1

Security Risk Analyst Jobs in Chicago, IL (NOW HIRING)

Governance & Risk Analyst

Chicago, IL · On-site

$85K - $95K/yr

Governance & Risk Analyst in the Enterprise will... The GRC Analyst will support the organization ... Review vendor security questionnaires, supporting evidence, and contractual artifacts to assess ...

Monitor vendor performance risk levels on an ongoing basis, security posture, and ongoing ... Strong analytical and problem-solving skills with the ability to assess complex vendor risk ...

At Apex, we are changing how the securities industry operates by reinventing the status quo, which ... The Lead Risk Analyst will collaborate extensively with Product, Technology, Operations, and ...

New

... and security contributions) and translate results into clear narratives for stakeholders Perform ... Prepare analysis and materials for portfolio reviews, risk forums, and governance routines ...

... and security contributions) and translate results into clear narratives for stakeholders • ... Prepare analysis and materials for portfolio reviews, risk forums, and governance routines ...

Analyst, Risk Monitoring

Chicago, IL · On-site

$68K - $89K/yr

Wedbush Securities is one of the largest securities firms and investment banks in the nation. We ... Our Chicago office is hiring an experienced Supervisor, Risk Monitoring Analyst to join our Risk ...

next page

Showing results 1-20

Security Risk Analyst information

See Chicago, IL salary details

$10

$51

$72

How much do security risk analyst jobs pay per hour?

As of Jul 16, 2026, the average hourly pay for security risk analyst in Chicago, IL is $51.97, according to ZipRecruiter salary data. Most workers in this role earn between $42.12 and $61.97 per hour, depending on experience, location, and employer.

Can I make $200,000 a year in cyber security?

Security Risk Analysts and other cybersecurity professionals can earn $200,000 or more annually, especially with extensive experience, advanced certifications like CISSP, and expertise in areas such as threat analysis or security architecture. High salaries are often found in senior roles, management, or specialized fields within cybersecurity.

What does a Security Risk Analyst do?

A Security Risk Analyst is responsible for identifying, assessing, and mitigating risks to an organization's information systems and data. They analyze security measures, conduct vulnerability assessments, and recommend strategies to protect against threats such as cyberattacks, data breaches, and unauthorized access. Their work helps ensure that a company's digital assets remain safe and compliant with industry regulations. Security Risk Analysts collaborate with IT teams and management to implement effective security policies and respond to incidents as needed.

What are the key skills and qualifications needed to thrive as a Security Risk Analyst, and why are they important?

To thrive as a Security Risk Analyst, you need a strong background in risk assessment, information security principles, and analytical thinking, often supported by a degree in cybersecurity, IT, or a related field. Familiarity with risk management frameworks (such as NIST or ISO 27001), security assessment tools, and certifications like CISSP or CISM is highly valuable. Excellent communication, attention to detail, and problem-solving abilities help you translate complex risks for varied stakeholders and drive mitigation strategies. These skills and qualities are crucial for identifying vulnerabilities, minimizing threats, and maintaining organizational security and compliance.

What are some common challenges Security Risk Analysts face when collaborating with other departments?

Security Risk Analysts often work closely with IT, compliance, and business units to assess and mitigate risks. A common challenge is bridging the gap between technical security requirements and business objectives, as not all stakeholders may have a cybersecurity background. Effective communication and education are key to ensuring that risk recommendations are understood and adopted. Additionally, prioritizing risks with limited resources and balancing security with operational needs can be complex, requiring strong collaboration and negotiation skills.

Can you make $500,000 a year in cyber security?

Security Risk Analysts typically earn salaries below $200,000 annually, but senior roles such as Chief Information Security Officers or cybersecurity executives can reach or exceed $500,000 with extensive experience, certifications, and leadership responsibilities. Achieving this level often requires advanced skills, industry certifications like CISSP, and years of experience in high-level security management. Salary potential varies based on the organization, location, and individual expertise.

Is SOC an entry-level job?

A Security Operations Center (SOC) analyst role is often considered an entry-level position in cybersecurity, suitable for individuals with foundational knowledge of security principles, network protocols, and security tools. However, some SOC roles may require prior experience or certifications such as CompTIA Security+ or Certified SOC Analyst (CSA).

What is the difference between Security Risk Analyst vs Security Analyst?

AspectSecurity Risk AnalystSecurity Analyst
CertificationsCompTIA Security+, CISSP, CISACompTIA Security+, CISSP, CEH
Work EnvironmentRisk assessment, vulnerability analysis, policy developmentMonitoring security systems, incident response, security audits
Employer & Industry UsageFinancial, healthcare, government sectors focusing on risk mitigationIT departments across various industries focusing on security operations

While both roles focus on cybersecurity, Security Risk Analysts primarily assess and manage potential security threats and vulnerabilities, emphasizing risk mitigation strategies. Security Analysts tend to monitor security systems, respond to incidents, and ensure ongoing security measures. Both roles often require similar certifications and work environments but differ in their core responsibilities within cybersecurity teams.

What is a security risk analyst?

A security risk analyst is a professional who identifies, assesses, and mitigates security threats to an organization’s information systems. They analyze vulnerabilities, develop security strategies, and often use tools like risk assessment frameworks and security software to protect data and infrastructure.
What job categories do people searching Security Risk Analyst jobs in Chicago, IL look for? The top searched job categories for Security Risk Analyst jobs in Chicago, IL are:
Infographic showing various Security Risk Analyst job openings in Chicago, IL as of July 2026, with employment types broken down into 1% Locum Tenens, 1% Internship, 85% Full Time, 8% Part Time, 1% Temporary, and 4% Contract. Highlights an 82% Physical, 5% Hybrid, and 13% Remote job distribution, with an average salary of $108,090 per year, or $52 per hour.
Governance & Risk Analyst

Governance & Risk Analyst

ZS

Chicago, IL • On-site

$85K - $95K/yr

Full-time

Posted 2 days ago


Job description

ZS is a place where passion changes lives. As a management consulting and technology firm focused on improving life and how we live it, we transform ideas into impact by bringing together data, science, technology and human ingenuity to deliver better outcomes for all. Here you'll work side-by-side with a powerful collective of thinkers and experts shaping life-changing solutions for patients, caregivers and consumers, worldwide. ZSers drive impact by bringing a client-first mentality to each and every engagement. We partner collaboratively with our clients to develop custom solutions and technology products that create value and deliver company results across critical areas of their business. Bring your curiosity for learning, bold ideas, courage and passion to drive life-changing impact to ZS.
What you'll do: Governance & Risk Analyst in the Enterprise will...
The GRC Analyst will support the organization's Governance, Risk & Compliance function with a primary focus on Third-Party Risk Management (TPRM) and Vendor Risk Assessments (VRA). This role is responsible for conducting end-to-end risk assessments of third-party vendors, identifying security, privacy, and compliance risks, and working with internal stakeholders and vendors to ensure timely risk remediation and closure.
The role requires strong analytical skills, stakeholder engagement, and familiarity with information security, privacy, and regulatory frameworks.
Key Responsibilities
Third-Party Risk Management (TPRM) & Vendor Risk Assessments (VRA)
  • Conduct end-to-end Vendor Risk Assessments (VRA) including initiation, analysis, follow-ups, and final reporting
  • Review vendor security questionnaires, supporting evidence, and contractual artifacts to assess information security, privacy, and compliance risks
  • Identify inherent and residual risks across domains such as not limited only to below:
    • Information Security
    • Data Privacy
    • Access Controls
    • Business Continuity & Disaster Recovery
    • Regulatory & Compliance requirements
  • Clearly document assessment findings, risk ratings, and remediation recommendations in risk management tools and trackers
  • Coordinate with vendors to obtain clarifications, remediation plans, and follow-up evidence for identified gaps

Stakeholder Collaboration & Governance
  • Partner with internal teams including Procurement, Legal, Information Security, Privacy, and Business Owners to support third-party onboarding and risk decisions
  • Escalate high-risk findings and delays to GRC leadership with clear summaries and recommended actions
  • Support second-level reviews and management reporting for VRAs and TPRM activities

Risk Reporting & Continuous Improvement
  • Maintain accurate risk registers, assessment trackers, and dashboards for VRA/TPRM
  • Contribute to improving TPRM frameworks, workflows, and reporting to enhance stakeholder value
  • Assist in developing and updating SOPs, templates, and guidance documents related to vendor risk management

Audit & Compliance Support
  • Support internal and external audits by providing VRA documentation, evidence, and risk summaries
  • Assist with broader GRC initiatives such as policy reviews, opportunity security risk assessments, and compliance assessments as needed

What you'll bring:
  • Bachelor's degree in computer science, Information Systems, or a related field. A relevant master's degree is a plus.
  • Proven experience of at least 2 years or more in IT risk management, governance, or a related field.
  • Strong understanding of IT risk assessment methodologies, frameworks, and industry best practices.
  • Assess vendor security posture against frameworks such as ISO 27001 / 27002, NIST, and SOC 2.
  • Familiarity with regulatory requirements (e.g., GDPR, HIPAA, PCI DSS) and their impact on IT risk management.
  • Knowledge of vendor risk management principles and practices.
  • Experience in performing process, Contract review and project security risk assessments.
  • Proficiency in using risk assessment tools and technologies.
  • Excellent analytical and problem-solving skills.
  • Strong written and verbal communication skills, with the ability to effectively communicate technical concepts to both technical and non-technical audiences.
  • Strong organizational and time management skills, with the ability to manage multiple priorities and deadlines.
  • Relevant certification such as ISO 27001:2022 LA is preferred.
  • Fluency in English
  • Client-first mentality
  • Intense work ethic
  • Collaborative spirit and problem-solving approach

How you'll grow:
  • Cross-functional skills development & custom learning pathways
  • Milestone training programs aligned to career progression opportunities
  • Internal mobility paths that empower growth via s-curves, individual contribution and role expansions

Perks & Benefits:
At ZS, your growth matters. We offer a comprehensive total rewards package that supports your health and well-being, financial future, time away, and professional development. With robust skills-building programs, multiple career progression paths, internal mobility, and a deeply collaborative culture, you'll have the opportunity to do meaningful work, expand your capabilities, and thrive as part of a global community. For details on total rewards in United States, visit ZS US office locations | Where we work | ZS.
Hybrid working model:
We are committed to giving our employees a flexible and connected way of working. A flexible and connected ZS allows us to combine work from home and on-site presence at clients/ZS offices for the majority of our week. The magic of ZS culture and innovation thrives in both planned and spontaneous face-to-face connections.
Travel:
Travel is a requirement at ZS for client facing ZSers; business needs of your project and client are the priority. While some projects may be local, all client-facing ZSers should be prepared to travel as needed. Travel provides opportunities to strengthen client relationships, gain diverse experiences, and enhance professional growth by working in different environments and cultures.
Considering applying?
At ZS, we honor the visible and invisible elements of our identities, personal experiences, and belief systems-the ones that comprise us as individuals, shape who we are, and make us unique. We believe your personal interests, identities, and desire to learn are integral to your success here. We are committed to building a team that reflects a broad variety of backgrounds, perspectives, and experiences. Learn more about our inclusion and belonging efforts and the networks ZS supports to assist our ZSers in cultivating community spaces and obtaining the resources they need to thrive.
If you're eager to grow, contribute, and bring your unique self to our work, we encourage you to apply.
ZS is an equal opportunity employer and is committed to providing equal employment and advancement opportunities without regard to any class protected by applicable law.
Work Authorization:
This position is not eligible for visa sponsorship. Candidates must have authorization to work in the United States that does not now or in the future require employer sponsorship.
To complete your application:
An on-line application, including a full set of transcripts (official or unofficial), is required to be considered.
NO AGENCY CALLS, PLEASE.
Find Out More At:
www.zs.com

ZS logo

About ZS

Sourced by ZipRecruiter

Industry

Business management consulting

Company size

10,000+ Employees

Headquarters location

Evanston, IL, US

Year founded

1983