1

Security Risk Analyst Jobs in Massachusetts (NOW HIRING)

Cybersecurity Risk Analyst

Cambridge, MA · Hybrid

$82K - $220K/yr

Provide technical risk guidance on cloud security (Azure, AWS), hybrid infrastructures, and Zero Trust initiatives * Perform risk assessments, vulnerability analysis, and compliance reviews using ...

Cybersecurity Risk Analyst

Cambridge, MA · On-site

$82K - $220K/yr

Provide technical risk guidance on cloud security (Azure, AWS), hybrid infrastructures, and Zero Trust initiatives * Perform risk assessments, vulnerability analysis, and compliance reviews using ...

The IT Risk Analyst's primary responsibility will be to conduct various risk assessments, including ... Demonstrate a proactive mindset for security education, awareness, and the IT environment ...

The IT Risk Analyst's primary responsibility will be to conduct various risk assessments, including ... Demonstrate a proactive mindset for security education, awareness, and the IT environment ...

Job#: 3040112 Vendor Risk Analyst Location: Quincy, Massachusetts (Remote) Role Overview We are ... Act as a security focal point for the business, coordinating with teams such as Cyber Defense ...

The IT Risk Analyst's primary responsibility will be to conduct various risk assessments, including ... Demonstrate a proactive mindset for security education, awareness, and the IT environment ...

As a key member of the Security Risk & Audit team, the Technology Risk & Continuity Analyst supports the firm's security risk, business continuity, and incident management programs, contributing ...

As a key member of the Security Risk & Audit team, the Technology Risk & Continuity Analyst supports the firm's security risk, business continuity, and incident management programs, contributing ...

As a key member of the Security Risk & Audit team, the Technology Risk & Continuity Analyst supports the firm's security risk, business continuity, and incident management programs, contributing ...

next page

Showing results 1-20

Security Risk Analyst information

See Massachusetts salary details

$11

$55

$76

How much do security risk analyst jobs pay per hour?

As of Jul 16, 2026, the average hourly pay for security risk analyst in Massachusetts is $55.05, according to ZipRecruiter salary data. Most workers in this role earn between $44.62 and $65.62 per hour, depending on experience, location, and employer.

Can I make $200,000 a year in cyber security?

Security Risk Analysts and other cybersecurity professionals can earn $200,000 or more annually, especially with extensive experience, advanced certifications like CISSP, and expertise in areas such as threat analysis or security architecture. High salaries are often found in senior roles, management, or specialized fields within cybersecurity.

What does a Security Risk Analyst do?

A Security Risk Analyst is responsible for identifying, assessing, and mitigating risks to an organization's information systems and data. They analyze security measures, conduct vulnerability assessments, and recommend strategies to protect against threats such as cyberattacks, data breaches, and unauthorized access. Their work helps ensure that a company's digital assets remain safe and compliant with industry regulations. Security Risk Analysts collaborate with IT teams and management to implement effective security policies and respond to incidents as needed.

What are the key skills and qualifications needed to thrive as a Security Risk Analyst, and why are they important?

To thrive as a Security Risk Analyst, you need a strong background in risk assessment, information security principles, and analytical thinking, often supported by a degree in cybersecurity, IT, or a related field. Familiarity with risk management frameworks (such as NIST or ISO 27001), security assessment tools, and certifications like CISSP or CISM is highly valuable. Excellent communication, attention to detail, and problem-solving abilities help you translate complex risks for varied stakeholders and drive mitigation strategies. These skills and qualities are crucial for identifying vulnerabilities, minimizing threats, and maintaining organizational security and compliance.

What are some common challenges Security Risk Analysts face when collaborating with other departments?

Security Risk Analysts often work closely with IT, compliance, and business units to assess and mitigate risks. A common challenge is bridging the gap between technical security requirements and business objectives, as not all stakeholders may have a cybersecurity background. Effective communication and education are key to ensuring that risk recommendations are understood and adopted. Additionally, prioritizing risks with limited resources and balancing security with operational needs can be complex, requiring strong collaboration and negotiation skills.

Can you make $500,000 a year in cyber security?

Security Risk Analysts typically earn salaries below $200,000 annually, but senior roles such as Chief Information Security Officers or cybersecurity executives can reach or exceed $500,000 with extensive experience, certifications, and leadership responsibilities. Achieving this level often requires advanced skills, industry certifications like CISSP, and years of experience in high-level security management. Salary potential varies based on the organization, location, and individual expertise.

Is SOC an entry-level job?

A Security Operations Center (SOC) analyst role is often considered an entry-level position in cybersecurity, suitable for individuals with foundational knowledge of security principles, network protocols, and security tools. However, some SOC roles may require prior experience or certifications such as CompTIA Security+ or Certified SOC Analyst (CSA).

What is the difference between Security Risk Analyst vs Security Analyst?

AspectSecurity Risk AnalystSecurity Analyst
CertificationsCompTIA Security+, CISSP, CISACompTIA Security+, CISSP, CEH
Work EnvironmentRisk assessment, vulnerability analysis, policy developmentMonitoring security systems, incident response, security audits
Employer & Industry UsageFinancial, healthcare, government sectors focusing on risk mitigationIT departments across various industries focusing on security operations

While both roles focus on cybersecurity, Security Risk Analysts primarily assess and manage potential security threats and vulnerabilities, emphasizing risk mitigation strategies. Security Analysts tend to monitor security systems, respond to incidents, and ensure ongoing security measures. Both roles often require similar certifications and work environments but differ in their core responsibilities within cybersecurity teams.

What is a security risk analyst?

A security risk analyst is a professional who identifies, assesses, and mitigates security threats to an organization’s information systems. They analyze vulnerabilities, develop security strategies, and often use tools like risk assessment frameworks and security software to protect data and infrastructure.
What are popular job titles related to Security Risk Analyst jobs in Massachusetts? For Security Risk Analyst jobs in Massachusetts, the most frequently searched job titles are:
What job categories do people searching Security Risk Analyst jobs in Massachusetts look for? The top searched job categories for Security Risk Analyst jobs in Massachusetts are:
Infographic showing various Security Risk Analyst job openings in Massachusetts as of July 2026, with employment types broken down into 1% Locum Tenens, 1% Internship, 80% Full Time, 12% Part Time, 2% Temporary, and 4% Contract. Highlights an 81% Physical, 5% Hybrid, and 14% Remote job distribution, with an average salary of $114,507 per year, or $55.1 per hour.
Cybersecurity Risk Analyst with Security Clearance

Cybersecurity Risk Analyst with Security Clearance

Draper

Cambridge, MA • On-site

$82K - $220K/yr

Other

This job post has expired today. Applications are no longer accepted.


Job description

Overview: Draper is an independent, nonprofit research and development company headquartered in Cambridge, MA. The 2,000+ employees of Draper tackle important national challenges with a promise of delivering successful and usable solutions. From military defense and space exploration to biomedical engineering, lives often depend on the solutions we provide. Our multidisciplinary teams of engineers and scientists work in a collaborative environment that inspires the cross-fertilization of ideas necessary for true innovation. For more information about Draper, visit www.draper.com . Job Description Summary: The Cybersecurity Risk Analyst is a member of Draper's Cybersecurity Risk Management team, responsible primarily for unclassified information system risk and compliance efforts. This role contributes to the Cybersecurity Risk Management team in applying contractual and regulatory requirements to include DFARS and CMMC to Draper's unclassified computing environments. This team serves as the Governance Risk and Compliance (GRC) tool product owner, performs compliance and risk analyses, develops policy, procedures, and standards, and partners closely with peer IT, security, and engineering teams to ensure compliance and risks are appropriately managed thorough the organization. Job Description: Duties/Responsibilities * Serve as a subject matter expert for cybersecurity risk management and compliance frameworks including NIST SP 800-171/53, DAAPM, CMMC, RMF
* Lead CMMC compliance and certification efforts to conduct gap assessments against CMMC requirements, develop and manage remediation plans, support audit readiness and interface with assessors, and ensure ongoing compliance with DFARS and CUI protection requirements
* Provide technical risk guidance on cloud security (Azure, AWS), hybrid infrastructures, and Zero Trust initiatives
* Perform risk assessments, vulnerability analysis, and compliance reviews using tools such as ServiceNow IRM, Nessus, Splunk
* Conduct continuous monitoring of security controls
* Deliver reports and recommendations to executive leadership on risk posture, compliance status, and emerging threats
* Serve as a trusted cybersecurity advisor across the organization
* Develop and promote processes and procedures to analyze and assess cybersecurity risks across an enterprise environment Skills/Abilities * Technical and functional experience in domain of Governance, Audit, Risk Management and Regulatory Compliance.
* Understand risk assessment methodologies, frameworks, and procedures and the ability to work flexibly with them to meet organizational size, maturity, and culture consideration.
* Ability to read, understand, and apply government regulation (FAR, DFARS).
* Strong working knowledge of NIST SP 800-171, NIST SP 800-53, CMMC, NIST Risk Management Framework (RMF), FedRAMP
* Knowledge of CUI and the control sets and documentation necessary for adherence to CUI management and safe keeping.
* Ability to develop organizational cybersecurity policy, procedures, standards, and guidelines
* Ability to think strategically about security risks and tie those to tactical organizational activities and goals.
* Ability and experience developing and maintaining System Security Plans and associated artifacts, such as a Plans of Action & Milestones, Risk Assessment Report, and Continuous Monitoring Strategy
* A thorough knowledge of risk assessment methodologies, such as NIST SP 800-30, Factor Analysis of Information Risk (FAIR), Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE), or other risk assessment practices Education * Bachelor's degree in Information Systems, Cybersecurity, or related field (or equivalent experience) Experience * 4 years of cybersecurity and IT experience, including compliance, risk management, and assessment roles.
* Experience supporting the Defense Industrial Base (DIB) and cleared contractor facilities preferred.
* Ability to obtain a Secret clearance is required. Additional Job Description: Applicants selected for this position will be required to obtain and maintain a government security clearance. Connect With Draper for Future Opportunities! If you don't find the right posting in our Career Opportunities, you may submit your resume for future consideration. Job Location - City: Cambridge Job Location - State: Massachusetts Job Location - Postal Code: 02139-3563 The US base salary range for this full-time position is $82,300.00 - $220,000.00 Our salary ranges are determined by role, level, and location. The range displayed on each job posting reflects the minimum and maximum target salaries for the position across all US locations. Within the range, individual pay is determined by work location and additional factors, including job-related skills, experience, and relevant education or training. Union ranges will be in compliance with the collective bargaining agreement's approved rates by location and role. Your recruiter can share more about the specific salary range for your preferred location during the hiring process. Please note that the compensation details listed in US role postings reflect the base salary only, and does not include bonuses or benefits. Our work is very important to us, but so is our life outside of work. Draper supports many programs to improve work-life balance including workplace flexibility, employee clubs ranging from photography to yoga, health and finance workshops, off site social events and discounts to local museums and cultural activities. If this specific job opportunity and the chance to work at a nationally renowned R&D innovation company appeals to you, apply now www.draper.com/careers . Draper is committed to creating an inclusive environment. We understand the value of inclusivity and its impact on a high-performance culture. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, disability, age, sexual orientation, national origin, veteran status, or genetic information. Draper is committed to providing access, equal opportunity, and reasonable accommodation for individuals with disabilities in employment, its services, programs, and activities. To request reasonable accommodation, please contact .