1

Security Risk Analyst Jobs in Houston, TX (NOW HIRING)

Geopolitical risk analysis * Terrorism trends * Insider threats * Open-source intelligence (OSINT) * Travel security management * Incident response Skills: * Proven written, verbal and interpersonal ...

Geopolitical risk analysis * Terrorism trends * Insider threats * Open-source intelligence (OSINT) * Travel security management * Incident response Skills: * Proven written, verbal and interpersonal ...

next page

Showing results 1-20

Security Risk Analyst information

See Houston, TX salary details

$9

$48

$66

How much do security risk analyst jobs pay per hour?

As of Jul 14, 2026, the average hourly pay for security risk analyst in Houston, TX is $48.12, according to ZipRecruiter salary data. Most workers in this role earn between $38.99 and $57.36 per hour, depending on experience, location, and employer.

Can I make $200,000 a year in cyber security?

Security Risk Analysts and other cybersecurity professionals can earn $200,000 or more annually, especially with extensive experience, advanced certifications like CISSP, and expertise in areas such as threat analysis or security architecture. High salaries are often found in senior roles, management, or specialized fields within cybersecurity.

What does a Security Risk Analyst do?

A Security Risk Analyst is responsible for identifying, assessing, and mitigating risks to an organization's information systems and data. They analyze security measures, conduct vulnerability assessments, and recommend strategies to protect against threats such as cyberattacks, data breaches, and unauthorized access. Their work helps ensure that a company's digital assets remain safe and compliant with industry regulations. Security Risk Analysts collaborate with IT teams and management to implement effective security policies and respond to incidents as needed.

What are the key skills and qualifications needed to thrive as a Security Risk Analyst, and why are they important?

To thrive as a Security Risk Analyst, you need a strong background in risk assessment, information security principles, and analytical thinking, often supported by a degree in cybersecurity, IT, or a related field. Familiarity with risk management frameworks (such as NIST or ISO 27001), security assessment tools, and certifications like CISSP or CISM is highly valuable. Excellent communication, attention to detail, and problem-solving abilities help you translate complex risks for varied stakeholders and drive mitigation strategies. These skills and qualities are crucial for identifying vulnerabilities, minimizing threats, and maintaining organizational security and compliance.

What are some common challenges Security Risk Analysts face when collaborating with other departments?

Security Risk Analysts often work closely with IT, compliance, and business units to assess and mitigate risks. A common challenge is bridging the gap between technical security requirements and business objectives, as not all stakeholders may have a cybersecurity background. Effective communication and education are key to ensuring that risk recommendations are understood and adopted. Additionally, prioritizing risks with limited resources and balancing security with operational needs can be complex, requiring strong collaboration and negotiation skills.

Can you make $500,000 a year in cyber security?

Security Risk Analysts typically earn salaries below $200,000 annually, but senior roles such as Chief Information Security Officers or cybersecurity executives can reach or exceed $500,000 with extensive experience, certifications, and leadership responsibilities. Achieving this level often requires advanced skills, industry certifications like CISSP, and years of experience in high-level security management. Salary potential varies based on the organization, location, and individual expertise.

Is SOC an entry-level job?

A Security Operations Center (SOC) analyst role is often considered an entry-level position in cybersecurity, suitable for individuals with foundational knowledge of security principles, network protocols, and security tools. However, some SOC roles may require prior experience or certifications such as CompTIA Security+ or Certified SOC Analyst (CSA).

What is the difference between Security Risk Analyst vs Security Analyst?

AspectSecurity Risk AnalystSecurity Analyst
CertificationsCompTIA Security+, CISSP, CISACompTIA Security+, CISSP, CEH
Work EnvironmentRisk assessment, vulnerability analysis, policy developmentMonitoring security systems, incident response, security audits
Employer & Industry UsageFinancial, healthcare, government sectors focusing on risk mitigationIT departments across various industries focusing on security operations

While both roles focus on cybersecurity, Security Risk Analysts primarily assess and manage potential security threats and vulnerabilities, emphasizing risk mitigation strategies. Security Analysts tend to monitor security systems, respond to incidents, and ensure ongoing security measures. Both roles often require similar certifications and work environments but differ in their core responsibilities within cybersecurity teams.

What is a security risk analyst?

A security risk analyst is a professional who identifies, assesses, and mitigates security threats to an organization’s information systems. They analyze vulnerabilities, develop security strategies, and often use tools like risk assessment frameworks and security software to protect data and infrastructure.
What job categories do people searching Security Risk Analyst jobs in Houston, TX look for? The top searched job categories for Security Risk Analyst jobs in Houston, TX are:
What cities near Houston, TX are hiring for Security Risk Analyst jobs? Cities near Houston, TX with the most Security Risk Analyst job openings:
Infographic showing various Security Risk Analyst job openings in Houston, TX as of July 2026, with employment types broken down into 1% Locum Tenens, 1% Internship, 86% Full Time, 7% Part Time, 1% Temporary, and 4% Contract. Highlights an 82% Physical, 6% Hybrid, and 12% Remote job distribution, with an average salary of $100,080 per year, or $48.1 per hour.
Principal Cybersecurity Analyst - Risk Mgmt & AI Security

Principal Cybersecurity Analyst - Risk Mgmt & AI Security

MD Anderson

Houston, TX • On-site, Remote

Other

Medical, Dental, Vision, Life, Retirement, PTO

Posted 6 days ago


MD Anderson Cancer Center rating

8.4

Company rating: 8.4 out of 10

Based on 169 frontline employees who took The Breakroom Quiz

27th of 884 rated healthcare providers


Job description

The University of Texas MD Anderson Cancer Center is seeking a highly skilled Principal Cybersecurity Analyst to serve as a technical authority within its Cybersecurity department. The Principal Cybersecurity Analyst plays a critical role in shaping and advancing enterprise-wide governance, risk, and compliance (GRC) programs, with expanded accountability for emerging AI security and governance initiatives. This role operates at a strategic and architectural level while also ensuring operational effectiveness across cybersecurity risk management practices.

The Principal Cybersecurity Analyst contributes directly to safeguarding sensitive data, maintaining regulatory compliance, and strengthening the organization's security posture through innovative, data-driven risk management and governance strategies. The Principal Cybersecurity Analyst serves as a trusted advisor, architect, and leader within the cybersecurity function. The ideal candidate brings advanced education in information systems or cybersecurity, extensive experience leading enterprise risk management or GRC programs, and strong knowledge of frameworks such as NIST, HIPAA, and HITRUST.

Preferred candidates will also have hands-on experience assessing AI/ML risk, strong executive communication skills, and certifications such as CISSP, CISM, or PMP. Minimum $123,000 - Midpoint $154,000 - Maximum $185,000 Work Location: Remote 100% Why Us. At UT MD Anderson, the Principal Cybersecurity Analyst plays an essential role in advancing cybersecurity innovation in a mission-driven healthcare environment.

This position offers the opportunity to shape enterprise risk strategy, influence executive decision-making, and lead emerging AI governance practices, all while supporting an organization dedicated to saving lives. Employees benefit from a collaborative culture, professional development opportunities, and a strong commitment to work-life balance. Employer-paid medical coverage starting day one for employees working 30+ hours/week, plus optional group dental, vision, life, AD&D, and disability insurance.

Accruals for PTO and Extended Illness Bank, plus paid holidays, wellness, childcare, and other leave options. Tuition Assistance Program after six months of service and access to extensive wellness, fitness, and employee resource groups. Defined-benefit pension through the Teachers Retirement System, voluntary retirement plans, and employer-paid life and reduced salary protection programs.

Responsibilities Governance, Risk & Compliance (GRC) Architecture & Risk Management Program Leadership Serve as principal architect and subject matter expert for enterprise GRC and cybersecurity risk programs Define and maintain risk assessment methodologies, control frameworks, and risk scoring models Establish workflows across development, staging, and production environments Develop SOPs, roles, segregation of duties, and change management processes Lead design and execution of enterprise risk management strategies Security & Risk Platform Integration and Automation Architect and maintain integrations across Archer, Tenable, ServiceNow, Microsoft Configuration Manager (SCCM/MECM), and Medigate Design automated workflows consolidating asset, vulnerability, and risk data Enable enterprise-wide risk visibility and reporting through data-driven systems Ensure data quality, reconciliation, and interoperability across platforms and CMDB Regulatory & Compliance Framework Management Apply frameworks including NIST CSF, NIST 800-53, HIPAA, and HITRUST Conduct control mapping, gap assessments, and compliance reporting Advise stakeholders on remediation strategies and regulatory requirements Align institutional policies with regulatory and accreditation standards AI Security & Governance Establish and mature AI security and governance programs Develop AI risk assessment criteria and governance standards Align controls to NIST AI Risk Management Framework and institutional policies Evaluate AI/ML tools and vendors for data protection and compliance risks Partner with data governance, privacy, and legal teams on AI initiatives Strategic Risk Visioning, Assessment & Executive Advisory Develop multi-year roadmaps, milestones, and resource plans Lead enterprise and project-level risk assessments Translate technical findings into executive-level reporting and dashboards Advise leadership on risk posture and investment prioritization Provide technical leadership and mentorship across teams EDUCATION Required: Bachelor's Degree Computer Information Systems, Business Information Systems, Computer Science or related field. Preferred: Master's Degree Information Security, Computer Science or related field WORK EXPERIENCE Required: 7 years In information security and/or cybersecurity experience including multiple security domains, to include two years lead/supervisory experience. May substitute required education degree with additional years of equivalent experience on a one to one basis.

Preferred: At least 7-8 years of progressive cybersecurity experience, hands-on risk management (risk assessment, risk register ownership, control evaluation, or risk quantification), led or owned a security risk management program or framework implementation (e.g., NIST RMF/CSF, ISO 27005, FAIR, or equivalent), direct hands-on experience assessing the security or risk posture of AI/ML systems or GenAI deployments, ability to translate technical risk into business-level language for executive and governance audiences (e.g., briefing a CISO, risk committee, or board), experience using Archer, excellent communication skills, risk management, and cybersecurity framework is a must. LICENSES AND CERTIFICATIONS Preferred: CISSP - Cert IS Security Professional Issued by the International Information Systems Security Certification Consortium ((ISC). Preferred: CISM - Cert Info Security Manager Issued by Information Systems Audit and Control Association (ISACA)

Preferred: PMP - Project Mgt Professional Issued by the Project Management Institute (PMI). Preferred: Other applicable security industry certifications. The University of Texas MD Anderson Cancer Center offers excellent benefits, including medical, dental, paid time off, retirement, tuition benefits, educational opportunities, and individual and team recognition.

This position may be responsible for maintaining the security and integrity of critical infrastructure, as defined in Section 113.001(2) of the Texas Business and Commerce Code and therefore may require routine reviews and screening. The ability to satisfy and maintain all requirements necessary to ensure the continued security and integrity of such infrastructure is a condition of hire and continued employment. It is the policy of The University of Texas MD Anderson Cancer Center to provide equal employment opportunity without regard to race, color, religion, age, national origin, sex, gender, sexual orientation, gender identity/expression, disability, protected veteran status, genetic information, or any other basis protected by institutional policy or by federal, state, or local laws unless such distinction is required by law.http://www.mdanderson.org/about-us/legal-and-policy/legal-statements/eeo-affirmative-action.html Additional Information Requisition ID: 181706 Employment Status: Full-Time Employee Status: Regular Work Week: Days Minimum Salary: US Dollar (USD) 123,000 Midpoint Salary: US Dollar (USD) 154,000 Maximum Salary : US Dollar (USD) 185,000 FLSA: exempt and not eligible for overtime pay Fund Type: Hard Work Location: Remote (within Texas only) Pivotal Position: Yes Referral Bonus Available?: Yes Relocation Assistance Available?: Yes #LI-Remote Apply


What MD Anderson Cancer Center employees say

Pay

Benefits

Hours and flexibility

Workplace

Get the full story on Breakroom