1

Security Risk Analyst Jobs in California (NOW HIRING)

Sr. Risk Analyst

Vacaville, CA · On-site

$98K - $121K/yr

... financial security. Profile: * Reviews and analyzes financial transactions for unusual or ... Senior Risk Analyst - Grade15/Exempt/$82,680.00 - $102,128.00 annually * * Reports directly to ...

Sr. Risk Analyst

Vacaville, CA · On-site

$98K - $121K/yr

... financial security. Profile: * Reviews and analyzes financial transactions for unusual or ... Senior Risk Analyst - Grade15/Exempt/$82,680.00 - $102,128.00 annually * * Reports directly to ...

Insider Risk Analyst

Hawthorne, CA · On-site

$85K - $100K/yr

INSIDER RISK ANALYST SpaceX is seeking a dynamic and driven individual with a demonstrated ability ... Conduct internal investigations working with Information Security, HR, Legal, Government Security ...

Insider Risk Analyst

Hawthorne, CA · On-site

$95K - $120K/yr

INSIDER RISK ANALYST SpaceX is seeking a dynamic and driven individual with a demonstrated ability ... Conduct internal investigations working with Information Security, HR, Legal, Government Security ...

As our new Third Party Risk Analyst , you will play a critical role in protecting Anaplan by ... Directly contribute to the security and resilience of Anaplan by developing and implementing a ...

This role is within the Security Governance, Risk, and Compliance (SGRC) team, within Information ... As an Information Security Technical Analyst, you will partner with various teams across in support ...

next page

Showing results 1-20

Security Risk Analyst information

See California salary details

$10

$49

$69

How much do security risk analyst jobs pay per hour?

As of Jun 30, 2026, the average hourly pay for security risk analyst in California is $49.75, according to ZipRecruiter salary data. Most workers in this role earn between $40.34 and $59.33 per hour, depending on experience, location, and employer.

Can I make $200,000 a year in cyber security?

Security Risk Analysts and other cybersecurity professionals can potentially earn $200,000 or more annually, especially with advanced skills, certifications like CISSP, and experience in high-demand areas such as threat intelligence or security architecture. Achieving this level often requires several years of experience, specialized knowledge, and working in senior or managerial roles within organizations or consulting firms.

What does a Security Risk Analyst do?

A Security Risk Analyst is responsible for identifying, assessing, and mitigating risks to an organization's information systems and data. They analyze security measures, conduct vulnerability assessments, and recommend strategies to protect against threats such as cyberattacks, data breaches, and unauthorized access. Their work helps ensure that a company's digital assets remain safe and compliant with industry regulations. Security Risk Analysts collaborate with IT teams and management to implement effective security policies and respond to incidents as needed.

What are the key skills and qualifications needed to thrive as a Security Risk Analyst, and why are they important?

To thrive as a Security Risk Analyst, you need a strong background in risk assessment, information security principles, and analytical thinking, often supported by a degree in cybersecurity, IT, or a related field. Familiarity with risk management frameworks (such as NIST or ISO 27001), security assessment tools, and certifications like CISSP or CISM is highly valuable. Excellent communication, attention to detail, and problem-solving abilities help you translate complex risks for varied stakeholders and drive mitigation strategies. These skills and qualities are crucial for identifying vulnerabilities, minimizing threats, and maintaining organizational security and compliance.

What are some common challenges Security Risk Analysts face when collaborating with other departments?

Security Risk Analysts often work closely with IT, compliance, and business units to assess and mitigate risks. A common challenge is bridging the gap between technical security requirements and business objectives, as not all stakeholders may have a cybersecurity background. Effective communication and education are key to ensuring that risk recommendations are understood and adopted. Additionally, prioritizing risks with limited resources and balancing security with operational needs can be complex, requiring strong collaboration and negotiation skills.

Can you make $500,000 a year in cyber security?

Security Risk Analysts typically earn salaries below $200,000 annually, but senior roles such as Chief Information Security Officers or cybersecurity executives can reach or exceed $500,000 with extensive experience, certifications, and leadership responsibilities. Achieving this level often requires advanced skills, industry certifications like CISSP, and years of experience in high-level security management.

Is SOC an entry level job?

A Security Operations Center (SOC) analyst role is typically not entry-level and usually requires some experience in cybersecurity, network monitoring, or related fields. Entry-level positions may be labeled as SOC analyst I or junior SOC analyst, but higher-level roles often demand certifications like CompTIA Security+ or CISSP and familiarity with security tools such as SIEM systems.

What is the difference between Security Risk Analyst vs Security Analyst?

AspectSecurity Risk AnalystSecurity Analyst
CertificationsCompTIA Security+, CISSP, CISACompTIA Security+, CISSP, CEH
Work EnvironmentRisk assessment, vulnerability analysis, policy developmentMonitoring security systems, incident response, security audits
Employer & Industry UsageFinancial, healthcare, government sectors focusing on risk mitigationIT departments across various industries focusing on security operations

While both roles focus on cybersecurity, Security Risk Analysts primarily assess and manage potential security threats and vulnerabilities, emphasizing risk mitigation strategies. Security Analysts tend to monitor security systems, respond to incidents, and ensure ongoing security measures. Both roles often require similar certifications and work environments but differ in their core responsibilities within cybersecurity teams.

What is a security risk analyst?

A security risk analyst is a professional who identifies, assesses, and mitigates security threats to an organization’s information systems. They analyze vulnerabilities, develop security strategies, and often use tools like risk assessment frameworks and security software to protect data and infrastructure.
What job categories do people searching Security Risk Analyst jobs in California look for? The top searched job categories for Security Risk Analyst jobs in California are:
Medical Device Cybersecurity Risk at Tata Consultancy Santa Ana, California

Medical Device Cybersecurity Risk at Tata Consultancy Santa Ana, California

disABLEDperson Inc

Santa Ana, CA • On-site

Other

This job post has expired today. Applications are no longer accepted.


Job description

Medical Device Cybersecurity Risk Specialist

Work Location: Irvine, California, United States

Must Have Technical/Functional Skills:

  • Strong understanding of information security risk management frameworks such as NIST CSF, ISO 27001 / 27005, FAIR, and COSO.
  • Hands-on experience in conducting cybersecurity risk assessments, threat modeling, and evaluating risks across systems, vendors, projects, and business processes.
  • Solid knowledge of medical device cybersecurity, including vulnerability analysis, security risk mitigation, and patient safety considerations.
  • Familiarity with medical device integration, healthcare application ecosystems, and interactions with EHR systems and third-party healthcare vendor applications.
  • Understanding of common cybersecurity controls including network security, endpoint protection, identity and access management, encryption, logging/monitoring, and secure system configuration.
  • Experience reviewing penetration testing findings, identifying practical mitigation options, and validating remediation approaches in partnership with vendors or technical teams.
  • Ability to maintain and manage risk registers, risk treatment plans, dashboards, and remediation tracking mechanisms using GRC platforms or structured spreadsheet-based tools.
  • Working knowledge of cloud security, security operations, and cybersecurity input into SDLC, infrastructure changes, and new service introductions.
  • Familiarity with regulatory and compliance expectations relevant to healthcare and medical devices, including cybersecurity documentation and risk-based decision-making.
  • Exposure to Agile / Scrum methodologies and cross-functional project execution is highly desirable.
  • Ability to research emerging threats, assess business relevance, and proactively recommend risk reduction actions.

Roles & Responsibilities:

  • Develop, maintain, and continuously improve the organization's cybersecurity risk management program, with emphasis on practical and sustainable risk reduction.
  • Perform qualitative and quantitative risk assessments for systems, projects, vendors, healthcare technologies, and business processes.
  • Analyze medical device cybersecurity vulnerabilities, penetration testing findings, and technical risks to determine impact, likelihood, and patient/business impact.
  • Partner with internal teams, vendors, and business owners to identify, validate, and track approved mitigation strategies and alternative risk treatment options where needed.
  • Maintain accurate and up-to-date risk registers, risk treatment plans, issue logs, and risk dashboards.
  • Support the selection, implementation, and validation of technical, administrative, and procedural security controls.
  • Provide cybersecurity and risk management input into projects, cloud initiatives, system integrations, device onboarding, and service changes.
  • Coordinate and support third-party/vendor risk assessments, follow-up actions, and remediation closure tracking.
  • Translate technical cybersecurity issues into clear business impact statements and communicate them effectively to leadership and non-technical stakeholders.
  • Produce recurring risk posture reports, trends, metrics, and remediation summaries for management and governance forums.
  • Support incident response activities and perform post-incident risk analysis to identify lessons learned and strengthen controls.
  • Promote a strong security and risk-aware culture by engaging with stakeholders, educating teams, and encouraging proactive risk identification.
  • Collaborate effectively across cybersecurity, engineering, quality, clinical/biomedical, IT, and vendor teams to ensure balanced decision-making that protects both operations and patient safety.
  • Stay current on evolving cybersecurity threats, healthcare technology risks, and relevant compliance expectations.