Security Risk Analyst
$72k - $120kCollege Board
Job Description External Posting Role Title – Security Risk Analyst College Board – Risk Management Location: This is a remote role. Candidates who live near CB offices have the option of being fully remote or hybrid (Tuesday and Wednesday in office). All CB employees are required to occasionally travel to meet in person for business purposes. Role Type: This is a full-time position About the Team The Information Security Governance Risk and Compliance (ISGRC) team at the College Board works closely with other teams across the organization to assess and certify the security of College Board’s information systems and processes. This dedicated team facilitates information security governance and compliance by assessing College Board’s vendors, reviewing and negotiating contractual commitments to information security, planning for disaster response and recovery, testing system strength using industry-recognized frameworks (ISO 27001, PCI-DSS and SOC2) and obtaining related compliance certifications, implementing information security policies, promoting security awareness and training, and testing the acumen of College Board employees through robust and innovative training and phishing campaigns. About the Opportunity As a Security Risk Analyst, you will have the critical role of being responsible for evaluating and managing exceptions to IT security policies, for managing the Organization’s Risk and Control Issues Register (Risk Register), and for developing reports and metrics. Your strong technical communication and negotiation skills will help you build relationships and collaborate with diverse stakeholders and reduce risk to the organization and ensure compliance. Under the direction of management, you will manage the Risk Register and perform security policy exceptions to help the College Board understand its critical risks. In this role you will: Manage the Risk Register (20%) Leads the management of the issues and risks and quickly escalates any untimely completion of audit actions. Works independently to communicate risks and works with others to problem-solve risks to tolerance levels based on data and evidence. Maintains data quality of Risk Register and executes any required data clean-up exercises. Understands College Board work to be able to drive Risk or Control Owners to ensure consistent application of policies and standards. Raises awareness about Risk & Control Issues, Policy exceptions, and available risk reduction options. Fosters a culture of risk awareness and compliance within the technology department and across the organization. Manage Policy Exceptions (65%) Independently analyzes policy exception submissions and provides risk assessment reports for critical service lines, applications, and infrastructure hosted on-prem and in the cloud. Evaluates and manage exceptions to IT security policies. Manages materials for the Exception Review Board and presents exception information to executive leadership and senior team members. Maintains an up-to-date knowledge and understanding of IT security policies and principles. Maintains a customer-focused attitude in all interactions with customers and colleagues. Support Vendor Risk Management (10%) Support the Vendor Risk Management program by understanding policies and procedures. Perform New Vendor Risk Assessments and Reassessments. Serve as backup to the Sr. Risk Analyst. Manage Metrics and Reporting (5%) Provides weekly and monthly reporting for the Risk Register and policy exceptions. Produces trending metrics and escalate exceptions. Performs other duties as assigned. About You To qualify for this role you must have 5-7 years of experience managing or supporting IT Security Risk and Control Risk Register and processing policy exceptions. Strong understanding of risk management techniques such as risk identification, risk scoring, risk mitigation, and risk tracking. Proven ability to lead conversations balancing risk and multiple business needs that result in positive outcomes with multiple stakeholders. The capacity to assess risk information and make risk recommendations independently. Strong organization and prioritization skills and the proven ability to manage multiple tasks simultaneously, both independently and as a member of the team. Excellent verbal and written communication skills. Experience with governance, risk, and compliance tools (e.g., OneTrust) preferred. Experience with information security and privacy frameworks such as ISO 27001, COBIT, NIST-CSF, NIST 800-53, GDPR etc. Current Information Security Certification (e.g., CISSP, CRISC, CISM, CISA, or related security certification) preferred or the ability to attain one within 6 months of hire. Bachelor’s degree in computer science, cybersecurity, engineering, IT management or four years equivalent IT and security industry experience. Vendor Risk Management policies and procedures. Bachelor’s degree required. The ability to travel 2-4 times a year to College Board offices or on behalf of College Board business. All roles at College Board require: A passion for expanding educational and career opportunities and mission-driven work Curiosity and enthusiasm for emerging technologies, with a willingness to experiment with and adopt new AI-driven solutions and comfort with learning and applying new digital tools independently and proactively. Clear and concise communication skills, written and verbal A learner's mindset and a commitment to growth: welcoming diverse perspectives, giving and receiving timely, respectful feedback, and continuously improving through iterative learning and user input. A drive for impact and excellence: solving complex problems, making data-informed decisions, prioritizing what matters most, and continuously improving through learning, user input, and external benchmarking. A collaborative and empathetic approach: working across differences, fostering trust, and contributing to a culture of shared success Authorization to work in the United States About Our Process Application review will begin immediately and will continue until the position is filled. This role is expected to accept applications for a minimum of 5 business days. While the hiring process may vary, it generally includes: resume and application submission, recruiter phone/video screen, hiring manager interview, performance exercise such as live coding, a panel interview, a conversation with leadership and reference checks. What We Offer At College Board, we offer more than a paycheck- we provide a meaningful career, a supportive team, and a comprehensive package designed to help you thrive. We’re a self-sustaining nonprofit that believes in fair and competitive compensation grounded in your qualifications, experience, impact, and the market. A Thoughtful Approach to Compensation The hiring range for this role is $72,000–$120,000. Your exact salary will depend on your location, experience, and how your background compares to others in similar roles at the College Board. We aim to make our best offer upfront, rooted in fairness, transparency, and market data. We adjust salaries by location to ensure fairness, no matter where you live. You’ll have open, transparent conversations about compensation, benefits, and what it’s like to work at College Board throughout your hiring process. Check out our careers page for more. #LI- MD1 #LI- remote College Board reaches more than 7 million students a year, helping them navigate the path from high school to college and career. We’re a mission-driven, not-for-profit membership organization dedicated to excellence in education. Founded 125 years ago, we are committed to clearing a path for all students to own their future. We pioneered programs like the SAT® and AP® to expand opportunities for students and help them develop the skills they need. Our BigFuture® program helps students plan for college, pay for college, and explore careers. Learn more at cb.org. Clearing a path for all students to own their future. At College Board, our work is guided by four Operating Principles, and we seek team members who not only align with these principles but actively live them out in their day-to-day work. Prioritize and Simplify – We focus on what matters most, reduce complexity, and move quickly when needed. Say and Receive – We give and receive feedback candidly and kindly, welcoming growth and healthy debate. Go for Greatness – We pursue excellence using data, iteration, and bold thinking to raise the bar. Lead as One College Board – We build a culture of trust, inclusion, and shared responsibility for long-term impact. In addition to a competitive salary and benefits, we offer: Annual bonuses and opportunities for merit-based raises and promotions A mission-driven workplace where your impact matters A team that invests in your development and success Learn more about College Board’s Operating Principles, Our Remote-first Workplace Policy, Benefits, Recruiting Process and More. College Board is proud to be an equal opportunity employer. We’re committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, or Veteran status.
- ...Purpose Plan and perform compliance and risk assessment activities for information systems... ...culture. This position requires a security clearance which requires U.S. Citizenship... ...Certified Practitioner). CompTIA Cybersecurity Analyst+ (CySA+). Work Environment Fast paced,...SuggestedFor contractorsWork experience placementSecond jobWork at officeLocal area
- ...Global Security Risk and Threat Analyst The Global Security Risk and Threat Analyst monitors, responds to, and maintains the security systems used to protect company property and coworkers. This includes access control and intrusion detection, closed‑circuit surveillance...SuggestedWork at officeFlexible hoursShift workWeekend work
- ...A leading consulting firm located in Cary, North Carolina seeks an IT Business Analyst with over a year of experience. Key responsibilities include running monthly security reports, establishing reporting schedules, and contributing to security vendor relationships. The...SuggestedWork at office
- ...The Threat and Risk Analyst is responsible for researching and analyzing data from various sources to reduce threats and criminal risks to the institution. Configures and audits police and security technology applications and systems. Produces reports, identifies trends...SuggestedFull timeLocal areaRelocation packageLong distance
- ...Applicants must have a minimum of one year of specialized experience equivalent to GS-12. Responsibilities include interpreting IT security policies, conducting vulnerability assessments, and coordinating technical solutions with various stakeholders. Candidates should...SuggestedWork at office
$100k - $120k
...Sr. Information Security Risk Analyst Contract | Hybrid (Mon–Thu on-site / Fri remote) | Downtown Kansas City, MO Targeted compensation: $100,000–$120,000 Applicants must have legal authority to work in the United States. Visa sponsorship is not available for this role...Contract workRemote workShift work$69.23k - $149k
...As part of UMB's Corporate Information Security and Privacy (CISP) team, the mission is to identify threats, vulnerabilities, and risks and to help protect the people, information... ...organization. As the Sr. Information Security Risk Analyst, you will participate in activities...Work experience placementLocal areaRemote workFlexible hours$80 - $85 per hour
...Title: Senior Security Risk Management Analyst Job Type: Contract (W2 Only) Contract Length: 6 months Pay Range: $80-85/hr Start Date: ASAP Location: Remote About the Opportunity Our client, a leader in cybersecurity and cloud data management, is looking for a skilled...Contract workFor contractorsImmediate startRemote work- ...Work, we're proud to partner with some of the most admired Fortune 500 brands in the world. Job Title: Senior Security Risk Management Analyst Duration: 06 months with possible extension Location: Remote Pay range: $80/hr - $90/hr on W2 Job...Contract workRemote work
- ...Centreville Bank is seeking a Vendor Management Analyst in Warwick, Rhode Island. This role supports the Third-Party Risk Management (TPRM) program by evaluating vendor risks, reviewing contracts, and maintaining documentation for compliance. Candidates should have a Bachelor...
$130k - $160k
...Role Overview As a Security Risk and Compliance Analyst you will play a hands‑on role in maturing and operating the company’s compliance and certification programme—specifically across controls maturity, policy governance, and audit execution. This role sits at the intersection...InternshipWork at officeLocal areaWork from homeWorldwide- ARMADA, Ltd. is seeking a Physical Security Analyst in Washington, DC, to provide expert support for physical security policy development and risk management at a military service headquarters level. The role involves collaborating with stakeholders to protect personnel...Full timeWork at office
- ...all else, fun and friendly working environments. Information Security Analyst The Information Security Analyst supports the Banks cybersecurity... ...(BCP) including the establishment and validation of policies, risk assessment and procedures to restore business critical...
- Flr Federal Solutions, LLC is looking for an IT Security Operations Analyst responsible for conducting comprehensive application risk assessments with a focus on third-party risk analysis. The analyst will evaluate the security posture of vendors and ensure compliance with...
- Insight Global is looking for an IT Risk Analyst in Nashville, TN. The successful candidate will conduct application risk assessments, support... ...risk evaluations, and assist in incident responses related to security issues. Candidates should have a Bachelor’s degree, 1-3 years...
- Industrial Security / Risk / Analyst SME IV - Hybrid Location: Washington D.C. Area BluePath Labs is a fast-growing research and consulting company committed to solving complex problems for federal, state, and local government clients. We offer a range of professional,...Work at officeLocal areaFlexible hours
- A security solutions provider in Texas is seeking a Cyber Security Analyst to implement security measures protecting client information systems. The ideal candidate will lead security policy development, conduct risk assessments, and support incident responses. A Bachelor...
- Hyperproof is seeking a Security Analyst to manage and support vendor connectivity tools. This role will serve as the primary contact for stakeholders to ensure vendor access is effectively documented and monitored, aligning with the company’s security practices. The ideal...
$91.7k - $163.7k
A global care organization is seeking an Insider Senior Cybersecurity Analyst responsible for detecting insider-driven risks. The role includes monitoring user activity, performing investigations, and collaborating with cross-functional teams. Candidates should possess...Remote job$75k - $85k
Systems Planning & Analysis is seeking a Risk Assessment Specialist to provide support to the Department of Homeland Security in Washington, DC. The position involves advanced analytical work on countering weapons of mass destruction, including tasks related to modeling...- ...Identity Access Management Analyst The Identity Access Management (IAM) Analyst is responsible... ...access is granted and maintained in a secure and compliant manner. Responsibilities... ...maintaining security. Communicate security risks and mitigation strategies to business stakeholders...
- ...Rutgers University is seeking an Information Security Risk Analyst to facilitate and evaluate internal and third-party information security risk assessments. You will provide remediation recommendations and maintain a formal risk register while collaborating with campus...
$100k - $120k
BRMi is actively seeking a skilled Security Analyst to bolster cybersecurity operations and compliance within NIH environments. This professional will collaborate with technical teams and stakeholders to ensure system integrity and data confidentiality. The ideal candidate...$106k - $152k
...business. Relocation is not offered for this position. Position Summary FM is seeking a Senior Information Security Analyst with deep expertise in Third‑Party Risk Management (TPRM). You will play a critical role in protecting FM by assessing how external vendors, SaaS...Work experience placementWork at officeRelocationFlexible hours1 day per week- ...Ping Identity is looking for an Information Security Analyst to enhance its Information Security Management System. This role involves developing security policies, assessing compliance, and engaging in customer security assessments, all while collaborating with internal...
- ...TriCom Technical Services is seeking an Information Security Risk Analyst in Kansas City, MO. The ideal candidate will have over 5 years of experience in information security, driving critical data security initiatives while advising on risk treatment and compliance frameworks...
- ...outsourced IT services from our District Funding Bank to deliver secure, reliable, and efficient operations. As a smaller, agile... ...Summary AgTrust is seeking an Information Security & Technology Risk Analyst to help strengthen the organization's cybersecurity and technology...
- Aqua seeks a GRC Security Analyst II to ensure the security and integrity of information systems. Responsibilities include risk assessments, developing remediation plans, and ensuring compliance with best practices. The ideal candidate will have a Bachelor’s degree in...
- We are seeking a proactive, curious and hands‑on Information Security Risk Analyst to join our global Business Information Security Officers (BISO) team. This role is ideal for someone early in their security career who enjoys a varied workload, thrives in a fast‑paced...Work at officeRelocationVisa sponsorship
$70k - $100.1k
Seko Worldwide LLC is hiring for a Cybersecurity role located in Schaumburg, IL, focusing on security monitoring, vulnerability management, and compliance. This position involves working with SIEM tools and requires a Bachelor’s degree in Cybersecurity or a related field...Part timeWork at officeWorldwide
Do you want to receive more vacancies?
Subscribe and receive similar vacancies to Security Risk Analyst. Be the first to apply!
- physical security analyst United States
- security analyst remote United States
- information security compliance analyst United States
- cloud security analyst United States
- rate analyst United States
- senior information security analyst United States
- entry level information security analyst United States
- security analyst intern United States
- security analyst United States
- security operations analyst United States

