ETS Risk Analyst II
Johnston, RI · Hybrid
Description ETS Risk Analyst II - Monitoring and Testing Role Overview The Enterprise Technology & Security (ETS) Risk Analyst II plays a critical role in the identification, assessment, and ...
Johnston, RI · Hybrid
Description ETS Risk Analyst II - Monitoring and Testing Role Overview The Enterprise Technology & Security (ETS) Risk Analyst II plays a critical role in the identification, assessment, and ...
Johnston, RI · Hybrid
Description ETS Risk Analyst II - Monitoring and Testing Role Overview The Enterprise Technology & Security (ETS) Risk Analyst II plays a critical role in the identification, assessment, and ...
Minneapolis, MN · On-site
$120K - $130K/yr
As an Information Security Staff Risk Analyst at Deluxe, you will be instrumental in maintaining our high standards of security and compliance, in particular with our cyber resilience and ...
Minneapolis, MN · On-site
$120K - $130K/yr
As an Information Security Staff Risk Analyst at Deluxe, you will be instrumental in maintaining our high standards of security and compliance, in particular with our cyber resilience and ...
Atlanta, GA · On-site
$120K - $130K/yr
As an Information Security Staff Risk Analyst at Deluxe, you will be instrumental in maintaining our high standards of security and compliance, in particular with our cyber resilience and ...
Atlanta, GA · On-site
$120K - $130K/yr
As an Information Security Staff Risk Analyst at Deluxe, you will be instrumental in maintaining our high standards of security and compliance, in particular with our cyber resilience and ...
Atlanta, GA · On-site
$120K - $130K/yr
As an Information Security Staff Risk Analyst at Deluxe, you will be instrumental in maintaining our high standards of security and compliance, in particular with our cyber resilience and ...
Atlanta, GA · On-site
$120K - $130K/yr
As an Information Security Staff Risk Analyst at Deluxe, you will be instrumental in maintaining our high standards of security and compliance, in particular with our cyber resilience and ...
Arlington, VA · On-site
Physical Security Risk & Compliance Analyst (TS/SCI #26-127) Job Code:26-127 Location:Arlington, VA FT/PT Status:Full Time Required Clearance:Top Secret w/ CI Poly Salary Range:$170k-$185k The ...
New
Arlington, VA · On-site
Physical Security Risk & Compliance Analyst (TS/SCI #26-127) Job Code:26-127 Location:Arlington, VA FT/PT Status:Full Time Required Clearance:Top Secret w/ CI Poly Salary Range:$170k-$185k The ...
New
Arlington, VA · On-site
SAP Security Risk & Compliance Analyst (TS/SCI #26-126) Job Code:26-126 Location:Arlington, VA FT/PT Status:Full Time Required Clearance:Top Secret w/ CI Poly Salary Range:$170k-$185k The SAP ...
New
Arlington, VA · On-site
SAP Security Risk & Compliance Analyst (TS/SCI #26-126) Job Code:26-126 Location:Arlington, VA FT/PT Status:Full Time Required Clearance:Top Secret w/ CI Poly Salary Range:$170k-$185k The SAP ...
New
Information Security Risk Assessment Sr. Analyst Location: San Jose or Remote Job Summary: Key Responsibilities: • Conduct security risk assessments to identify, score and document potential risks ...
Information Security Risk Assessment Sr. Analyst Location: San Jose or Remote Job Summary: Key Responsibilities: • Conduct security risk assessments to identify, score and document potential risks ...
Title: Information Security Risk Analyst Location: Oklahoma City, OK Type: Full-time Salary: DOE Requirement: Under senior staff supervision, assist in information security policy development ...
Title: Information Security Risk Analyst Location: Oklahoma City, OK Type: Full-time Salary: DOE Requirement: Under senior staff supervision, assist in information security policy development ...
Title: Information Security Risk Analyst Location: Oklahoma City, OK Type: Full-time Salary: DOE Requirement: Under senior staff supervision, assist in information security policy development ...
Title: Information Security Risk Analyst Location: Oklahoma City, OK Type: Full-time Salary: DOE Requirement: Under senior staff supervision, assist in information security policy development ...
Bachelor's degree or equivalent practical experience in risk management, compliance, analytics, information security risk, or a related field. * Demonstrated experience in third-party risk management ...
Bachelor's degree or equivalent practical experience in risk management, compliance, analytics, information security risk, or a related field. * Demonstrated experience in third-party risk management ...
Malvern, PA · On-site
Additionally, the Cyber Risk Analyst will help track enterprise security risk by monitoring risk metrics, maintaining risk registers, and providing regular updates to leadership, enabling informed ...
Malvern, PA · On-site
Additionally, the Cyber Risk Analyst will help track enterprise security risk by monitoring risk metrics, maintaining risk registers, and providing regular updates to leadership, enabling informed ...
Solid understanding of security principles, including security controls, threat modeling, vulnerability management, and incident risk analysis. * Excellent written, verbal, and facilitation skills ...
Solid understanding of security principles, including security controls, threat modeling, vulnerability management, and incident risk analysis. * Excellent written, verbal, and facilitation skills ...
Pittsburgh, PA · On-site
Solid understanding of security principles, including security controls, threat modeling, vulnerability management, and incident risk analysis. * Excellent written, verbal, and facilitation skills ...
Pittsburgh, PA · On-site
Solid understanding of security principles, including security controls, threat modeling, vulnerability management, and incident risk analysis. * Excellent written, verbal, and facilitation skills ...
Chicago, IL · On-site
$85K - $95K/yr
Governance & Risk Analyst in the Enterprise will... The GRC Analyst will support the organization ... Review vendor security questionnaires, supporting evidence, and contractual artifacts to assess ...
Chicago, IL · On-site
$85K - $95K/yr
Governance & Risk Analyst in the Enterprise will... The GRC Analyst will support the organization ... Review vendor security questionnaires, supporting evidence, and contractual artifacts to assess ...
Los Angeles, CA · On-site
The Third-Party Risk Analyst I is a member of the IT/Technology Security Team responsible for conducting technical security assessments of the firm's third-party vendors, with a focus on SaaS ...
Los Angeles, CA · On-site
The Third-Party Risk Analyst I is a member of the IT/Technology Security Team responsible for conducting technical security assessments of the firm's third-party vendors, with a focus on SaaS ...
Risk Analyst / Risk Manager Position Type: Full-Time, Remote Working Hours: U.S. client business ... compliance, IT, security, legal, and executive leadership teams. Responsibilities Risk ...
Risk Analyst / Risk Manager Position Type: Full-Time, Remote Working Hours: U.S. client business ... compliance, IT, security, legal, and executive leadership teams. Responsibilities Risk ...
New York, NY · On-site
$100K - $175K/yr
Utilize advanced data analysis techniques and fraud detection tools to identify anomalies and potential security threats. * Create and maintain risk assessment models to evaluate the financial and ...
Quick apply
New York, NY · On-site
$100K - $175K/yr
Utilize advanced data analysis techniques and fraud detection tools to identify anomalies and potential security threats. * Create and maintain risk assessment models to evaluate the financial and ...
New York, NY · On-site +1
$100K - $175K/yr
Utilize advanced data analysis techniques and fraud detection tools to identify anomalies and potential security threats. * Create and maintain risk assessment models to evaluate the financial and ...
New York, NY · On-site +1
$100K - $175K/yr
Utilize advanced data analysis techniques and fraud detection tools to identify anomalies and potential security threats. * Create and maintain risk assessment models to evaluate the financial and ...
This role ensures proactive identification, analysis, prioritization, and remediation of technical ... Additionally, theCyberRiskAnalystwill help track enterprise security risk by monitoring risk ...
This role ensures proactive identification, analysis, prioritization, and remediation of technical ... Additionally, theCyberRiskAnalystwill help track enterprise security risk by monitoring risk ...
The answer is you - an information security risk specialist who can help turn complex vulnerability ... As a Vulnerability Exception and Deferral Analyst on our Enterprise IT and Cyber Risk team, you'll ...
The answer is you - an information security risk specialist who can help turn complex vulnerability ... As a Vulnerability Exception and Deferral Analyst on our Enterprise IT and Cyber Risk team, you'll ...
$10.34 - $15.76
2% of jobs
$15.76 - $21.18
0% of jobs
$21.18 - $26.60
1% of jobs
$26.60 - $32.01
1% of jobs
$32.01 - $37.43
1% of jobs
$41.50 is the 25th percentile. Wages below this are outliers.
$37.43 - $42.85
26% of jobs
$42.85 - $48.27
11% of jobs
The median wage is $50.21 / hr.
$48.27 - $53.69
22% of jobs
$53.69 - $59.11
9% of jobs
$59.54 is the 75th percentile. Wages above this are outliers.
$59.11 - $64.53
17% of jobs
$64.53 - $69.95
9% of jobs
$10
$50
$69
| Aspect | Security Risk Analyst | Security Analyst |
|---|---|---|
| Certifications | CompTIA Security+, CISSP, CISA | CompTIA Security+, CISSP, CEH |
| Work Environment | Risk assessment, vulnerability analysis, policy development | Monitoring security systems, incident response, security audits |
| Employer & Industry Usage | Financial, healthcare, government sectors focusing on risk mitigation | IT departments across various industries focusing on security operations |
While both roles focus on cybersecurity, Security Risk Analysts primarily assess and manage potential security threats and vulnerabilities, emphasizing risk mitigation strategies. Security Analysts tend to monitor security systems, respond to incidents, and ensure ongoing security measures. Both roles often require similar certifications and work environments but differ in their core responsibilities within cybersecurity teams.

Description
ETS Risk Analyst II - Monitoring and Testing
Role Overview
The Enterprise Technology & Security (ETS) Risk Analyst II plays a critical role in the identification, assessment, and mitigation of technology and security related risks across the organization. Working within a first-line risk team, this role partners directly with Risk Managers to execute control monitoring and testing that aligns with the bank's risk appetite framework, regulatory expectations, and industry standards including Cybersecurity Risk Institute (CRI) Profile, NIST 800-53, and NIST Cybersecurity Framework. You will independently assess control effectiveness, monitor key risk indicators, and analyze results to identify trends, control gaps, and areas for improvement. This role requires strong professional judgment, high quality documentation, and timely communication to support a resilient control environment and informed risk decisions. This is an excellent opportunity for an early-career risk professional looking to build foundational expertise in technology and security risk within a growing regulated financial institution.
Responsibilities
Partner with Risk Managers to execute the control monitoring and testing program across multiple complex technology and cybersecurity processes.
Independently perform control design and operating effectiveness testing in accordance with established methodologies and timelines.
Assess material controls and determine whether enhanced controls are effective to support issue validation and closure.
Document testing results clearly and accurately in the system of record and supporting tools, producing audit ready documentation suitable for QA, Internal Audit, and Regulatory review.
Support the analysis of monitoring and testing results to identify themes, trends, root causes, and emerging issues.
Escalate control deficiencies, emerging risks, and potential delays in a timely and professional manner.
Support issue management activities, including testing to validate remediation and support issue closureÂ
Participate in Risk and Control Self Assessments (RCSAs), including creation and validation of process maps that reflect key processes, risks, and controlsÂ
Maintain awareness of emerging risks and evolving technologies (e.g., artificial intelligence, automation, and data driven processes) and assess their impact on control design, effectiveness, and monitoring approaches.
Contribute to the continuous monitoring program by leveraging automated testing, key control metrics, and trend analysis to improve risk insight and control coverage.
Identify, evaluate, and prioritize opportunities to enhance control testing through automation, data analytics, and improved key control metrics, partnering with stakeholders to support implementation.
Build effective working relationships with business and technology stakeholders to stay informed of process changes and emerging risks.
Develop understanding of internal policies, infrastructure processes, and evolving industry risk trends.
Proactively pursue ongoing professional development, including relevant certifications, industry training, etc. to maintain current knowledge in a rapidly evolving field.
Experience & Skills
Required:
3-5 years of experience in IT, information security, risk management, or internal audit.
Foundational understanding of technology risk concepts, control frameworks (NIST 800-53, NIST CSF, CRI Profile, COBIT, or ITIL), and risk management lifecycle.
Familiarity with GRC platforms (e.g., Archer) and IT service management tools (e.g., ServiceNow, Jira).
Ability to analyze and interpret data from security and operational monitoring tools.
Strong written and verbal communication skills, with the ability to translate technical risk findings into clear documentation.
Demonstrated ability to manage multiple priorities in a fast-paced environment with attention to detail.
Proficiency in Microsoft Office Suite (Excel, Word, PowerPoint).
Preferred:
Experience in a regulated financial services or banking environment.
Familiarity with cloud environments (AWS, Azure) or infrastructure risk concepts.
Exposure to audit response, regulatory exam support, or corrective action tracking.
Education
Bachelor's degree in Information Technology, Cybersecurity, Business, or a related field required.
AWS Cloud Practitioner or Microsoft Azure Fundamentals
CISA (Certified Information Systems Auditor)
CRISC (Certified in Risk and Information Systems Control)
Hours & Work Schedule
Some job boards have started using jobseeker-reported data to estimate salary ranges for roles. If you apply and qualify for this role, a recruiter will discuss accurate pay guidance.
Equal Employment Opportunity
Citizens, its parent, subsidiaries, and related companies (Citizens) provide equal employment and advancement opportunities to all colleagues and applicants for employment without regard to age, ancestry, color, citizenship, physical or mental disability, perceived disability or history or record of a disability, ethnicity, gender, gender identity or expression, genetic information, genetic characteristic, marital or domestic partner status, victim of domestic violence, family status/parenthood, medical condition, military or veteran status, national origin, pregnancy/childbirth/lactation, colleague's or a dependent's reproductive health decision making, race, religion, sex, sexual orientation, or any other category protected by federal, state and/or local laws. At Citizens, we are committed to fostering an inclusive culture that enables all colleagues to bring their best selves to work every day and everyone is expected to be treated with respect and professionalism. Employment decisions are based solely on merit, qualifications, performance and capability.
Education:Why Work for UsEmployment Type: 1ST