ZipRecruiter

Log In

1

Security Risk Analyst Jobs (NOW HIRING)

Northwest Community Bank

RISK ANALYST

Canton, CT · On-site

... security risk, and model risk. * Track, manage, monitor, and report on risk issues and corrective ... Analyze and report Key Risk Indicators (KRIs) and Risk Appetite Statement (RAS) metrics. * Prepare ...

Northwest Community Bank

RISK ANALYST

Canton, CT · On-site

... security risk, and model risk. * Track, manage, monitor, and report on risk issues and corrective ... Analyze and report Key Risk Indicators (KRIs) and Risk Appetite Statement (RAS) metrics. * Prepare ...

next page

Showing results 1-20

All JobsSecurity Risk Analyst Jobs

Security Risk Analyst information

See salary details

$10

$50

$69

How much do security risk analyst jobs pay per hour?

As of Jun 26, 2026, the average hourly pay for security risk analyst in the United States is $50.41, according to ZipRecruiter salary data. Most workers in this role earn between $40.87 and $60.10 per hour, depending on experience, location, and employer.

Can I make $200,000 a year in cyber security?

Security Risk Analysts and other cybersecurity professionals can potentially earn $200,000 or more annually, especially with advanced skills, certifications like CISSP, and experience in high-demand areas such as threat intelligence or security architecture. Achieving this level often requires several years of experience, specialized knowledge, and working in senior or managerial roles within organizations or consulting firms.

What does a Security Risk Analyst do?

A Security Risk Analyst is responsible for identifying, assessing, and mitigating risks to an organization's information systems and data. They analyze security measures, conduct vulnerability assessments, and recommend strategies to protect against threats such as cyberattacks, data breaches, and unauthorized access. Their work helps ensure that a company's digital assets remain safe and compliant with industry regulations. Security Risk Analysts collaborate with IT teams and management to implement effective security policies and respond to incidents as needed.

What are the key skills and qualifications needed to thrive as a Security Risk Analyst, and why are they important?

To thrive as a Security Risk Analyst, you need a strong background in risk assessment, information security principles, and analytical thinking, often supported by a degree in cybersecurity, IT, or a related field. Familiarity with risk management frameworks (such as NIST or ISO 27001), security assessment tools, and certifications like CISSP or CISM is highly valuable. Excellent communication, attention to detail, and problem-solving abilities help you translate complex risks for varied stakeholders and drive mitigation strategies. These skills and qualities are crucial for identifying vulnerabilities, minimizing threats, and maintaining organizational security and compliance.

What are some common challenges Security Risk Analysts face when collaborating with other departments?

Security Risk Analysts often work closely with IT, compliance, and business units to assess and mitigate risks. A common challenge is bridging the gap between technical security requirements and business objectives, as not all stakeholders may have a cybersecurity background. Effective communication and education are key to ensuring that risk recommendations are understood and adopted. Additionally, prioritizing risks with limited resources and balancing security with operational needs can be complex, requiring strong collaboration and negotiation skills.

Can you make $500,000 a year in cyber security?

Security Risk Analysts typically earn salaries below $200,000 annually, but senior roles such as Chief Information Security Officers or cybersecurity executives can reach or exceed $500,000 with extensive experience, certifications, and leadership responsibilities. Achieving this level often requires advanced skills, industry certifications like CISSP, and years of experience in high-level security management.

Is SOC an entry level job?

A Security Operations Center (SOC) analyst role is typically not entry-level and usually requires some experience in cybersecurity, network monitoring, or related fields. Entry-level positions may be labeled as SOC analyst I or junior SOC analyst, but higher-level roles often demand certifications like CompTIA Security+ or CISSP and familiarity with security tools such as SIEM systems.

What is the difference between Security Risk Analyst vs Security Analyst?

AspectSecurity Risk AnalystSecurity Analyst
CertificationsCompTIA Security+, CISSP, CISACompTIA Security+, CISSP, CEH
Work EnvironmentRisk assessment, vulnerability analysis, policy developmentMonitoring security systems, incident response, security audits
Employer & Industry UsageFinancial, healthcare, government sectors focusing on risk mitigationIT departments across various industries focusing on security operations

While both roles focus on cybersecurity, Security Risk Analysts primarily assess and manage potential security threats and vulnerabilities, emphasizing risk mitigation strategies. Security Analysts tend to monitor security systems, respond to incidents, and ensure ongoing security measures. Both roles often require similar certifications and work environments but differ in their core responsibilities within cybersecurity teams.

What is a security risk analyst?

A security risk analyst is a professional who identifies, assesses, and mitigates security threats to an organization’s information systems. They analyze vulnerabilities, develop security strategies, and often use tools like risk assessment frameworks and security software to protect data and infrastructure.
More about Security Risk Analyst jobs
What cities are hiring for Security Risk Analyst jobs? Cities with the most Security Risk Analyst job openings:
Who are the top companies hiring for Security Risk Analyst jobs? The top employers for Security Risk Analyst jobs are:
What states have the most Security Risk Analyst jobs? States with the most job openings for Security Risk Analyst jobs include:
What job categories do people searching Security Risk Analyst jobs look for? The top searched job categories for Security Risk Analyst jobs are:
What are popular job titles related to Security Risk Analyst jobs? For Security Risk Analyst jobs, the most frequently searched job titles are:
Security Risk Analyst jobs near you
Infographic showing various Security Risk Analyst job openings in the United States as of June 2026, with employment types broken down into 1% As Needed, 97% Full Time, 1% Part Time, and 1% Contract. Highlights an 94% Physical, 2% Hybrid, and 4% Remote job distribution, with an average salary of $104,848 per year, or $50.4 per hour.
Senior IT Security Risk Analyst

Senior IT Security Risk Analyst

Amerisure Mutual Insurance Company

Farmington Hills, MI • On-site

Other

Medical, Retirement, PTO

Posted 15 days ago

Job description

Amerisure creates exceptional value for its partners, policyholders, and employees. As a property and casualty insurance company, Amerisure's promise to our partner agencies and policyholders begins with a comprehensive line of insurance products designed to protect businesses, as well as the health and safety of every employee. With an A.M. Best "A" (Excellent) rating, Amerisure serves mid-sized commercial enterprises focused in construction, manufacturing and healthcare. Ranked as one of the top 100 Property & Casualty companies in the United States, we proudly manage nearly $1 Billion of Direct Written Premium and maintain $1.21 billion in surplus.
Amerisure is currently recruiting for a Senior IT Security Risk Analyst that can do a 3-day hybrid approach onsite in our Farmington Hills office. The ideal candidate will also possess the following skill set.
Summary Statement
The Senior IT Security Risk Analyst is responsible for leading the organization's cybersecurity governance, risk, and compliance initiatives. This role drives the design, implementation, and continuous improvement of the IT risk program, ensuring alignment with regulatory requirements (e.g., New York State Department of Financial Services, NIST CSF) and business objectives.
Essential Tasks/Major Duties
  • Perform security risk assessments of third-party vendors including AI and mobile application reviews.
  • Lead the review, update, and communication of cybersecurity policies, standards, and procedures to ensure alignment with global frameworks (e.g., NIST CSF, NYDFS, NIS2, PCI DSS).
  • Lead and maintain the IT Risk Register including metrics which provides leadership an overall view of IT risk.
  • Perform risk assessments of IT risks.
  • Map regulations to policies and controls.
  • Create risk and compliance metrics for management and compliance purposes.
  • Perform control testing and validation to ensure proper control effectiveness.
  • Support IT audits and controls around Model Audit Rule (MAR).
  • Monitor threat intelligence to determine potential impact to environment and remediation urgency.
  • Support vulnerability management program, daily security operations and identity tasks as needed.
  • Be a key advisor to leadership, translating cybersecurity risk into business impact and enabling informed decision-making.
Knowledge, Skills & Abilities
  • Bachelor's degree or equivalent combination of education and experience.
  • 5 years cybersecurity experience.
  • Advanced Cyber Risk Management domain specific professional certification required: Certified Information Systems Security Professional (CISSP); Certified Information Security Manager (CISM); Certified in Risk and Information Systems Control (CRISC); Certified Cloud Security Professional (CCSP); AWS Certified Security.
  • 2 years experience performing IT security control testing.
  • Experience reviewing SOC 2 Type 1 and Type 2 reports to articulate potential security risk.
  • Expertise in conducting third-party cyber risk assessments.
  • Proficient in NIST security domain frameworks and architectures.
  • Experience in Logicgate or another GRC tool.
  • Experience using AI driven tools to enhance automation and operational efficiency.
  • Ability to quickly diagnose security control problems and propose/implement solutions.
  • Clear and concise articulation of risk to both technical peers and non-technical stakeholders.
  • Partner with IT teams, developers, and business leaders to support security initiatives, and mentor and develop members of the security team.
  • Analyze data and security trends to anticipate and assess potential threats.
  • Stay current with regulations, evolving threats, technologies, and security protocols.

#LI-BR1
Just as we are committed to creating exceptional value for our Partners For Success® agencies and policyholders, Amerisure also remains committed to being an employer of choice. We reinforce this commitment by adhering to an Employee Value Proposition that, in part, is provided through a competitive total rewards package. This package includes competitive base pay, performance-based incentive pay, comprehensive health and welfare benefits, a 401(k) savings plan with profit sharing, and generous paid time off programs. We also offer flexible work arrangements to promote work-life balance. Recognized as one of the Best and Brightest® Companies to Work For in the Nation and one of Business Insurance magazine's Best Places to Work in Insurance, we provide a workplace that fosters excellence and professional growth. If you are looking for a collaborative and rewarding career, Amerisure is looking for you.
Amerisure Mutual Insurance Company is an Equal Employment Opportunity employer. Amerisure provides equal employment opportunities to all employees and applicants without regard to race, color, religion, sex (to include sexual orientation and gender identity), national origin, age, disability, genetic information, veteran status, or any other protected characteristic under applicable federal, state, or local laws. Amerisure complies with all applicable laws governing nondiscrimination in employment in all locations where the company operates. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training. Amerisure prohibits harassment or discrimination of any kind and is committed to maintaining a workplace free from unlawful harassment or discrimination. Amerisure prohibits retaliation against anyone who reports discrimination, participates in an investigation, or opposes unlawful practices. Any improper interference with an employee's ability to perform their job duties may result in disciplinary action, up to and including termination.

Apply