ZipRecruiter

Log In

1

Security Risk Management Jobs in Massachusetts (NOW HIRING)

Thinkbrg

IT Risk and Compliance Analyst

Boston, MA · On-site

$90K - $115K/yr

The IT Risk and Compliance Analyst position is a highly visible, client facing role which works ... This role will also help coordinate and maintain the firm's Information Security Management Program ...

Jj

Lead Product Security Engineer

Danvers, MA · Hybrid

Experience with security risk management techniques and tactics. * Experience working in a regulated environment, FDA-regulated preferred. * Demonstrated organizational skills, attention to detail ...

Watermark Risk Management International

We're intimately familiar with DOD security programs and mission requirements. ⭐ OUR CORE VALUES ... Advise customer on Risk Management Framework (RMF) assessment and authorization issues * Perform ...

next page

Showing results 1-20

All JobsSecurity Risk Management JobsSecurity Risk Management Jobs in Massachusetts

Security Risk Management information

See Massachusetts salary details

$11

$55

$76

How much do security risk management jobs pay per hour?

As of Jun 30, 2026, the average hourly pay for security risk management in Massachusetts is $55.05, according to ZipRecruiter salary data. Most workers in this role earn between $44.62 and $65.62 per hour, depending on experience, location, and employer.

What are the typical challenges faced by professionals in Security Risk Management, and how can they be addressed?

Professionals in Security Risk Management often encounter challenges such as rapidly evolving threats, balancing security with business operations, and ensuring organization-wide compliance with regulations. Staying current with the latest risk trends and fostering cross-department collaboration are key strategies for overcoming these obstacles. Additionally, clear communication of risks to non-technical stakeholders and ongoing training are essential for building a proactive security culture and effective risk mitigation.

Can I make $200,000 a year in cyber security?

Security Risk Management professionals can potentially earn $200,000 or more annually, especially with extensive experience, advanced certifications like CISSP or CISM, and roles in high-demand industries or senior leadership positions. Salary levels vary based on location, company size, and individual expertise, but high-level cybersecurity roles often offer compensation in this range.

Can you make $500,000 a year in cyber security?

Security Risk Management professionals can potentially earn $500,000 or more annually, especially at senior levels, in leadership roles, or within large organizations. Achieving this income typically requires extensive experience, advanced certifications like CISSP or CISM, and expertise in high-demand areas such as threat intelligence or security architecture.

Is security risk management a good career?

Security risk management is a viable career that involves identifying, assessing, and mitigating security threats to organizations. It often requires certifications such as CISSP or CISM and skills in risk analysis, security policies, and incident response. The field offers opportunities across various industries with increasing demand for cybersecurity expertise.

What is Security Risk Management?

Security Risk Management is the process of identifying, assessing, and mitigating risks to an organization's information, assets, and operations. It involves evaluating potential threats and vulnerabilities, determining their potential impact, and implementing strategies to minimize or control these risks. The goal is to protect the organization from security breaches, data loss, and other threats while ensuring compliance with legal and regulatory requirements. Security Risk Management is essential for maintaining business continuity and safeguarding reputation.

What are the key skills and qualifications needed to thrive in Security Risk Management, and why are they important?

To excel in Security Risk Management, you need a solid understanding of risk assessment frameworks, cybersecurity principles, and compliance standards, often supported by a degree in information security or related fields. Familiarity with risk management tools, security incident response systems, and certifications such as CISSP or CISM is typically required. Strong analytical thinking, communication, and decision-making skills help professionals navigate complex threats and collaborate across departments. These competencies are crucial for effectively identifying, mitigating, and communicating risks to protect organizational assets and ensure regulatory compliance.

What is the difference between Security Risk Management vs Security Analyst?

AspectSecurity Risk ManagementSecurity Analyst
CertificationsCRISC, CISSP, CISMCompTIA Security+, CISSP, CEH
Work EnvironmentStrategic, policy-focused, risk assessmentOperational, monitoring, incident response
Employer & Industry UsageOrganizations managing enterprise security risksSecurity teams, cybersecurity firms, IT departments

Security Risk Management focuses on identifying, assessing, and mitigating security risks at an organizational level, often involving policy development and strategic planning. In contrast, Security Analysts primarily monitor security systems, analyze threats, and respond to incidents. Both roles are essential but differ in scope and responsibilities within the cybersecurity field.

Is SOC 1 entry level?

SOC 1 (Service Organization Control 1) reports are audit reports used to evaluate internal controls at a service organization and are not job roles. In the context of security risk management, entry-level positions typically require foundational knowledge of security principles, certifications like CompTIA Security+ or CISSP, and experience with risk assessment tools, but SOC 1 itself is not an entry-level role.
What are popular job titles related to Security Risk Management jobs in Massachusetts? For Security Risk Management jobs in Massachusetts, the most frequently searched job titles are:
What job categories do people searching Security Risk Management jobs in Massachusetts look for? The top searched job categories for Security Risk Management jobs in Massachusetts are:
Security Risk Management jobs near you
Infographic showing various Security Risk Management job openings in Massachusetts as of June 2026, with employment types broken down into 90% Full Time, 7% Part Time, 1% Temporary, and 2% Contract. Highlights an 93% Physical, 3% Hybrid, and 4% Remote job distribution, with an average salary of $114,507 per year, or $55.1 per hour.
Technology Risk and Governance

Technology Risk and Governance

Arrowstreet Capital LP

Boston, MA • On-site

$110K - $315K/yr

Full-time

Posted 20 days ago

Job description

Job Overview
The position reports to the Chief Information Security Officer and leads the enterprise-wide technology risk and governance program. This role establishes the risk framework, policies, and governance needed to identify, assess, and mitigate risk across IT services, platforms, and third parties.
Partnering with senior leadership across Technology, Cyber Security, Compliance, Legal, and business, the role translates complex technical and control issues into clear business risk narratives (operational, regulatory, reputational, and financial) and drives risk-based prioritization of remediation.
The position owns the technology risk policy suite and associated standards and oversees the technological aspects of the third-party risk program, including vendor onboarding due diligence and ongoing monitoring in partnership with Compliance and procurement stakeholders.
This role is a key contributor to enterprise risk management, partnering with the Chief Compliance Officer and risk owners to ensure technology risks are identified, documented, reported, and addressed through effective controls, risk acceptance, and continuous improvement. It also evaluates and implements tools and reporting to increase risk visibility and strengthen governance.
Responsibilities
  • Own the enterprise technology risk framework and governance model, aligned to the organization's enterprise risk framework.
  • Provide advisory support for material technology decisions (new systems, products, vendors, and significant changes), translating technical and control issues into business impact.
  • Establish clear governance and reporting for senior management and committees on material IT, cyber, third-party, and emerging technology risks, including key risk indicators and metrics.
  • Design and continuously improve technology risk assessment and control evaluation processes, including remediation tracking and governance for risk acceptance, waivers, and exceptions.
  • Lead and mature AI risk governance in partnership with IT, Security, Compliance, and the business.
  • Support enterprise data governance initiatives (classification, retention, and handling) in collaboration with Technology and business stakeholders.
  • Own the technology risk policy suite and standards, ensuring they are implemented, reviewed regularly, and supported through training and awareness.
  • Oversee technology aspects of third-party risk, including onboarding due diligence, review of assurance (e.g., SOC reports), remediation tracking, and ongoing monitoring in partnership with Compliance and procurement stakeholders.
  • Partner with Cyber Security to ensure threat, vulnerability, patch, and incident risk governance aligns to the current threat landscape and control expectations.
  • Drive operational resilience for technology services, including business continuity planning, crisis/incident governance, root-cause analysis, and lessons learned.
  • Support client, regulator, and internal audit engagements related to technology risk, including responses to inquiries and evidence of control design and effectiveness.

Qualifications
  • Experience leading technology risk, IT risk, cyber/operational risk, or technology governance in a regulated environment.
  • Demonstrated ability to design and implement risk frameworks and governance processes, including assessment, prioritization, remediation tracking, and risk acceptance.
  • Broad technical knowledge across enterprise IT (infrastructure, applications, identity and access management, cloud/SaaS, and data governance) and how controls mitigate risk.
  • Strong stakeholder management skills with a track record of influencing senior leaders and driving outcomes across Technology, Compliance, Legal, and Internal Audit.
  • Excellent written, verbal, and presentation skills; able to communicate complex technical risk issues clearly to executives and governance committees.
  • Experience in developing and defining enterprise risk level appetite, tolerance thresholds, and escalation criteria.
  • Ability to challenge control owners constructively and drive accountability and remediation.

Preferred
  • Familiarity with industry regulations and standards (SOX, PCI, DORA) and technical frameworks (e.g., NIST, ISO 27001) and attack frameworks (e.g., MITRE ATT&CK or similar).
  • Experience interacting directly with regulators, auditors, and board risk committees.
  • Understanding of secure software development and application security risks

The base salary range for this position is $110,000 - $315,000 per year.
Arrowstreet Capital operates a robust talent acquisition program, and we also seek to compensate and reward our employees competitively within our industry and in line with our merit-based culture. Our approach to total compensation includes base salaries and annual discretionary bonuses, as well as a robust benefits package. The determination of a successful candidate's base salary placement within the listed range will vary based on the candidate's relevant experience and qualifications (which may also include relevant certifications, credentials and other education), the job responsibilities and scope, the commensurate resulting level of the position and other relevant factors. The listed range is also an estimate, and additional information regarding base salary and other elements of total compensation offered by Arrowstreet Capital to successful applicants will be communicated during the recruitment process.
Arrowstreet Capital is a Boston-based systematic investment firm that manages global equity portfolios for institutional investors around the world.
All qualified applicants will receive consideration for employment without regard to sex, race, color, religion, national origin, ancestry, genetic information, age, pregnancy, medical condition, disability, veteran or military status, marital status or any other characteristic protected by federal, state, or local law.
Arrowstreet Capital is committed to working with and providing reasonable accommodations for qualified individuals with disabilities and disabled veterans. If you need a reasonable accommodation for any part of the employment process due to a disability, contact us to discuss the nature of your request and contact information.

Apply