2

Remote Cyber Security Risk Analyst Jobs (NOW HIRING)

This role involves conducting on-site and remote cyber risk assessments, developing mitigation ... You will work alongside cybersecurity, OT, and systems engineering SMEs, creating task plans ...

As a Senior Third Party Risk Analyst , you'll play a critical role in ensuring the security ... cybersecurity and AI governance frameworks , including NIST CSF and NIST AI RMF. #LI-Remote This is ...

Senior Analyst, Cyber GRC

Westminster, CO ยท On-site +1

$110K - $157K/yr

The Senior Analyst, Cybersecurity Governance, Risk, and Compliance (GRC) is responsible for ... The preferred location for this role is our Westminster, CO campus; but we will consider a remote ...

As a Senior Third Party Risk Analyst , you'll play a critical role in ensuring the security ... cybersecurity and AI governance frameworks , including NIST CSF and NIST AI RMF. #LI-Remote This is ...

Senior Cybersecurity Third-Party Risk Analyst

Mesa, AZ ยท Remote

$99K - $128K/yr

Senior Cybersecurity Third-Party Risk Analyst Company: The Boeing Company We are seeking a highly ... Though the position is primarily remote, there will be times to go into a Boeing facility.

New

next page

Showing results 1-20

Remote Cyber Security Risk Analyst information

See salary details

$43K

$99.4K

$150K

How much do remote cyber security risk analyst jobs pay per year?

As of Jul 10, 2026, the average yearly pay for remote cyber security risk analyst in the United States is $99,400.00, according to ZipRecruiter salary data. Most workers in this role earn between $79,500.00 and $115,500.00 per year, depending on experience, location, and employer.

How does a Remote Cyber Security Risk Analyst typically collaborate with other departments in a fully remote environment?

Remote Cyber Security Risk Analysts often work closely with IT, compliance, and business units to assess and mitigate risks across the organization. Collaboration is usually facilitated through virtual meetings, secure communication platforms, and shared documentation tools. Analysts provide guidance on security best practices, participate in incident response efforts, and help ensure compliance with regulatory standards. Effective communication and proactive engagement with stakeholders are essential for success in this remote role.

What does a Remote Cyber Security Risk Analyst do?

A Remote Cyber Security Risk Analyst is responsible for identifying, assessing, and mitigating potential security threats to an organization's information systems while working from a remote location. They evaluate existing security measures, analyze vulnerabilities, and recommend improvements to reduce risks. Additionally, they monitor for security breaches, conduct risk assessments, and ensure compliance with relevant regulations and policies. Their work helps protect sensitive data and maintain the integrity of technology systems.

What are the key skills and qualifications needed to thrive as a Remote Cyber Security Risk Analyst, and why are they important?

To thrive as a Remote Cyber Security Risk Analyst, you need a solid understanding of information security principles, risk assessment methodologies, and typically a degree in cybersecurity or a related field. Familiarity with tools like risk management frameworks (e.g., NIST, ISO 27001), vulnerability scanners, and certifications such as CISSP or CISA is highly beneficial. Strong analytical thinking, attention to detail, and effective written and verbal communication skills are essential for collaborating remotely and conveying risk findings to stakeholders. These skills and qualities are crucial for identifying, evaluating, and mitigating cyber risks to protect organizational assets in a distributed work environment.

What is the difference between Remote Cyber Security Risk Analyst vs Remote Cyber Security Analyst?

AspectRemote Cyber Security Risk AnalystRemote Cyber Security Analyst
CertificationsCompTIA Security+, CISSP, CISACompTIA Security+, CEH, CISSP
Work EnvironmentRisk assessment, policy development, complianceMonitoring, threat detection, incident response
Employer & Industry UsageFinancial, healthcare, government sectorsTech companies, consulting firms, enterprises

The Remote Cyber Security Risk Analyst focuses on identifying and managing security risks, ensuring compliance, and developing policies. In contrast, the Remote Cyber Security Analyst primarily monitors systems for threats, investigates incidents, and implements security measures. Both roles require similar certifications and often work in overlapping environments, but their core responsibilities differ in scope and focus.

More about Remote Cyber Security Risk Analyst jobs
What cities are hiring for Remote Cyber Security Risk Analyst jobs? Cities with the most Remote Cyber Security Risk Analyst job openings:
What are the most commonly searched types of Cyber Security Risk Analyst jobs? The most popular types of Cyber Security Risk Analyst jobs are:
What states have the most Remote Cyber Security Risk Analyst jobs? States with the most job openings for Remote Cyber Security Risk Analyst jobs include:
Infographic showing various Remote Cyber Security Risk Analyst job openings in the United States as of July 2026, with employment types broken down into 1% Locum Tenens, 1% Internship, 86% Full Time, 6% Part Time, 1% Temporary, and 5% Contract. Highlights an 82% Physical, 5% Hybrid, and 13% Remote job distribution, with an average salary of $99,400 per year, or $47.8 per hour.
Cyber Risk Analyst SME

Cyber Risk Analyst SME

Technomics

Arlington, VA โ€ข On-site, Remote

Full-time

Re-posted 15 days ago


Job description

Technomics is a growing employee-owned, decision analytics company that specializes in cost and economic analysis to facilitate better decisions faster. We enable a wide range of clients across the Federal government, from senior level policy makers to program managers, to choose smartly, buy effectively and operate efficiently. We deliver practical, credible and defensible results offering actionable insights by applying data-driven and analytics-based approaches in combination with multidisciplinary talent, subject matter experts, and tangible and repeatable assets in the form of databases, models, approaches and techniques.

Senior Analysts have the knowledge, skills, abilities and initiative to deliver timely, practical and innovative solutions to our clients as part of high-performing project teams typically composed of a mix of junior and mid-level analysts who will look to you for technical acumen and mentoring.

Our employee-owners pride themselves on their ability to apply deep analytical rigor and innovative thought that assist clients in understanding and solving a myriad of challenging resource planning and management problems.

This position may be located in Arlington, VA (Headquarters), Washington D.C., Pentagon, Springfield, VA., Chantilly, VA., Tysons Corner, VA.

Description:

We are seeking a Cyber Risk Analyst (SME-level). This role involves conducting on-site and remote cyber risk assessments, developing mitigation strategies, and enabling proactive enterprise risk identification.
The ideal candidate has deep experience with NIST SP 800-30, MITRE ATT&CK, and threat modeling approaches, and can translate technical risks into mission/business impacts. You will work alongside cybersecurity, OT, and systems engineering SMEs, creating task plans, presenting findings, and traveling to client sites for mission assessments.
We are looking for someone who is agile, creative, and collaborative โ€” able to apply lessons learned, enable data tagging and structured knowledge capture, and help shift the organization from reactive responses toward proactive risk management.

Clearance Required: Active DOE Q or higher (or ability to obtain)

Key Responsibilities:

  • Serve as a Subject Matter Expert (SME) in cyber risk assessment, analysis, and mitigation strategies for critical missions.
  • Conduct on-site and remote cyber risk assessments of enterprise systems, applications, and mission-critical infrastructures.
  • Apply NIST SP 800-30 risk assessment methodology, threat modeling techniques, and frameworks such as MITRE ATT&CK to evaluate vulnerabilities, threats, and risks.
  • Develop and present risk characterization reports, mitigation considerations, and recommendations to client leadership and system owners.
  • Create and manage task plans, assessment schedules, and execution strategies to ensure effective delivery of assessment activities.
  • Collaborate with multi-disciplinary teams of SMEs (cybersecurity, systems engineering, OT, supply chain, and mission assurance) to address enterprise risks.
  • Support the identification, analysis, and validation of complex security risks and associated vulnerabilities, including both technical and operational impacts.
  • Assist in the development of threat-informed mitigation strategies aligned with client enterprise assurance goals.
  • Implement data tagging and structured knowledge capture to enable proactive risk identification, trend analysis, and lessons-learned reuse.
  • Build analytic processes that leverage historical assessment data, external threat databases, and adversary TTPs to anticipate potential risks rather than solely reacting to identified vulnerabilities.
  • Provide expert consultation on risk acceptance, mitigation prioritization, and remediation planning to stakeholders.
  • Maintain awareness of emerging threats, vulnerabilities, adversary tactics, and best practices for defense in depth across the nuclear enterprise.

Required Qualifications:

  • 10+ years of experience in cybersecurity risk assessment, vulnerability analysis, or cyber mission assurance.
  • Deep knowledge of NIST SP 800-30, NIST Risk Management Framework (RMF), and related federal standards.
  • Hands-on experience with threat modeling approaches and application of MITRE ATT&CK for risk evaluation.
  • Demonstrated ability to conduct complex cyber risk assessments and present findings to executive and technical audiences.
  • Proven ability to develop task plans, manage assessment milestones, and work independently or as part of a team.
  • Strong writing and briefing skills to produce risk reports, mitigation strategies, and decision support artifacts.

Preferred Qualifications:

  • Experience supporting national security organizations.
  • Familiarity with supply chain risk management (SCRM), insider threat analysis, or mission-critical system assurance.
  • Operational Technology (OT) and Systems Engineering (SE) experience in complex enterprise environments.
  • Knowledge of nuclear enterprise operations and mission dependencies.
  • Technical certifications such as Security+, CISSP, CISM, C-RMA, CAP, CEH, or OSCP.
  • Prior experience briefing and advising SES-level leadership or program executives.
  • Familiarity with tools supporting risk assessments and vulnerability analysis (e.g., Threat Modeling tools).

Work Environment:

  • Hybrid environment with headquarters-based work in D.C. and regular travel to client sites for on-site risk assessments.
  • Fast-paced, collaborative environment with cross-disciplinary SMEs (cybersecurity, engineering, OT, program management, and intelligence).
  • Requires agility, creativity, and strong interpersonal skills to interact effectively with diverse stakeholders across government, contractors, and mission partners.
  • Role demands adaptability to dynamic mission needs, shifting priorities, and classified environments.
  • Emphasis on teamwork, analytical rigor, and the ability to translate technical risks into mission/business impacts.

Technomics is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to protected status under applicable law, including disability and protected veteran status.