ZipRecruiter

Log In

1

Security Risk Analyst Jobs in Pennsylvania (NOW HIRING)

UHS

Risk Insurance Analyst

King Of Prussia, PA · On-site

The UHS Corporate Insurance Department is seeking a Risk Insurance Analyst to c oordinate, monitor ... Security Number, credit card or bank information, etc.) from you via email. The recruiters will not ...

UHS

Risk Insurance Analyst

King Of Prussia, PA · Hybrid

The UHS Corporate Insurance Department is seeking a Risk Insurance Analyst to c oordinate, monitor ... Security Number, credit card or bank information, etc.) from you via email. The recruiters will not ...

next page

Showing results 1-20

All JobsSecurity Risk Analyst JobsSecurity Risk Analyst Jobs in Pennsylvania

Security Risk Analyst information

See Pennsylvania salary details

$10

$50

$70

How much do security risk analyst jobs pay per hour?

As of Jun 28, 2026, the average hourly pay for security risk analyst in Pennsylvania is $50.53, according to ZipRecruiter salary data. Most workers in this role earn between $40.96 and $60.24 per hour, depending on experience, location, and employer.

Can I make $200,000 a year in cyber security?

Security Risk Analysts and other cybersecurity professionals can potentially earn $200,000 or more annually, especially with advanced skills, certifications like CISSP, and experience in high-demand areas such as threat intelligence or security architecture. Achieving this level often requires several years of experience, specialized knowledge, and working in senior or managerial roles within organizations or consulting firms.

What does a Security Risk Analyst do?

A Security Risk Analyst is responsible for identifying, assessing, and mitigating risks to an organization's information systems and data. They analyze security measures, conduct vulnerability assessments, and recommend strategies to protect against threats such as cyberattacks, data breaches, and unauthorized access. Their work helps ensure that a company's digital assets remain safe and compliant with industry regulations. Security Risk Analysts collaborate with IT teams and management to implement effective security policies and respond to incidents as needed.

What are the key skills and qualifications needed to thrive as a Security Risk Analyst, and why are they important?

To thrive as a Security Risk Analyst, you need a strong background in risk assessment, information security principles, and analytical thinking, often supported by a degree in cybersecurity, IT, or a related field. Familiarity with risk management frameworks (such as NIST or ISO 27001), security assessment tools, and certifications like CISSP or CISM is highly valuable. Excellent communication, attention to detail, and problem-solving abilities help you translate complex risks for varied stakeholders and drive mitigation strategies. These skills and qualities are crucial for identifying vulnerabilities, minimizing threats, and maintaining organizational security and compliance.

What are some common challenges Security Risk Analysts face when collaborating with other departments?

Security Risk Analysts often work closely with IT, compliance, and business units to assess and mitigate risks. A common challenge is bridging the gap between technical security requirements and business objectives, as not all stakeholders may have a cybersecurity background. Effective communication and education are key to ensuring that risk recommendations are understood and adopted. Additionally, prioritizing risks with limited resources and balancing security with operational needs can be complex, requiring strong collaboration and negotiation skills.

Can you make $500,000 a year in cyber security?

Security Risk Analysts typically earn salaries below $200,000 annually, but senior roles such as Chief Information Security Officers or cybersecurity executives can reach or exceed $500,000 with extensive experience, certifications, and leadership responsibilities. Achieving this level often requires advanced skills, industry certifications like CISSP, and years of experience in high-level security management.

Is SOC an entry level job?

A Security Operations Center (SOC) analyst role is typically not entry-level and usually requires some experience in cybersecurity, network monitoring, or related fields. Entry-level positions may be labeled as SOC analyst I or junior SOC analyst, but higher-level roles often demand certifications like CompTIA Security+ or CISSP and familiarity with security tools such as SIEM systems.

What is the difference between Security Risk Analyst vs Security Analyst?

AspectSecurity Risk AnalystSecurity Analyst
CertificationsCompTIA Security+, CISSP, CISACompTIA Security+, CISSP, CEH
Work EnvironmentRisk assessment, vulnerability analysis, policy developmentMonitoring security systems, incident response, security audits
Employer & Industry UsageFinancial, healthcare, government sectors focusing on risk mitigationIT departments across various industries focusing on security operations

While both roles focus on cybersecurity, Security Risk Analysts primarily assess and manage potential security threats and vulnerabilities, emphasizing risk mitigation strategies. Security Analysts tend to monitor security systems, respond to incidents, and ensure ongoing security measures. Both roles often require similar certifications and work environments but differ in their core responsibilities within cybersecurity teams.

What is a security risk analyst?

A security risk analyst is a professional who identifies, assesses, and mitigates security threats to an organization’s information systems. They analyze vulnerabilities, develop security strategies, and often use tools like risk assessment frameworks and security software to protect data and infrastructure.
What are popular job titles related to Security Risk Analyst jobs in Pennsylvania? For Security Risk Analyst jobs in Pennsylvania, the most frequently searched job titles are:
What job categories do people searching Security Risk Analyst jobs in Pennsylvania look for? The top searched job categories for Security Risk Analyst jobs in Pennsylvania are:
What cities in Pennsylvania are hiring for Security Risk Analyst jobs? Cities in Pennsylvania with the most Security Risk Analyst job openings:
What are popular job titles related to Security Risk Analyst jobs in PA? For Security Risk Analyst jobs in PA, the most frequently searched job titles are:
Security Risk Analyst jobs near you
Infographic showing various Security Risk Analyst job openings in Pennsylvania as of June 2026, with employment types broken down into 1% As Needed, 96% Full Time, 2% Part Time, and 1% Contract. Highlights an 93% Physical, 3% Hybrid, and 4% Remote job distribution, with an average salary of $105,100 per year, or $50.5 per hour.
Third Party Risk Management Analyst

Third Party Risk Management Analyst

Burke & Herbert Bank & Trust

Camp Hill, PA • On-site

Full-time

Posted 17 days ago

Burke & Herbert Bank rating

5.6

Company rating: 5.6 out of 10

Based on 8 frontline employees who took The Breakroom Quiz

134th of 142 rated banks

Job description

CLASSIFICATION: Non-exempt

REPORTS TO: Program Manager, Third Party Risk Management

JOB DESCRIPTION

Summary/Objective


Under the direction of the Program Manager, Third Party Risk Management, the Third‑Party Vendor Risk Analyst supports the execution of the Bank’s Third‑Party Risk Management (TPRM) Program by performing day‑to‑day operational, analytical, and facilitation activities. In partnership with the Program Manager, the Analyst helps strengthen and sustain effective vendor review cadence by coordinating stakeholder inputs, producing complete and traceable documentation, and preparing exam‑ready artifacts. This role ensures vendor risk activities—including due diligence, ongoing monitoring, documentation, and issue tracking—are executed in a timely, consistent, and examination‑defensible manner.


Essential Functions
Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.


  • Execute day‑to‑day third‑party risk management activities for new and existing vendors in accordance with the Bank’s TPRM Program, with heightened focus on critical and GLBA‑High risk relationships. Support initial due diligence and ongoing risk assessments by collecting, validating, and documenting required artifacts and supporting materials for higher‑risk vendors to facilitate effective review, challenge, and approval by the Program Manager.


  • Maintain and manage the rolling vendor review schedule established by the Program Manager, ensuring critical and high‑risk third‑party relationships are prioritized and reviewed in accordance with established cadence and monitoring requirements. Coordinate with internal stakeholders, including Information Security, IT, Compliance, Finance, and Accounting, to obtain required risk assessment inputs and documentation necessary to support vendor reviews, providing enhanced facilitation for critical and GLBA‑High risk vendors.


  • Track vendors review progress, outstanding action items, and remediation activities, maintaining visibility into reviews, documentation gaps, and issue resolution. Proactively escalate aging, overdue, or at‑risk items to the Program Manager to support timely awareness, decision‑making, and risk mitigation.


  • Prepare, maintain, and organize comprehensive vendor review documentation, including executive summaries, evidence inventories, and issue tracking materials, with enhanced rigor applied to files associated with critical and GLBA‑High risk vendors. Ensure that vendor risk conclusions and assigned risk ratings are clearly, consistently, and defensibly supported by documented evidence prior to Program Manager review and sign‑off.


  • Assist in documenting risk acceptance decisions and remediation status under the direction of the Program Manager, ensuring alignment with TPRM program standards, internal governance expectations, and applicable regulatory requirements.


  • Identify procedural gaps, workflow inefficiencies, and documentation issues encountered during third‑party risk management execution, particularly those impacting oversight of critical and GLBA‑High risk vendors. Escalate observations and improvement opportunities to the Program Manager for program‑level evaluation and continuous improvement.


  • Support ad hoc projects, process enhancements, and targeted initiatives led by the Program Manager to strengthen third‑party risk governance, operational effectiveness, and overall program maturity.


Other Duties

  • Contract and Procurement Support

Support the Program Manager by tracking vendor‑related review milestones (including onboarding, renewals, and amendments). Ensure required vendor review documentation is complete, accurate, and available to support informed contractual decisions prior to execution.


  • Governance, Metrics, and Reporting Support

Compile and maintain program metrics, status reports, and supporting materials used to measure and monitor Third‑Party Risk Management (TPRM) program performance. Assist, as directed by the Program Manager, in preparing materials for internal governance forums, audits, and regulatory examinations.


  • Audit and Examination Readiness

Support internal and external audits and regulatory examinations by organizing vendor files, maintaining evidence mappings, and assembling response documentation under Program Manager guidance. Maintain vendor records in an exam‑ready state to support Program Manager interactions with auditors, regulators, and risk committees.

Skills/Abilities

  • Working knowledge of third-party risk management practices and regulatory expectations within a regulated financial services environment.
  • Strong analytical skills with the ability to assess risk data, identify trends, and support informed decision-making.
  • Excellent organizational and documentation skills with high attention to detail.
  • Ability to collaborate effectively with cross‑functional stakeholders while operating under Program Manager direction.
  • Strong written and verbal communication skills to support clear documentation, issue analysis, and timely escalation.
  • Proficiency with Microsoft Office (Excel, Word, PowerPoint) and risk management or workflow tracking tools.

Supervisory Responsibility

This position does not have supervisory responsibilities.


Work Environment

This job operates in an office setting, the opportunity to telework is not available. This role routinely uses standard office equipment such as computers, phones, photocopiers, filing cabinets and fax machines. Office environment with job duties conducted via telephone, face to face meetings, and on the computer.


Physical Demands

This position requires manual dexterity, the ability to lift files and open cabinets. This position requires bending, stooping, or standing, as necessary.


Travel

Limited local travel may be required for this position.

Education and Experience

Education

  • Requires a bachelor’s degree in business, Finance, Risk Management, Information Systems, Compliance, or a related field or equivalent professional experience supporting risk management functions in a regulated environment.

Experience

  • Requires a minimum of 1 year of experience supporting third‑party vendor management, operational risk, compliance, information security, or a related risk discipline within a regulated industry.
  • Requires hands‑on experience supporting vendor due diligence, ongoing monitoring, documentation, and issue tracking activities.
  • Experience coordinating with cross‑functional stakeholders (e.g., Information Security, IT, Compliance, Finance) to collect and organize risk assessment inputs.
  • Experience producing or maintaining clear, well‑organized, and evidence‑based documentation to support management review, audit, or regulatory examination.



Equal Employment Opportunity/M/F/disability/protected veteran status.



Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities, and activities may change at any time with or without notice.