1

Security Risk Analyst Jobs (NOW HIRING)

... security risk, and model risk. * Track, manage, monitor, and report on risk issues and corrective ... Analyze and report Key Risk Indicators (KRIs) and Risk Appetite Statement (RAS) metrics. * Prepare ...

... security risk, and model risk. * Track, manage, monitor, and report on risk issues and corrective ... Analyze and report Key Risk Indicators (KRIs) and Risk Appetite Statement (RAS) metrics. * Prepare ...

Security Risk Manager

San Francisco, CA · Hybrid

$194K - $220K/yr

Our security team protects Asana's employees, users, and customers by proactively addressing ... analysis. You back up risk ratings with numbers, not just color codes. * Hands-on experience ...

New

Security Risk Manager

San Francisco, CA · On-site

$194K - $220K/yr

Our security team protects Asana's employees, users, and customers by proactively addressing ... analysis. You back up risk ratings with numbers, not just color codes. * Hands-on experience ...

New

ETS Risk Analyst II - Monitoring and Testing Role Overview The Enterprise Technology & Security (ETS) Risk Analyst II plays a critical role in the identification, assessment, and mitigation of ...

next page

Showing results 1-20

Security RISK Analyst information

See salary details

$10

$50

$69

How much do security risk analyst jobs pay per hour?

As of Jul 1, 2026, the average hourly pay for security risk analyst in the United States is $50.41, according to ZipRecruiter salary data. Most workers in this role earn between $40.87 and $60.10 per hour, depending on experience, location, and employer.

Can I make $200,000 a year in cyber security?

Security Risk Analysts and other cybersecurity professionals can earn $200,000 or more annually, especially with extensive experience, advanced certifications like CISSP, and expertise in areas such as threat analysis or security architecture. High salaries are often found in senior roles, management, or specialized fields within cybersecurity.

What does a Security Risk Analyst do?

A Security Risk Analyst is responsible for identifying, assessing, and mitigating risks to an organization's information systems and data. They analyze security measures, conduct vulnerability assessments, and recommend strategies to protect against threats such as cyberattacks, data breaches, and unauthorized access. Their work helps ensure that a company's digital assets remain safe and compliant with industry regulations. Security Risk Analysts collaborate with IT teams and management to implement effective security policies and respond to incidents as needed.

What are the key skills and qualifications needed to thrive as a Security Risk Analyst, and why are they important?

To thrive as a Security Risk Analyst, you need a strong background in risk assessment, information security principles, and analytical thinking, often supported by a degree in cybersecurity, IT, or a related field. Familiarity with risk management frameworks (such as NIST or ISO 27001), security assessment tools, and certifications like CISSP or CISM is highly valuable. Excellent communication, attention to detail, and problem-solving abilities help you translate complex risks for varied stakeholders and drive mitigation strategies. These skills and qualities are crucial for identifying vulnerabilities, minimizing threats, and maintaining organizational security and compliance.

What are some common challenges Security Risk Analysts face when collaborating with other departments?

Security Risk Analysts often work closely with IT, compliance, and business units to assess and mitigate risks. A common challenge is bridging the gap between technical security requirements and business objectives, as not all stakeholders may have a cybersecurity background. Effective communication and education are key to ensuring that risk recommendations are understood and adopted. Additionally, prioritizing risks with limited resources and balancing security with operational needs can be complex, requiring strong collaboration and negotiation skills.

Can you make $500,000 a year in cyber security?

Security Risk Analysts typically earn salaries below $200,000 annually, but senior roles such as Chief Information Security Officers or cybersecurity executives can reach or exceed $500,000 with extensive experience, certifications, and leadership responsibilities. Achieving this level often requires advanced skills, industry certifications like CISSP, and years of experience in high-level security management. Salary potential varies based on the organization, location, and individual expertise.

Is SOC an entry-level job?

A Security Operations Center (SOC) analyst role is often considered an entry-level position in cybersecurity, suitable for individuals with foundational knowledge of security principles, network protocols, and security tools. However, some SOC roles may require prior experience or certifications such as CompTIA Security+ or Certified SOC Analyst (CSA).

What is the difference between Security Risk Analyst vs Security Analyst?

AspectSecurity Risk AnalystSecurity Analyst
CertificationsCompTIA Security+, CISSP, CISACompTIA Security+, CISSP, CEH
Work EnvironmentRisk assessment, vulnerability analysis, policy developmentMonitoring security systems, incident response, security audits
Employer & Industry UsageFinancial, healthcare, government sectors focusing on risk mitigationIT departments across various industries focusing on security operations

While both roles focus on cybersecurity, Security Risk Analysts primarily assess and manage potential security threats and vulnerabilities, emphasizing risk mitigation strategies. Security Analysts tend to monitor security systems, respond to incidents, and ensure ongoing security measures. Both roles often require similar certifications and work environments but differ in their core responsibilities within cybersecurity teams.

What is a security risk analyst?

A security risk analyst is a professional who identifies, assesses, and mitigates security threats to an organization’s information systems. They analyze vulnerabilities, develop security strategies, and often use tools like risk assessment frameworks and security software to protect data and infrastructure.
More about Security RISK Analyst jobs
What cities are hiring for Security Risk Analyst jobs? Cities with the most Security Risk Analyst job openings:
Who are the top companies hiring for Security Risk Analyst jobs? The top employers for Security Risk Analyst jobs are:
What states have the most Security Risk Analyst jobs? States with the most job openings for Security Risk Analyst jobs include:
Infographic showing various Security Risk Analyst job openings in the United States as of June 2026, with employment types broken down into 1% As Needed, 97% Full Time, 1% Part Time, and 1% Contract. Highlights an 94% Physical, 2% Hybrid, and 4% Remote job distribution, with an average salary of $104,848 per year, or $50.4 per hour.
EITS Security Risk Analyst B (Engagement)--Remote Job

EITS Security Risk Analyst B (Engagement)--Remote Job

DELTASOFT SOLUTIONS LLC

San Francisco, CA • Remote

Full-time

Posted 13 days ago


Job description

Job43 – EITS Security Risk Analyst B (Engagement) Location: 100% Remote
Max Submissions: 5
Proposed Start Date: ASAP
Proposed End Date: 06/30/2026
Role Overview
  • Serve as a liaison between the CISO’s strategic initiatives and the IT operational teams.
  • Translate business IT risk requirements into technical control specifications.
  • Develop risk metrics for performance measurement and reporting.
  • Coordinate enterprise-level security and risk management efforts.
  • Act as a subject matter expert (SME) on information security and regulatory compliance.

Key Responsibilities🔹 Security & Risk Management
  • Maintain and enforce the enterprise information security and risk management framework.
  • Conduct risk analysis and develop mitigation strategies.
  • Monitor and assess the enterprise threat landscape.
  • Provide realistic risk reporting to the CISO and leadership teams.
  • Track and document internal risk reviews, assessments, and exceptions using a GRC tool.

🔹 Governance & Compliance
  • Document and maintain risk governance methodologies, policies, and procedures.
  • Ensure compliance with:
     
    • HIPAA
  •  
    • Joint Commission
  •  
    • DSRIP
  •  
    • COBIT
  •  
    • State privacy laws
  •  
  • Conduct and support internal and external audits (operational, compliance, reputational, security).
  • Serve as SME for EMR and PHI-related security risks.

🔹 Risk Assessments & Gap Analysis
  • Perform enterprise security risk assessments and gap analyses for new technologies and products.
  • Develop and manage risk remediation plans and work plans.
  • Identify information asset owners for data classification initiatives.
  • Support risk exception and risk acceptance documentation processes.

🔹 Technical & Cross-Functional Collaboration
  • Partner with enterprise architecture teams to align business, technical, and security requirements.
  • Collaborate with security engineering teams to implement security controls.
  • Facilitate meetings between stakeholders and IT teams.
  • Provide written and verbal reports to leadership and committees (including Operational Risk Committee).

Required Qualifications🔹 Experience
  • Minimum 7 years of IT experience
  • At least 5 years in IT Security Risk Management / Risk Audit / Data Privacy Investigation
  • Minimum 2 years in a supervisory capacity

🔹 Healthcare Industry Expertise (Required)
  • Strong understanding of:
     
    • EMR systems
  •  
    • PHI data privacy
  •  
    • Healthcare regulatory environment
  •  
  • Experience with HIPAA, Joint Commission, CMS regulations

🔹 GRC & Security Framework Knowledge
  • Hands-on experience with GRC tools (ServiceNow, Archer, MetricStream preferred)
  • Working knowledge of:
     
    • NIST CSF
  •  
    • HITECH
  •  
    • ISO 27001/27002
  •  
    • PCI DSS
  •  
    • COBIT
  •  

🔹 Technical Skills
  • Experience reviewing IT solution requirements and implementing security controls
  • Strong analytical and risk assessment skills
  • Ability to design compensating controls for security vulnerabilities
  • Ability to assess business impact of security tools and policies

Education & Certifications
  • Bachelor’s degree in Information Systems or related field
  • Preferred Certifications:
     
    • CISSP
  •  
    • CISA
  •  
    • CRISC
  •  
    • Other relevant security certifications
  •  

Preferred Soft Skills
  • High integrity and ability to work independently
  • Strong communication and reporting skills
  • Ability to work in fast-moving environments
  • Experience participating in special projects
  • Ability to support various locations and flexible shifts if required
  Thanks & RegardsBhanu PrakashDeltaSoft Solutionsbhanu.prakash@deltasoftgroup.com