ZipRecruiter

Log In

1

Quantitative Cyber Risk Jobs in Boston, MA (NOW HIRING)

WHOOP

Senior Risk & Compliance Analyst

Boston, MA · On-site

... quantitative cyber risk analysis approaches such as FAIR to improve how risk is measured and communicated. • Prepare materials and analysis to support the Cyber Risk Committee and executive risk ...

Whoop

Senior Risk & Compliance Analyst

Boston, MA

$130K - $170K/yr

Support and help mature quantitative cyber risk analysis approaches such as FAIR to improve how risk is measured and communicated. * Prepare materials and analysis to support the Cyber Risk Committee ...

Whoop

Senior Risk & Compliance Analyst

Boston, MA · On-site

$130K - $170K/yr

Support and help mature quantitative cyber risk analysis approaches such as FAIR to improve how risk is measured and communicated. * Prepare materials and analysis to support the Cyber Risk Committee ...

Whoop

Senior Risk & Compliance Analyst

Boston, MA

$130K - $170K/yr

Support and help mature quantitative cyber risk analysis approaches such as FAIR to improve how risk is measured and communicated. * Prepare materials and analysis to support the Cyber Risk Committee ...

Whoop

Senior Risk & Compliance Analyst

Boston, MA · On-site

$130K - $170K/yr

Support and help mature quantitative cyber risk analysis approaches such as FAIR to improve how risk is measured and communicated. * Prepare materials and analysis to support the Cyber Risk Committee ...

BitSight

Principal Data Scientist

Boston, MA · On-site +1

Bitsight is a cyber risk management leader transforming how companies manage exposure, performance ... D. in a quantitative field (e.g., Computer Science, Statistics, Engineering) or equivalent ...

Liberty Mutual

Senior Underwriter, Energy

Boston, MA

$107K - $126K/yr

Maintain senior broker relationships and clearly articulate coverage differences and risk appetite ... quantitative tools and techniques * Must demonstrate comprehension of complex technical ...

next page

Showing results 1-20

All JobsQuantitative Cyber Risk JobsQuantitative Cyber Risk Jobs in Boston, MA

Quantitative Cyber Risk information

See Boston, MA salary details

$106.5K

$184.4K

$281.9K

How much do quantitative cyber risk jobs pay per year?

As of Jun 26, 2026, the average yearly pay for quantitative cyber risk in Boston, MA is $184,393.00, according to ZipRecruiter salary data. Most workers in this role earn between $146,100.00 and $216,200.00 per year, depending on experience, location, and employer.

What are some common challenges faced by professionals in Quantitative Cyber Risk roles and how can they be addressed?

Professionals in Quantitative Cyber Risk roles often encounter challenges such as translating complex cyber threats into measurable financial terms and obtaining reliable data for risk modeling. Collaborating closely with IT security teams and business stakeholders is essential to bridge gaps in understanding and ensure risk assessments are both technically accurate and aligned with organizational goals. Staying current with evolving threat landscapes and regulatory requirements also demands continuous learning and adaptation. Leveraging industry-standard frameworks and advanced analytics tools can help address these challenges effectively.

What is quantitative cyber risk?

Quantitative cyber risk involves using mathematical models and statistical techniques to measure and predict the financial impact of cyber threats on an organization. Unlike qualitative approaches that rely on subjective judgments, quantitative methods assign numerical values to risks, helping companies understand potential losses in dollar terms. This allows organizations to make more informed decisions about cybersecurity investments, insurance, and risk mitigation strategies.

What is quantitative risk in cyber security?

Quantitative cyber risk involves measuring and analyzing cybersecurity threats using numerical data, such as probabilities and potential financial impacts. Cybersecurity professionals use models and tools like risk assessment frameworks to quantify vulnerabilities and prioritize mitigation efforts based on measurable risk levels.

Is quantitative risk management in demand?

Quantitative cyber risk management is in high demand due to increasing cyber threats and the need for data-driven security strategies. Professionals in this field often utilize statistical models, risk assessment tools, and certifications like CRCM to address complex cybersecurity challenges across various industries.

Is SOC an entry level job?

A Security Operations Center (SOC) analyst role can be entry level, especially for positions labeled as SOC analyst I or junior SOC analyst. However, many SOC roles require some prior knowledge of cybersecurity concepts, security tools, and incident response, often necessitating relevant certifications like CompTIA Security+ or SANS certifications. Experience and technical skills can influence whether a SOC position is suitable for entry-level candidates.

What career in cybersecurity pays $500,000?

A senior Quantitative Cyber Risk analyst or risk management executive in cybersecurity can earn $500,000 or more annually, especially with extensive experience, advanced certifications, and leadership roles. High-level positions in financial institutions or large corporations often offer such compensation, which may include bonuses and stock options.

What is the difference between Quantitative Cyber Risk vs Cyber Risk Analyst?

AspectQuantitative Cyber RiskCyber Risk Analyst
Required CredentialsCertifications like CRCM, CISSP, or CISA; strong quantitative backgroundCertifications such as CISA, CRISC; focus on risk assessment skills
Work EnvironmentFinancial institutions, cybersecurity firms, large corporationsFinancial services, consulting firms, government agencies
Industry UsageFocuses on modeling and quantifying cyber risks using data analysisEvaluates and reports on cyber risks, develops mitigation strategies

While both roles involve cybersecurity, Quantitative Cyber Risk specialists focus on modeling and quantifying risks using data and mathematical methods. Cyber Risk Analysts assess, analyze, and communicate cyber threats and vulnerabilities. The former is more data-driven and modeling-oriented, whereas the latter emphasizes risk evaluation and strategic recommendations.

What are the key skills and qualifications needed to thrive as a Quantitative Cyber Risk professional, and why are they important?

To thrive as a Quantitative Cyber Risk professional, you need strong analytical skills, expertise in statistics or mathematics, and a background in cybersecurity or risk management, often supported by relevant degrees or certifications. Familiarity with risk modeling tools, programming languages like Python or R, and frameworks such as FAIR (Factor Analysis of Information Risk) is highly valued. Exceptional problem-solving, communication, and stakeholder management skills help translate complex risk data into actionable business insights. These competencies are critical for accurately assessing cyber risks, informing decision-making, and enhancing an organization's overall security posture.
What are popular job titles related to Quantitative Cyber Risk jobs in Boston, MA? For Quantitative Cyber Risk jobs in Boston, MA, the most frequently searched job titles are:
What job categories do people searching Quantitative Cyber Risk jobs in Boston, MA look for? The top searched job categories for Quantitative Cyber Risk jobs in Boston, MA are:
Quantitative Cyber Risk jobs near you
Senior Risk & Compliance Analyst

Senior Risk & Compliance Analyst

WHOOP

Boston, MA • On-site

Full-time

Posted 7 days ago

Job description

Job Summary:
WHOOP is on a mission to unlock human performance and extend healthspan. The Senior Risk & Compliance Analyst will support the design and execution of the cyber risk management program, leading risk assessments and collaborating with various stakeholders to identify and mitigate technology and cybersecurity risks.
Responsibilities:
• Lead cyber and technology risk assessments across systems, cloud environments, business processes, and major initiatives, evaluating threats, vulnerabilities, control effectiveness, and residual risk.
• Maintain and operate the enterprise cyber risk register, including drafting risk statements, tracking mitigation plans, and supporting governance and reporting processes.
• Translate technical findings, architectural concerns, and control gaps into clear business risk scenarios that support prioritization and decision-making.
• Support and help mature quantitative cyber risk analysis approaches such as FAIR to improve how risk is measured and communicated.
• Prepare materials and analysis to support the Cyber Risk Committee and executive risk reporting.
• Partner with Security Architecture to assess risk in system designs, cloud architecture, identity models, data flows, and platform changes.
• Collaborate with Security Engineering, Product Security, Legal, IT, and business teams to evaluate new initiatives, technology changes, artificial intelligence use cases, and third-party integrations through a risk lens.
• Conduct risk assessments for emerging technologies including artificial intelligence and machine learning systems, evaluating data usage, model behavior, external dependencies, and security implications.
• Evaluate risks associated with the use of artificial intelligence technologies, including model behavior, data exposure, prompt or input manipulation, and external model dependencies.
• Develop dashboards and reporting that provide leadership with visibility into key cybersecurity risks and trends.
• Track mitigation progress and risk treatment activities to ensure accountability and clear documentation of outcomes.
• Contribute to the continued development of cyber risk management processes, methodologies, and governance practices across the GRC program.
Qualifications:
Required:
• 6+ years of experience in cybersecurity risk management, information security, technology risk, or a related field.
• Demonstrated experience conducting structured cybersecurity or IT risk assessments.
• Experience maintaining risk registers and tracking risk mitigation or treatment activities.
• Strong understanding of security frameworks such as NIST CSF, ISO 27001, or PCI DSS, and familiarity with regulatory environments such as GDPR, HIPAA or other privacy and data protection requirements.
• Ability to translate technical findings into clear business risk for non-technical stakeholders.
• Strong written and verbal communication skills with experience presenting findings to cross-functional teams.
• Experience working with engineering, architecture, legal, compliance, and business stakeholders.
• Experience assessing risks related to artificial intelligence, machine learning systems, or emerging technologies, including familiarity with emerging AI governance frameworks such as NIST AI RMF, ISO/IEC 42001, or similar standards.
Preferred:
• Professional certifications such as CRISC, CISSP, CISM, CISA, or CGRC are a plus.
Company:
WHOOP provides wearable fitness technology and a subscription platform that tracks physiological data for health and performance insights. Founded in 2012, the company is headquartered in Boston, USA, with a team of 501-1000 employees. The company is currently Late Stage.
Whoop logo

About Whoop

Sourced by ZipRecruiter

At WHOOP, we're on a mission to unlock human performance. WHOOP empowers users (Olympians, Professional Athletes, Fitness Enthusiasts, etc) to perform at a higher level through a deeper understanding of their bodies and daily lives.

Industry

Fitness and sports centers

Company size

501 - 1,000 Employees

Headquarters location

Boston, MA, US

Year founded

2012

View All Whoop Jobs

Apply