1

Security Risk Analyst Jobs in Massachusetts (NOW HIRING)

The Senior Risk & Compliance Analyst will support the design and execution of the cyber risk ... Required : • 6+ years of experience in cybersecurity risk management, information security ...

As a GRC Analyst, you will support the WHOOP Governance, Risk, and Compliance program. You will ... security compliance workflows. Success in this role requires strong attention to detail ...

Prepare materials and analysis to support the Cyber Risk Committee and executive risk reporting ... Partner with Security Architecture to assess risk in system designs, cloud architecture, identity ...

As a GRC Analyst, you will support the WHOOP Governance, Risk, and Compliance program. You will ... security compliance workflows. Success in this role requires strong attention to detail ...

Prepare materials and analysis to support the Cyber Risk Committee and executive risk reporting ... Partner with Security Architecture to assess risk in system designs, cloud architecture, identity ...

next page

Showing results 1-20

Security Risk Analyst information

See Massachusetts salary details

$11

$55

$76

How much do security risk analyst jobs pay per hour?

As of Jul 17, 2026, the average hourly pay for security risk analyst in Massachusetts is $55.05, according to ZipRecruiter salary data. Most workers in this role earn between $44.62 and $65.62 per hour, depending on experience, location, and employer.

Can I make $200,000 a year in cyber security?

Security Risk Analysts and other cybersecurity professionals can earn $200,000 or more annually, especially with extensive experience, advanced certifications like CISSP, and expertise in areas such as threat analysis or security architecture. High salaries are often found in senior roles, management, or specialized fields within cybersecurity.

What does a Security Risk Analyst do?

A Security Risk Analyst is responsible for identifying, assessing, and mitigating risks to an organization's information systems and data. They analyze security measures, conduct vulnerability assessments, and recommend strategies to protect against threats such as cyberattacks, data breaches, and unauthorized access. Their work helps ensure that a company's digital assets remain safe and compliant with industry regulations. Security Risk Analysts collaborate with IT teams and management to implement effective security policies and respond to incidents as needed.

What are the key skills and qualifications needed to thrive as a Security Risk Analyst, and why are they important?

To thrive as a Security Risk Analyst, you need a strong background in risk assessment, information security principles, and analytical thinking, often supported by a degree in cybersecurity, IT, or a related field. Familiarity with risk management frameworks (such as NIST or ISO 27001), security assessment tools, and certifications like CISSP or CISM is highly valuable. Excellent communication, attention to detail, and problem-solving abilities help you translate complex risks for varied stakeholders and drive mitigation strategies. These skills and qualities are crucial for identifying vulnerabilities, minimizing threats, and maintaining organizational security and compliance.

What are some common challenges Security Risk Analysts face when collaborating with other departments?

Security Risk Analysts often work closely with IT, compliance, and business units to assess and mitigate risks. A common challenge is bridging the gap between technical security requirements and business objectives, as not all stakeholders may have a cybersecurity background. Effective communication and education are key to ensuring that risk recommendations are understood and adopted. Additionally, prioritizing risks with limited resources and balancing security with operational needs can be complex, requiring strong collaboration and negotiation skills.

Can you make $500,000 a year in cyber security?

Security Risk Analysts typically earn salaries below $200,000 annually, but senior roles such as Chief Information Security Officers or cybersecurity executives can reach or exceed $500,000 with extensive experience, certifications, and leadership responsibilities. Achieving this level often requires advanced skills, industry certifications like CISSP, and years of experience in high-level security management. Salary potential varies based on the organization, location, and individual expertise.

Is SOC an entry-level job?

A Security Operations Center (SOC) analyst role is often considered an entry-level position in cybersecurity, suitable for individuals with foundational knowledge of security principles, network protocols, and security tools. However, some SOC roles may require prior experience or certifications such as CompTIA Security+ or Certified SOC Analyst (CSA).

What is the difference between Security Risk Analyst vs Security Analyst?

AspectSecurity Risk AnalystSecurity Analyst
CertificationsCompTIA Security+, CISSP, CISACompTIA Security+, CISSP, CEH
Work EnvironmentRisk assessment, vulnerability analysis, policy developmentMonitoring security systems, incident response, security audits
Employer & Industry UsageFinancial, healthcare, government sectors focusing on risk mitigationIT departments across various industries focusing on security operations

While both roles focus on cybersecurity, Security Risk Analysts primarily assess and manage potential security threats and vulnerabilities, emphasizing risk mitigation strategies. Security Analysts tend to monitor security systems, respond to incidents, and ensure ongoing security measures. Both roles often require similar certifications and work environments but differ in their core responsibilities within cybersecurity teams.

What is a security risk analyst?

A security risk analyst is a professional who identifies, assesses, and mitigates security threats to an organization’s information systems. They analyze vulnerabilities, develop security strategies, and often use tools like risk assessment frameworks and security software to protect data and infrastructure.
What are popular job titles related to Security Risk Analyst jobs in Massachusetts? For Security Risk Analyst jobs in Massachusetts, the most frequently searched job titles are:
What job categories do people searching Security Risk Analyst jobs in Massachusetts look for? The top searched job categories for Security Risk Analyst jobs in Massachusetts are:
Infographic showing various Security Risk Analyst job openings in Massachusetts as of July 2026, with employment types broken down into 1% Locum Tenens, 1% Internship, 80% Full Time, 12% Part Time, 2% Temporary, and 4% Contract. Highlights an 81% Physical, 5% Hybrid, and 14% Remote job distribution, with an average salary of $114,507 per year, or $55.1 per hour.
Principal Technology Risk Analyst

Principal Technology Risk Analyst

Fidelity Investments

Boston, MA • On-site

$140K - $150K/yr

Full-time

Re-posted 6 days ago


Fidelity Investments rating

8.7

Company rating: 8.7 out of 10

Based on 266 frontline employees who took The Breakroom Quiz

17th of 148 rated financial services


Job description


Position Description:
***Applicants are permitted to work remotely from an at-home worksite anywhere in the United States.***
Facilitates all external audit activity related to financial reporting, independent controls attestation, and compliance with regulatory requirements. Performs proactive risk assessments and develops control strategies for emerging technologies, including AI, Machine Learning, and Snowflake data services. Runs external audits and technology risk support for inquiries from technology and operational stakeholders. Supports systems and technology for external audit activity, including attestation and financial statement audits.
Primary Responsibilities:
  • Enhances the external audit program activities focused on key technology areas, including DevOps, Cloud, and Technology Operations.
  • Coordinates external auditor readiness engagements and readiness assessments, and provides timely status updates to management.
  • Plans and coordinates audit cycles with external auditors and internal stakeholders.
  • Facilitates requests from external auditor and monitors the progress to ensure timely completion.
  • Performs technology risk assessments and develops control strategies; including documenting controls, identifying potential gaps and inconsistencies, and making recommendations for improvement and mitigation.
  • Provides technical assistance on risk related systems issues.
  • Serves as a liaison with technology and risk teams to track external audit findings and perform issues follow-up.
  • Consults with other team members to generate action plans and resolve technical issues.
  • Assesses the various information technology risks that the business faces in its operations and implements action plans, policy, and procedural changes for risk avoidance and mitigation.
  • Evaluates control maturity by performing control design and operating effectiveness reviews and

peer reviews.
  • Assists with conducting Cloud Risk assessments and readiness reviews for applications and workloads migrating to the public Cloud environment.

Education and Experience:
Bachelor's degree in Computer Science, Engineering, Information Technology, Information Systems, Management Information Systems, or a closely related field (or foreign education equivalent) and five (5) years of experience as a Principal Technology Risk Analyst (or closely related occupation) performing Information Technology (IT) audits, risk assessments, and cybersecurity control reviews.
Or, alternatively, Master's degree in Computer Science, Engineering, Information Technology, Information Systems, Management Information Systems, or a closely related field (or foreign education equivalent) and three (3) years of experience as a Principal Technology Risk Analyst (or closely related occupation) performing Information Technology (IT) audits, risk assessments, and cybersecurity control reviews.
Skills and Knowledge:
Candidate must also possess:
  • Demonstrated Expertise ("DE") performing or coordinating external audit engagements (SOC 1, SOC 2, SOC 3, controls attestation reports, financial audits, ISO 27001, or COBIT external IT audit programs) in distributed environments; and maintaining in-scope IT General Control (ITGCs) and IT Application (ITAC) documentation and procedures.
  • DE performing an IT controls assurance program -- identifying and designing new controls, evaluating control procedures and evidence documentation, and conducting control assessments through formal design and operating effectiveness reviews; and establishing control maturity and control/process enhancements using industry control frameworks - AICPA Trust Service Criteria, HiTRUST, ISO 27001 certification standard, or NIST Cybersecurity frameworks.
  • DE performing risk management and IT audits, and implementing ITGC or cybersecurity controls for large-scale, complex IT infrastructures, including mainframe, distributed, network, cloud, and vendor hosted (SaaS/PaaS) infrastructure; reviewing vendor's independent SOC 1 or SOC 2 audit reports to confirm the appropriate controls are in place for the services provided and to safeguard data; and creating executive communications focusing on risk, impact, and corrective actions, using Governance, Risk, and Compliance (GRC) tools.
  • DE performing risk assessments and IT audits of secure software development lifecycle processes and procedures -- automated build and deployment pipelines in a DevOps solutions framework, using Github, SonarQube, Jenkins, Artifactory, or uDeploy; and assessing software development controls, identifying potential gaps and inconsistencies, and making recommendations for improvement and mitigation.

Salary: $140,000.00 - $150,000.00/year.
#PE1M2
#LI-DNI
Certifications:
Category:
Information Technology
Please be advised that Fidelity's business is governed by the provisions of the Securities Exchange Act of 1934, the Investment Advisers Act of 1940, the Investment Company Act of 1940, ERISA, numerous state laws governing securities, investment and retirement-related financial activities and the rules and regulations of numerous self-regulatory organizations, including FINRA, among others. Those laws and regulations may restrict Fidelity from hiring and/or associating with individuals with certain Criminal Histories.

What Fidelity Investments employees say

Pay

Benefits

Hours and flexibility

Workplace

Get the full story on Breakroom