1

Security Risk Analyst Jobs (NOW HIRING)

ETS Risk Analyst II - Monitoring and Testing Role Overview The Enterprise Technology & Security (ETS) Risk Analyst II plays a critical role in the identification, assessment, and mitigation of ...

Description ETS Risk Analyst II - Monitoring and Testing Role Overview The Enterprise Technology & Security (ETS) Risk Analyst II plays a critical role in the identification, assessment, and ...

Description ETS Risk Analyst II - Monitoring and Testing Role Overview The Enterprise Technology & Security (ETS) Risk Analyst II plays a critical role in the identification, assessment, and ...

Conduct pre-acquisition security risk analyses and ensure post-acquisition inherited risks are properly ingested into the Cyber Risk Register and tracked to remediation. • Coordinate with ...

Additionally, the Cyber Risk Analyst will help track enterprise security risk by monitoring risk metrics, maintaining risk registers, and providing regular updates to leadership, enabling informed ...

Senior Cyber Risk Analyst

Chicago, IL · On-site

$110K - $130K/yr

Strategic Security Initiatives * M&A Due Diligence: Provide technical expertise during Mergers and Acquisitions (M&A). Conduct pre-acquisition security risk analyses and ensure post-acquisition ...

Senior Cyber Risk Analyst

Chicago, IL · Hybrid

$110K - $130K/yr

Strategic Security Initiatives * M&A Due Diligence: Provide technical expertise during Mergers and Acquisitions (M&A). Conduct pre-acquisition security risk analyses and ensure post-acquisition ...

Solid understanding of security principles, including security controls, threat modeling, vulnerability management, and incident risk analysis. * Excellent written, verbal, and facilitation skills ...

New

Solid understanding of security principles, including security controls, threat modeling, vulnerability management, and incident risk analysis. * Excellent written, verbal, and facilitation skills ...

Governance & Risk Analyst

Chicago, IL · On-site

$85K - $95K/yr

Governance & Risk Analyst in the Enterprise will... The GRC Analyst will support the organization ... Review vendor security questionnaires, supporting evidence, and contractual artifacts to assess ...

next page

Showing results 1-20

Security RISK Analyst information

See salary details

$10

$50

$69

How much do security risk analyst jobs pay per hour?

As of Jul 1, 2026, the average hourly pay for security risk analyst in the United States is $50.41, according to ZipRecruiter salary data. Most workers in this role earn between $40.87 and $60.10 per hour, depending on experience, location, and employer.

Can I make $200,000 a year in cyber security?

Security Risk Analysts and other cybersecurity professionals can earn $200,000 or more annually, especially with extensive experience, advanced certifications like CISSP, and expertise in areas such as threat analysis or security architecture. High salaries are often found in senior roles, management, or specialized fields within cybersecurity.

What does a Security Risk Analyst do?

A Security Risk Analyst is responsible for identifying, assessing, and mitigating risks to an organization's information systems and data. They analyze security measures, conduct vulnerability assessments, and recommend strategies to protect against threats such as cyberattacks, data breaches, and unauthorized access. Their work helps ensure that a company's digital assets remain safe and compliant with industry regulations. Security Risk Analysts collaborate with IT teams and management to implement effective security policies and respond to incidents as needed.

What are the key skills and qualifications needed to thrive as a Security Risk Analyst, and why are they important?

To thrive as a Security Risk Analyst, you need a strong background in risk assessment, information security principles, and analytical thinking, often supported by a degree in cybersecurity, IT, or a related field. Familiarity with risk management frameworks (such as NIST or ISO 27001), security assessment tools, and certifications like CISSP or CISM is highly valuable. Excellent communication, attention to detail, and problem-solving abilities help you translate complex risks for varied stakeholders and drive mitigation strategies. These skills and qualities are crucial for identifying vulnerabilities, minimizing threats, and maintaining organizational security and compliance.

What are some common challenges Security Risk Analysts face when collaborating with other departments?

Security Risk Analysts often work closely with IT, compliance, and business units to assess and mitigate risks. A common challenge is bridging the gap between technical security requirements and business objectives, as not all stakeholders may have a cybersecurity background. Effective communication and education are key to ensuring that risk recommendations are understood and adopted. Additionally, prioritizing risks with limited resources and balancing security with operational needs can be complex, requiring strong collaboration and negotiation skills.

Can you make $500,000 a year in cyber security?

Security Risk Analysts typically earn salaries below $200,000 annually, but senior roles such as Chief Information Security Officers or cybersecurity executives can reach or exceed $500,000 with extensive experience, certifications, and leadership responsibilities. Achieving this level often requires advanced skills, industry certifications like CISSP, and years of experience in high-level security management. Salary potential varies based on the organization, location, and individual expertise.

Is SOC an entry-level job?

A Security Operations Center (SOC) analyst role is often considered an entry-level position in cybersecurity, suitable for individuals with foundational knowledge of security principles, network protocols, and security tools. However, some SOC roles may require prior experience or certifications such as CompTIA Security+ or Certified SOC Analyst (CSA).

What is the difference between Security Risk Analyst vs Security Analyst?

AspectSecurity Risk AnalystSecurity Analyst
CertificationsCompTIA Security+, CISSP, CISACompTIA Security+, CISSP, CEH
Work EnvironmentRisk assessment, vulnerability analysis, policy developmentMonitoring security systems, incident response, security audits
Employer & Industry UsageFinancial, healthcare, government sectors focusing on risk mitigationIT departments across various industries focusing on security operations

While both roles focus on cybersecurity, Security Risk Analysts primarily assess and manage potential security threats and vulnerabilities, emphasizing risk mitigation strategies. Security Analysts tend to monitor security systems, respond to incidents, and ensure ongoing security measures. Both roles often require similar certifications and work environments but differ in their core responsibilities within cybersecurity teams.

What is a security risk analyst?

A security risk analyst is a professional who identifies, assesses, and mitigates security threats to an organization’s information systems. They analyze vulnerabilities, develop security strategies, and often use tools like risk assessment frameworks and security software to protect data and infrastructure.
More about Security RISK Analyst jobs
What cities are hiring for Security Risk Analyst jobs? Cities with the most Security Risk Analyst job openings:
Who are the top companies hiring for Security Risk Analyst jobs? The top employers for Security Risk Analyst jobs are:
What states have the most Security Risk Analyst jobs? States with the most job openings for Security Risk Analyst jobs include:
Infographic showing various Security Risk Analyst job openings in the United States as of June 2026, with employment types broken down into 1% As Needed, 97% Full Time, 1% Part Time, and 1% Contract. Highlights an 94% Physical, 2% Hybrid, and 4% Remote job distribution, with an average salary of $104,848 per year, or $50.4 per hour.
ETS Risk Analyst II

ETS Risk Analyst II

Citizens Bank

Johnston, RI • On-site

Full-time

Posted 27 days ago


Job description


ETS Risk Analyst II - Monitoring and Testing
Role Overview
The Enterprise Technology & Security (ETS) Risk Analyst II plays a critical role in the identification, assessment, and mitigation of technology and security related risks across the organization. Working within a first-line risk team, this role partners directly with Risk Managers to execute control monitoring and testing that aligns with the bank's risk appetite framework, regulatory expectations, and industry standards including Cybersecurity Risk Institute (CRI) Profile, NIST 800-53, and NIST Cybersecurity Framework. You will independently assess control effectiveness, monitor key risk indicators, and analyze results to identify trends, control gaps, and areas for improvement. This role requires strong professional judgment, high quality documentation, and timely communication to support a resilient control environment and informed risk decisions. This is an excellent opportunity for an early-career risk professional looking to build foundational expertise in technology and security risk within a growing regulated financial institution.
Responsibilities
  • Partner with Risk Managers to execute the control monitoring and testing program across multiple complex technology and cybersecurity processes.
  • Independently perform control design and operating effectiveness testing in accordance with established methodologies and timelines.
  • Assess material controls and determine whether enhanced controls are effective to support issue validation and closure.
  • Document testing results clearly and accurately in the system of record and supporting tools, producing audit ready documentation suitable for QA, Internal Audit, and Regulatory review.
  • Support the analysis of monitoring and testing results to identify themes, trends, root causes, and emerging issues.
  • Escalate control deficiencies, emerging risks, and potential delays in a timely and professional manner.
  • Support issue management activities, including testing to validate remediation and support issue closure
  • Participate in Risk and Control Self Assessments (RCSAs), including creation and validation of process maps that reflect key processes, risks, and controls
  • Maintain awareness of emerging risks and evolving technologies (e.g., artificial intelligence, automation, and data driven processes) and assess their impact on control design, effectiveness, and monitoring approaches.
  • Contribute to the continuous monitoring program by leveraging automated testing, key control metrics, and trend analysis to improve risk insight and control coverage.
  • Identify, evaluate, and prioritize opportunities to enhance control testing through automation, data analytics, and improved key control metrics, partnering with stakeholders to support implementation.
  • Build effective working relationships with business and technology stakeholders to stay informed of process changes and emerging risks.
  • Develop understanding of internal policies, infrastructure processes, and evolving industry risk trends.
  • Proactively pursue ongoing professional development, including relevant certifications, industry training, etc. to maintain current knowledge in a rapidly evolving field.

Experience & Skills
Required:
  • 3-5 years of experience in IT, information security, risk management, or internal audit.
  • Foundational understanding of technology risk concepts, control frameworks (NIST 800-53, NIST CSF, CRI Profile, COBIT, or ITIL), and risk management lifecycle.
  • Familiarity with GRC platforms (e.g., Archer) and IT service management tools (e.g., ServiceNow, Jira).
  • Ability to analyze and interpret data from security and operational monitoring tools.
  • Strong written and verbal communication skills, with the ability to translate technical risk findings into clear documentation.
  • Demonstrated ability to manage multiple priorities in a fast-paced environment with attention to detail.
  • Proficiency in Microsoft Office Suite (Excel, Word, PowerPoint).

Preferred:
  • Experience in a regulated financial services or banking environment.
  • Familiarity with cloud environments (AWS, Azure) or infrastructure risk concepts.
  • Exposure to audit response, regulatory exam support, or corrective action tracking.

Education
  • Bachelor's degree in Information Technology, Cybersecurity, Business, or a related field required.
  • One or more of the following certifications are preferred:
  • CompTIA Security+
  • AWS Cloud Practitioner or Microsoft Azure Fundamentals
  • CISA (Certified Information Systems Auditor)
  • CRISC (Certified in Risk and Information Systems Control)

Hours & Work Schedule
  • Hours per Week: 40
  • Work Schedule: Monday - Friday
  • Hybrid: 4 days per week onsite

About Us
Equal Employment Opportunity
Citizens, its parent, subsidiaries, and related companies (Citizens) provide equal employment and advancement opportunities to all colleagues and applicants for employment without regard to age, ancestry, color, citizenship, physical or mental disability, perceived disability or history or record of a disability, ethnicity, gender, gender identity or expression, genetic information, genetic characteristic, marital or domestic partner status, victim of domestic violence, family status/parenthood, medical condition, military or veteran status, national origin, pregnancy/childbirth/lactation, colleague's or a dependent's reproductive health decision making, race, religion, sex, sexual orientation, or any other category protected by federal, state and/or local laws. At Citizens, we are committed to fostering an inclusive culture that enables all colleagues to bring their best selves to work every day and everyone is expected to be treated with respect and professionalism. Employment decisions are based solely on merit, qualifications, performance and capability.
Equal Employment and Opportunity Employer
Job Applicant Data Privacy Policy
Background Check
Any offer of employment is conditioned upon the candidate successfully passing a background check, which may include initial credit, motor vehicle record, public record, prior employment verification, and criminal background checks. Results of the background check are individually reviewed based upon legal requirements imposed by our regulators and with consideration of the nature and gravity of the background history and the job offered. Any offer of employment will include further information.