1

Security Risk Analyst Jobs in Kentucky (NOW HIRING)

$41.75 - $55.75/hr

The IT Governance/Risk/Compliance Analyst position offers a dynamic opportunity for an experienced ... Ensure data security and privacy compliance by providing guidance on appropriate access controls ...

Manage comprehensive security program supporting the Special Operations Forces Global Logistic ... Familiar with risk analysis process integrating intelligence, cyber posture, operational tempo, and ...

Familiar with risk analysis process integrating intelligence, cyber posture, operational tempo, and ... Knowledge of current security vulnerabilities and threats; Ability to collaborate with all levels ...

About the Role The Senior GRC Analyst acts as a strategic lead to advance security and risk operations. In this role, you will integrate people, policy, and technology to drive operational excellence ...

Strong attention to detail, organization, and analytical skills If there's anything we can do to ... S. Department of Homeland Security E-Verify program in all facilities located in the United States ...

Apply AI risk management standards to assess and mitigate risks in AI pipelines.Mentor architects, engineers, and analysts in AI security best practices and contribute to the advancement of AI ...

Business Risk Specialist

Owensboro, KY · On-site

$20 - $24.38/hr

Strong attention to detail, organization, and analytical skills If there's anything we can do to ... S. Department of Homeland Security E-Verify program in all facilities located in the United States ...

... risk posture, and security metrics. - Support continuous improvement of cybersecurity processes and operational effectiveness through feedback and analysis of response activities. Job-Specific ...

next page

Showing results 1-20

Security Risk Analyst information

See Kentucky salary details

$8

$43

$60

How much do security risk analyst jobs pay per hour?

As of Jul 16, 2026, the average hourly pay for security risk analyst in Kentucky is $43.78, according to ZipRecruiter salary data. Most workers in this role earn between $35.48 and $52.21 per hour, depending on experience, location, and employer.

Can I make $200,000 a year in cyber security?

Security Risk Analysts and other cybersecurity professionals can earn $200,000 or more annually, especially with extensive experience, advanced certifications like CISSP, and expertise in areas such as threat analysis or security architecture. High salaries are often found in senior roles, management, or specialized fields within cybersecurity.

What does a Security Risk Analyst do?

A Security Risk Analyst is responsible for identifying, assessing, and mitigating risks to an organization's information systems and data. They analyze security measures, conduct vulnerability assessments, and recommend strategies to protect against threats such as cyberattacks, data breaches, and unauthorized access. Their work helps ensure that a company's digital assets remain safe and compliant with industry regulations. Security Risk Analysts collaborate with IT teams and management to implement effective security policies and respond to incidents as needed.

What are the key skills and qualifications needed to thrive as a Security Risk Analyst, and why are they important?

To thrive as a Security Risk Analyst, you need a strong background in risk assessment, information security principles, and analytical thinking, often supported by a degree in cybersecurity, IT, or a related field. Familiarity with risk management frameworks (such as NIST or ISO 27001), security assessment tools, and certifications like CISSP or CISM is highly valuable. Excellent communication, attention to detail, and problem-solving abilities help you translate complex risks for varied stakeholders and drive mitigation strategies. These skills and qualities are crucial for identifying vulnerabilities, minimizing threats, and maintaining organizational security and compliance.

What are some common challenges Security Risk Analysts face when collaborating with other departments?

Security Risk Analysts often work closely with IT, compliance, and business units to assess and mitigate risks. A common challenge is bridging the gap between technical security requirements and business objectives, as not all stakeholders may have a cybersecurity background. Effective communication and education are key to ensuring that risk recommendations are understood and adopted. Additionally, prioritizing risks with limited resources and balancing security with operational needs can be complex, requiring strong collaboration and negotiation skills.

Can you make $500,000 a year in cyber security?

Security Risk Analysts typically earn salaries below $200,000 annually, but senior roles such as Chief Information Security Officers or cybersecurity executives can reach or exceed $500,000 with extensive experience, certifications, and leadership responsibilities. Achieving this level often requires advanced skills, industry certifications like CISSP, and years of experience in high-level security management. Salary potential varies based on the organization, location, and individual expertise.

Is SOC an entry-level job?

A Security Operations Center (SOC) analyst role is often considered an entry-level position in cybersecurity, suitable for individuals with foundational knowledge of security principles, network protocols, and security tools. However, some SOC roles may require prior experience or certifications such as CompTIA Security+ or Certified SOC Analyst (CSA).

What is the difference between Security Risk Analyst vs Security Analyst?

AspectSecurity Risk AnalystSecurity Analyst
CertificationsCompTIA Security+, CISSP, CISACompTIA Security+, CISSP, CEH
Work EnvironmentRisk assessment, vulnerability analysis, policy developmentMonitoring security systems, incident response, security audits
Employer & Industry UsageFinancial, healthcare, government sectors focusing on risk mitigationIT departments across various industries focusing on security operations

While both roles focus on cybersecurity, Security Risk Analysts primarily assess and manage potential security threats and vulnerabilities, emphasizing risk mitigation strategies. Security Analysts tend to monitor security systems, respond to incidents, and ensure ongoing security measures. Both roles often require similar certifications and work environments but differ in their core responsibilities within cybersecurity teams.

What is a security risk analyst?

A security risk analyst is a professional who identifies, assesses, and mitigates security threats to an organization’s information systems. They analyze vulnerabilities, develop security strategies, and often use tools like risk assessment frameworks and security software to protect data and infrastructure.
What job categories do people searching Security Risk Analyst jobs in Kentucky look for? The top searched job categories for Security Risk Analyst jobs in Kentucky are:
Infographic showing various Security Risk Analyst job openings in Kentucky as of July 2026, with employment types broken down into 1% Locum Tenens, 1% Internship, 82% Full Time, 10% Part Time, 1% Temporary, and 5% Contract. Highlights an 82% Physical, 5% Hybrid, and 13% Remote job distribution, with an average salary of $91,063 per year, or $43.8 per hour.
IT Security Specialist (Pre-Incident Consulting & Incident Response Lead)

IT Security Specialist (Pre-Incident Consulting & Incident Response Lead)

Mirazon

Louisville, KY

Full-time

Medical, Dental, Vision, Life, Retirement, PTO

Posted 28 days ago


Job description

Mirazon is a scaling, people-centered IT company that believes strong security starts long before an incident occurs, and that calm, capable leadership matters most when it does. We're looking for aSecurity Specialistwho thrives at the intersection of strategy and execution: someone who enjoys strengthening security postures proactively and who can step confidently into high-pressure situations to guide clients through complex cybersecurity events.


Mission of the Position

This role is designed for an experienced individual contributor with deep technical expertise, sound judgment, and executive presence. You value preparation, documentation, and disciplined processes, and you're equally comfortable designing preventative controls as you are leading incident response efforts in real time. You bring clarity to chaos, translate technical risk into business impact, and act as a trusted advisor to clients when the stakes are highest.


Key Criteria/Requirements

  • 5+ years in cybersecurity or infrastructure security roles
  • 3+ years leading security incidents
  • Strong experience with:
    • Firewalls (FortiGate, Cisco, SonicWall, Palo Alto, etc.)
    • Endpoint detection and response (EDR/XDR)
    • Microsoft 365 security stack
    • Identity and access management
    • Backup and disaster recovery systems
  • Experience with ransomware containment and recovery
  • Deep understanding of networking and Active Directory environments
  • Strong written and verbal communication skills
  • Ability to lead under pressure


Preferred Certifications

  • CISSP
  • CISM
  • CEH
  • GIAC (GCIA, GCIH, etc.)
  • Security+
  • Microsoft Security certifications
  • Vendor firewall certifications


Key Accountabilities

1. Pre-Incident Security Consulting (Strategic & Preventative)

  • Conduct comprehensive security risk assessments and gap analyses
  • Lead cybersecurity maturity assessments aligned to NIST, CIS, or industry frameworks
  • Perform vulnerability assessments and coordinate remediation planning
  • Design and review:
    • Network security architecture
    • Firewall and segmentation strategies
    • Endpoint security strategies
    • MFA and identity security implementation
  • Develop incident response plans and business continuity playbooks
  • Conduct tabletop exercises with client executive teams
  • Provide executive-level reporting with risk prioritization and budget guidance
  • Assist sales/engineering with scoping security engagements and SOW development


2. Incident Response Leadership

  • Serve as Incident Response Lead during cybersecurity events
  • Direct containment, eradication, and recovery efforts
  • Coordinate with:
    • Internal engineering teams
    • Client leadership
    • Insurance carriers
    • Legal counsel
    • Forensics vendors
  • Perform initial triage and determine scope of compromise
  • Oversee forensic evidence preservation
  • Guide ransomware response and recovery strategy
  • Lead root-cause analysis and post-incident reporting
  • Develop corrective action plans


3. Client & Executive Communication

  • Act as trusted advisor to C-suite and ownership groups
  • Translate technical findings into business risk language
  • Present findings and remediation plans in board-level settings
  • Provide calm, decisive leadership during crisis situations
  • Maintain strict confidentiality and professionalism


4. Documentation & Process Development

  • Maintain standardized security assessment templates
  • Develop and refine internal IR procedures
  • Create security standards and best practices
  • Ensure all engagements are properly documented in PSA systems
  • Contribute to continuous improvement of security offerings


Insurance Benefits

Eligibility begins the first day of full-time employment (date of hire).

  • Life Insurance
  • Short-term Disability
  • Long-term Disability
  • Cafeteria Plan - Premium, Medical, & Child Care Reimbursement
  • Health Insurance
  • Dental Plan
  • Vision Plan

Other Benefits

  • 401K Matching
  • Referral Bonuses
  • Tuition Reimbursement
  • Performance Incentives
  • Time Off- benefitsaccrueon a pro-rated basis each pay period over a 12-month period with the following maximums:
    • Vacation Time -10 daysper calendar year
    • Sick Leave- 5 days per calendar year
  • Paid Company Holidays (7)
  • Paid Floating Holidays (2)
  • Volunteer 1
  • Cell Phone & Internet Reimbursement