1

Security Risk Analyst Jobs in Massachusetts (NOW HIRING)

Prepare materials and analysis to support the Cyber Risk Committee and executive risk reporting ... Partner with Security Architecture to assess risk in system designs, cloud architecture, identity ...

GRC Analyst - Third Party Risk

Boston, MA · On-site

$70K - $110K/yr

As a GRC Analyst, you will support the WHOOP Governance, Risk, and Compliance program. You will ... security compliance workflows. Success in this role requires strong attention to detail ...

Prepare materials and analysis to support the Cyber Risk Committee and executive risk reporting ... Partner with Security Architecture to assess risk in system designs, cloud architecture, identity ...

GRC Analyst - Third Party Risk

Boston, MA · On-site

$70K - $110K/yr

As a GRC Analyst, you will support the WHOOP Governance, Risk, and Compliance program. You will ... security compliance workflows. Success in this role requires strong attention to detail ...

next page

Showing results 1-20

Security Risk Analyst information

See Massachusetts salary details

$11

$55

$76

How much do security risk analyst jobs pay per hour?

As of Jul 16, 2026, the average hourly pay for security risk analyst in Massachusetts is $55.05, according to ZipRecruiter salary data. Most workers in this role earn between $44.62 and $65.62 per hour, depending on experience, location, and employer.

Can I make $200,000 a year in cyber security?

Security Risk Analysts and other cybersecurity professionals can earn $200,000 or more annually, especially with extensive experience, advanced certifications like CISSP, and expertise in areas such as threat analysis or security architecture. High salaries are often found in senior roles, management, or specialized fields within cybersecurity.

What does a Security Risk Analyst do?

A Security Risk Analyst is responsible for identifying, assessing, and mitigating risks to an organization's information systems and data. They analyze security measures, conduct vulnerability assessments, and recommend strategies to protect against threats such as cyberattacks, data breaches, and unauthorized access. Their work helps ensure that a company's digital assets remain safe and compliant with industry regulations. Security Risk Analysts collaborate with IT teams and management to implement effective security policies and respond to incidents as needed.

What are the key skills and qualifications needed to thrive as a Security Risk Analyst, and why are they important?

To thrive as a Security Risk Analyst, you need a strong background in risk assessment, information security principles, and analytical thinking, often supported by a degree in cybersecurity, IT, or a related field. Familiarity with risk management frameworks (such as NIST or ISO 27001), security assessment tools, and certifications like CISSP or CISM is highly valuable. Excellent communication, attention to detail, and problem-solving abilities help you translate complex risks for varied stakeholders and drive mitigation strategies. These skills and qualities are crucial for identifying vulnerabilities, minimizing threats, and maintaining organizational security and compliance.

What are some common challenges Security Risk Analysts face when collaborating with other departments?

Security Risk Analysts often work closely with IT, compliance, and business units to assess and mitigate risks. A common challenge is bridging the gap between technical security requirements and business objectives, as not all stakeholders may have a cybersecurity background. Effective communication and education are key to ensuring that risk recommendations are understood and adopted. Additionally, prioritizing risks with limited resources and balancing security with operational needs can be complex, requiring strong collaboration and negotiation skills.

Can you make $500,000 a year in cyber security?

Security Risk Analysts typically earn salaries below $200,000 annually, but senior roles such as Chief Information Security Officers or cybersecurity executives can reach or exceed $500,000 with extensive experience, certifications, and leadership responsibilities. Achieving this level often requires advanced skills, industry certifications like CISSP, and years of experience in high-level security management. Salary potential varies based on the organization, location, and individual expertise.

Is SOC an entry-level job?

A Security Operations Center (SOC) analyst role is often considered an entry-level position in cybersecurity, suitable for individuals with foundational knowledge of security principles, network protocols, and security tools. However, some SOC roles may require prior experience or certifications such as CompTIA Security+ or Certified SOC Analyst (CSA).

What is the difference between Security Risk Analyst vs Security Analyst?

AspectSecurity Risk AnalystSecurity Analyst
CertificationsCompTIA Security+, CISSP, CISACompTIA Security+, CISSP, CEH
Work EnvironmentRisk assessment, vulnerability analysis, policy developmentMonitoring security systems, incident response, security audits
Employer & Industry UsageFinancial, healthcare, government sectors focusing on risk mitigationIT departments across various industries focusing on security operations

While both roles focus on cybersecurity, Security Risk Analysts primarily assess and manage potential security threats and vulnerabilities, emphasizing risk mitigation strategies. Security Analysts tend to monitor security systems, respond to incidents, and ensure ongoing security measures. Both roles often require similar certifications and work environments but differ in their core responsibilities within cybersecurity teams.

What is a security risk analyst?

A security risk analyst is a professional who identifies, assesses, and mitigates security threats to an organization’s information systems. They analyze vulnerabilities, develop security strategies, and often use tools like risk assessment frameworks and security software to protect data and infrastructure.
What are popular job titles related to Security Risk Analyst jobs in Massachusetts? For Security Risk Analyst jobs in Massachusetts, the most frequently searched job titles are:
What job categories do people searching Security Risk Analyst jobs in Massachusetts look for? The top searched job categories for Security Risk Analyst jobs in Massachusetts are:
Infographic showing various Security Risk Analyst job openings in Massachusetts as of July 2026, with employment types broken down into 1% Locum Tenens, 1% Internship, 80% Full Time, 12% Part Time, 2% Temporary, and 4% Contract. Highlights an 81% Physical, 5% Hybrid, and 14% Remote job distribution, with an average salary of $114,507 per year, or $55.1 per hour.
Senior Risk & Compliance Analyst

Senior Risk & Compliance Analyst

Whoop

Boston, MA

$130K - $170K/yr

Other

Re-posted 29 days ago


Job description

RESPONSIBILITIES:
  • Lead cyber and technology risk assessments across systems, cloud environments, business processes, and major initiatives, evaluating threats, vulnerabilities, control effectiveness, and residual risk.

  • Maintain and operate the enterprise cyber risk register, including drafting risk statements, tracking mitigation plans, and supporting governance and reporting processes.

  • Translate technical findings, architectural concerns, and control gaps into clear business risk scenarios that support prioritization and decision-making.

  • Support and help mature quantitative cyber risk analysis approaches such as FAIR to improve how risk is measured and communicated.

  • Prepare materials and analysis to support the Cyber Risk Committee and executive risk reporting.

  • Partner with Security Architecture to assess risk in system designs, cloud architecture, identity models, data flows, and platform changes.

  • Collaborate with Security Engineering, Product Security, Legal, IT, and business teams to evaluate new initiatives, technology changes, artificial intelligence use cases, and third-party integrations through a risk lens.

  • Conduct risk assessments for emerging technologies including artificial intelligence and machine learning systems, evaluating data usage, model behavior, external dependencies, and security implications.

  • Evaluate risks associated with the use of artificial intelligence technologies, including model behavior, data exposure, prompt or input manipulation, and external model dependencies.

  • Develop dashboards and reporting that provide leadership with visibility into key cybersecurity risks and trends.

  • Track mitigation progress and risk treatment activities to ensure accountability and clear documentation of outcomes.

  • Contribute to the continued development of cyber risk management processes, methodologies, and governance practices across the GRC program.

QUALIFICATIONS:
  • 6+ years of experience in cybersecurity risk management, information security, technology risk, or a related field.

  • Demonstrated experience conducting structured cybersecurity or IT risk assessments.

  • Experience maintaining risk registers and tracking risk mitigation or treatment activities.

  • Strong understanding of security frameworks such as NIST CSF, ISO 27001, or PCI DSS, and familiarity with regulatory environments such as GDPR, HIPAA or other privacy and data protection requirements.

  • Ability to translate technical findings into clear business risk for non-technical stakeholders.

  • Strong written and verbal communication skills with experience presenting findings to cross-functional teams.

  • Experience working with engineering, architecture, legal, compliance, and business stakeholders.

  • Experience assessing risks related to artificial intelligence, machine learning systems, or emerging technologies, including familiarity with emerging AI governance frameworks such as NIST AI RMF, ISO/IEC 42001, or similar standards.

  • Professional certifications such as CRISC, CISSP, CISM, CISA, or CGRC are a plus.

This role is based in the WHOOP office located in Boston, MA. The successful candidate must be prepared to relocate if necessary to work out of the Boston, MA office.

Interested in the role, but don't meet every qualification? We encourage you to still apply! At WHOOP, we believe there is much more to a candidate than what is written on paper, and we value character as much as experience. As we continue to build a diverse and inclusive environment, we encourage anyone who is interested in this role to apply.

WHOOP is an Equal Opportunity Employer and participates in E-verify to determine employment eligibility

The WHOOP compensation philosophy is designed to attract, motivate, and retain exceptional talent by offering competitive base salaries, meaningful equity, and consistent pay practices that reflect our mission and core values.

At WHOOP, we view total compensation as the combination of base salary, equity, and benefits, with equity serving as a key differentiator that aligns our employees with the long-term success of the company and allows every member of our corporate team to own part of WHOOP and share in the company's long-term growth and success.

The U.S. base salary range for this full-time position is $130,000 - $170,000. Salary ranges are determined by role, level, and location. Within each range, individual pay is based on factors such as job-related skills, experience, performance, and relevant education or training. 

In addition to the base salary, the successful candidate will also receive benefits and a generous equity package.

 These ranges may be modified in the future to reflect evolving market conditions and organizational needs. While most offers will typically fall toward the starting point of the range, total compensation will depend on the candidate's specific qualifications, expertise, and alignment with the role's requirements.

apply for this job

Whoop logo

About Whoop

Sourced by ZipRecruiter

At WHOOP, we're on a mission to unlock human performance. WHOOP empowers users (Olympians, Professional Athletes, Fitness Enthusiasts, etc) to perform at a higher level through a deeper understanding of their bodies and daily lives.

Industry

Fitness and sports centers

Company size

501 - 1,000 Employees

Headquarters location

Boston, MA, US

Year founded

2012