Quantitative Risk Analysis * Develop and perform quantitative cyber risk assessments using models such as FAIR to estimate loss exposure, probability of threat events, and financial impact across ...
Senior Security Analyst
Leawood, KS · On-site
$93K - $122K/yr
Quantitative Risk Analysis * Develop and perform quantitative cyber risk assessments using models such as FAIR to estimate loss exposure, probability of threat events, and financial impact across ...
Quick apply
Senior Security Analyst
Leawood, KS · On-site
$93K - $122K/yr
Quantitative Risk Analysis * Develop and perform quantitative cyber risk assessments using models such as FAIR to estimate loss exposure, probability of threat events, and financial impact across ...
Senior Security Analyst
$93K - $122K/yr
Quantitative Risk Analysis * Develop and perform quantitative cyber risk assessments using models such as FAIR to estimate loss exposure, probability of threat events, and financial impact across ...
Senior Security Analyst
$93K - $122K/yr
Quantitative Risk Analysis * Develop and perform quantitative cyber risk assessments using models such as FAIR to estimate loss exposure, probability of threat events, and financial impact across ...
This role is responsible for building risk frameworks, conducting quantitative analysis, monitoring ... operational, compliance, cyber, and strategic risk categories • Identify emerging risks ...
This role is responsible for building risk frameworks, conducting quantitative analysis, monitoring ... operational, compliance, cyber, and strategic risk categories • Identify emerging risks ...
This position - Senior Manager, Cyber Risk and Analysis - will play a key role in shaping the ... This includes leading independent risk analysis workshops, applying quantitative and qualitative ...
New
This position - Senior Manager, Cyber Risk and Analysis - will play a key role in shaping the ... This includes leading independent risk analysis workshops, applying quantitative and qualitative ...
New
This position - Senior Manager, Cyber Risk and Analysis - will play a key role in shaping the ... This includes leading independent risk analysis workshops, applying quantitative and qualitative ...
New
This position - Senior Manager, Cyber Risk and Analysis - will play a key role in shaping the ... This includes leading independent risk analysis workshops, applying quantitative and qualitative ...
New
This position - Senior Manager, Cyber Risk and Analysis - will play a key role in shaping the ... This includes leading independent risk analysis workshops, applying quantitative and qualitative ...
New
This position - Senior Manager, Cyber Risk and Analysis - will play a key role in shaping the ... This includes leading independent risk analysis workshops, applying quantitative and qualitative ...
New
This position - Senior Manager, Cyber Risk and Analysis - will play a key role in shaping the ... This includes leading independent risk analysis workshops, applying quantitative and qualitative ...
New
This position - Senior Manager, Cyber Risk and Analysis - will play a key role in shaping the ... This includes leading independent risk analysis workshops, applying quantitative and qualitative ...
New
Quantitative Cyber Risk information
See salary details
$98K - $112.7K
15% of jobs
$112.7K - $127.4K
7% of jobs
$132K is the 25th percentile. Wages below this are outliers.
$127.4K - $142K
9% of jobs
$142K - $156.7K
14% of jobs
The median wage is $163.4K / yr.
$156.7K - $171.4K
12% of jobs
$171.4K - $186.1K
14% of jobs
$192.1K is the 75th percentile. Wages above this are outliers.
$186.1K - $200.8K
12% of jobs
$200.8K - $215.5K
7% of jobs
$215.5K - $230.1K
5% of jobs
$230.1K - $244.8K
5% of jobs
$244.8K - $259.5K
0% of jobs
$98K
$169.7K
$259.5K
How much do quantitative cyber risk jobs pay per year?
As of Jun 5, 2026, the average yearly pay for quantitative cyber risk in the United States is $169,729.00, according to ZipRecruiter salary data. Most workers in this role earn between $134,500.00 and $199,000.00 per year, depending on experience, location, and employer.
What are some common challenges faced by professionals in Quantitative Cyber Risk roles and how can they be addressed?
Professionals in Quantitative Cyber Risk roles often encounter challenges such as translating complex cyber threats into measurable financial terms and obtaining reliable data for risk modeling. Collaborating closely with IT security teams and business stakeholders is essential to bridge gaps in understanding and ensure risk assessments are both technically accurate and aligned with organizational goals. Staying current with evolving threat landscapes and regulatory requirements also demands continuous learning and adaptation. Leveraging industry-standard frameworks and advanced analytics tools can help address these challenges effectively.
What is quantitative cyber risk?
Quantitative cyber risk involves using mathematical models and statistical techniques to measure and predict the financial impact of cyber threats on an organization. Unlike qualitative approaches that rely on subjective judgments, quantitative methods assign numerical values to risks, helping companies understand potential losses in dollar terms. This allows organizations to make more informed decisions about cybersecurity investments, insurance, and risk mitigation strategies.
What is the difference between Quantitative Cyber Risk vs Cyber Risk Analyst?
| Aspect | Quantitative Cyber Risk | Cyber Risk Analyst |
|---|---|---|
| Required Credentials | Certifications like CRCM, CISSP, or CISA; strong quantitative background | Certifications such as CISA, CRISC; focus on risk assessment skills |
| Work Environment | Financial institutions, cybersecurity firms, large corporations | Financial services, consulting firms, government agencies |
| Industry Usage | Focuses on modeling and quantifying cyber risks using data analysis | Evaluates and reports on cyber risks, develops mitigation strategies |
While both roles involve cybersecurity, Quantitative Cyber Risk specialists focus on modeling and quantifying risks using data and mathematical methods. Cyber Risk Analysts assess, analyze, and communicate cyber threats and vulnerabilities. The former is more data-driven and modeling-oriented, whereas the latter emphasizes risk evaluation and strategic recommendations.
What are the key skills and qualifications needed to thrive as a Quantitative Cyber Risk professional, and why are they important?
To thrive as a Quantitative Cyber Risk professional, you need strong analytical skills, expertise in statistics or mathematics, and a background in cybersecurity or risk management, often supported by relevant degrees or certifications. Familiarity with risk modeling tools, programming languages like Python or R, and frameworks such as FAIR (Factor Analysis of Information Risk) is highly valued. Exceptional problem-solving, communication, and stakeholder management skills help translate complex risk data into actionable business insights. These competencies are critical for accurately assessing cyber risks, informing decision-making, and enhancing an organization's overall security posture.
More about Quantitative Cyber Risk jobs
What cities are hiring for Quantitative Cyber Risk jobs? Cities with the most Quantitative Cyber Risk job openings:
What states have the most Quantitative Cyber Risk jobs? States with the most job openings for Quantitative Cyber Risk jobs include:
What job categories do people searching Quantitative Cyber Risk jobs look for? The top searched job categories for Quantitative Cyber Risk jobs are:
Job description
At WHOOP, we are on a mission to unlock human performance and extend healthspan. The Governance, Risk, and Compliance (GRC) team helps ensure technology and cybersecurity risks are identified, assessed, and communicated clearly across the organization.
As a Senior Risk & Compliance Analyst, you will play a key role in supporting the design, execution, and continued evolution of the cyber risk management program. In this role, you will lead structured risk assessments, maintain the cyber risk register, and support risk governance through the Cyber Risk Committee while partnering with Security Architecture, Security Engineering, Product Security, Legal, IT, and business stakeholders to identify and assess technology and cybersecurity risks across systems, infrastructure, and business operations, and to translate technical findings into clear business risk and contribute to effective risk mitigation strategies.
The ideal candidate combines strong analytical thinking with the ability to communicate complex risk scenarios clearly to both technical and non-technical stakeholders.
RESPONSIBILITIES:
Lead cyber and technology risk assessments across systems, cloud environments, business processes, and major initiatives, evaluating threats, vulnerabilities, control effectiveness, and residual risk.
Maintain and operate the enterprise cyber risk register, including drafting risk statements, tracking mitigation plans, and supporting governance and reporting processes.
Translate technical findings, architectural concerns, and control gaps into clear business risk scenarios that support prioritization and decision-making.
Support and help mature quantitative cyber risk analysis approaches such as FAIR to improve how risk is measured and communicated.
Prepare materials and analysis to support the Cyber Risk Committee and executive risk reporting.
Partner with Security Architecture to assess risk in system designs, cloud architecture, identity models, data flows, and platform changes.
Collaborate with Security Engineering, Product Security, Legal, IT, and business teams to evaluate new initiatives, technology changes, artificial intelligence use cases, and third-party integrations through a risk lens.
Conduct risk assessments for emerging technologies including artificial intelligence and machine learning systems, evaluating data usage, model behavior, external dependencies, and security implications.
Evaluate risks associated with the use of artificial intelligence technologies, including model behavior, data exposure, prompt or input manipulation, and external model dependencies.
Develop dashboards and reporting that provide leadership with visibility into key cybersecurity risks and trends.
Track mitigation progress and risk treatment activities to ensure accountability and clear documentation of outcomes.
Contribute to the continued development of cyber risk management processes, methodologies, and governance practices across the GRC program.
QUALIFICATIONS:
6+ years of experience in cybersecurity risk management, information security, technology risk, or a related field.
Demonstrated experience conducting structured cybersecurity or IT risk assessments.
Experience maintaining risk registers and tracking risk mitigation or treatment activities.
Strong understanding of security frameworks such as NIST CSF, ISO 27001, or PCI DSS, and familiarity with regulatory environments such as GDPR, HIPAA or other privacy and data protection requirements.
Ability to translate technical findings into clear business risk for non-technical stakeholders.
Strong written and verbal communication skills with experience presenting findings to cross-functional teams.
Experience working with engineering, architecture, legal, compliance, and business stakeholders.
Experience assessing risks related to artificial intelligence, machine learning systems, or emerging technologies, including familiarity with emerging AI governance frameworks such as NIST AI RMF, ISO/IEC 42001, or similar standards.
Professional certifications such as CRISC, CISSP, CISM, CISA, or CGRC are a plus.
This role is based in the WHOOP office located in Boston, MA. The successful candidate must be prepared to relocate if necessary to work out of the Boston, MA office.
Interested in the role, but don't meet every qualification? We encourage you to still apply! At WHOOP, we believe there is much more to a candidate than what is written on paper, and we value character as much as experience. As we continue to build a diverse and inclusive environment, we encourage anyone who is interested in this role to apply.
WHOOP is an Equal Opportunity Employer and participates in E-verify to determine employment eligibility
The WHOOP compensation philosophy is designed to attract, motivate, and retain exceptional talent by offering competitive base salaries, meaningful equity, and consistent pay practices that reflect our mission and core values.
At WHOOP, we view total compensation as the combination of base salary, equity, and benefits, with equity serving as a key differentiator that aligns our employees with the long-term success of the company and allows every member of our corporate team to own part of WHOOP and share in the company's long-term growth and success.
The U.S. base salary range for this full-time position is $125,000 - $155,000. Salary ranges are determined by role, level, and location. Within each range, individual pay is based on factors such as job-related skills, experience, performance, and relevant education or training.
In addition to the base salary, the successful candidate will also receive benefits and a generous equity package.
These ranges may be modified in the future to reflect evolving market conditions and organizational needs. While most offers will typically fall toward the starting point of the range, total compensation will depend on the candidate's specific qualifications, expertise, and alignment with the role's requirements.
apply for this job
About Whoop
Sourced by ZipRecruiter
At WHOOP, we're on a mission to unlock human performance. WHOOP empowers users (Olympians, Professional Athletes, Fitness Enthusiasts, etc) to perform at a higher level through a deeper understanding of their bodies and daily lives.
Industry
Fitness and sports centers
Company size
501 - 1,000 Employees
Headquarters location
Boston, MA, US
Year founded
2012