Information security auditor

The information security risk analyst salary guide

December 12, 2022 by Greg Belding

Information has become our society’s lifeblood as the world has primarily shifted to the digital sphere. What comes with this is a heightened need to secure information to protect the private, sensitive, and critical data that the world relies upon to function. Information risk has become a central focus of information security. Information security analysts help secure information and are understandably in great need. The question remains what salary can information risk analysts expect? 

We’ll explore the average salary for an information risk analyst, also known as a cybersecurity risk analyst. We will detail IT risk analyst salary averages and the salary outlook, explain what the education/certification and skills expectations are at different experience levels of this job and give tips to set you up for success in finding an information risk analyst position.

How much do information security risk analysts make on average?

On average, information risk security analysts expect to make $112,398 in the United States annually. For perspective, the average salary for all jobs in the United States is $53,490. The average salary for an information risk analyst is more than double the national average. This healthy salary reflects how vital information security risk analysts are in today’s world.

What is the salary outlook for information risk analysts?

The salary outlook for information risk analysts is strong, and the numbers tell the tale. Recent salary trend data from US News and World Report reveals that year over year, the average salary growth for information risk analysts is 3.2%. On top of this, the projected job growth for information risk analysts is equally strong it is projected that from 2021 to 2031, the number of information risk analyst job positions will jump by a whopping 35%.  

What is the pay trajectory like for information security risk analysts?

Based upon the 3.2% annual growth statistic for the average information security risk analyst salary, we can project how much the average salary will be for years to come. Assuming that the 3.2% growth rate stays the same, below is what we can expect this average salary to be for the next 15 years:

Chart of security rish analyst salary

As you can see, assuming a 3.2% growth rate, by 2027, a cybersecurity risk analyst salary would be $130,383. By 2037 the salary will rise to $166,353. 

Entry-level information risk analyst

Education and certifications

Entry-level information risk analysts are expected to have a bachelor’s degree in computer science, information security or a related field. Some hiring organizations may not specifically require a bachelor’s degree; however, these are in the minority.  

Concerning certifications, there are not many options available for entry-level information risk analysts because most certifications require at least two years of paid cumulative work as an information risk analyst. One certification can be earned at the entry-level job experience Certified in Cybersecurity, or CC, offered by ISC2. The entry-level information security analyst salary will likely increase with experience and education. 

Hard skills

  • Information infrastructure
  • Databases
  • Information systems
  • Servers
  • Information security

Soft skills

  • Analytical thinking
  • Communication 
  • Problem-solving
  • Creativity
  • Detail-oriented

Mid-Level information risk analysts

Education and certifications

For mid-level information risk analysts, if you have not earned a bachelor’s degree in computer science, information security or a related field now would be the time to do so. For those that want to verify their education, even more, earning a master’s degree in one of the fields listed above would be a good idea, but it is not required.

Regarding certifications, mid-level information risk analysts have many more options than those at the entry level due to their years working in a paid position in this job. Below are the certifications that mid-level information risk analysts should consider:

  • Certified Information Systems Security Professional (CISSP)
  • Certified in the Governance of Enterprise IT (CGEIT)
  • Certified Information Systems Auditor (CISA)

Hard skills

  • Data management
  • Implementing information security controls
  • Conducting security assessments
  • Disaster recovery policies and procedures

Soft skills

  • Communicating the results of security assessments to non-technical C-suite personnel

Senior information risk analysts

Education and certifications

Becoming a senior information risk analyst is the pinnacle of the information risk analyst career.  While earning a master’s degree in computer science, information security or a related field is not required, it would put the proverbial cherry on top of a productive, successful career.  

If you have earned the certifications referenced in the experience levels above, a nice finishing certification to earn a Certified Information Systems Manager, or CISM, certification. It would highlight both your information system knowledge and skills, polish up that resume, and acknowledge the time you invested in this job role.

Please note that hard and soft skills are still important for the senior information risk analyst; chances are you would have already accumulated these skills if not perfected by this point.

Top paying locations for information security risk analysts

Chart of top paying locations for information security risk analysts

Get ahead of the job hunting competition

The best thing you can do to get ahead of the job hunting competition is to make sure you are searching for the right job title and applying for the job at organizations actively hiring for this role. Use the tips below to start your job hunt on the right footing.

Related job roles to search while job hunting

Information risk analyst is a job that can have different titles as this specific title is not universal across the information security sphere. As such, you may have to tweak your job title search terms to ensure you cover your bases. Below are the other job titles that information risk analyst may go by:

  • Information security risk analyst
  • Security manager
  • Information security lead
  • Cyber risk analyst
  • IT risk & security specialist
  • Risk manager
  • Information security officer
  • CISO
  • Security architect

Top companies hiring cybersecurity risk analysts right now

  • Dyson
  • PayPal
  • Bank of America
  • Discover
  • Grant Thronton
  • Accenture
  • General Electric
  • Edward Jones

Companies are eager to secure their information and hire cybersecurity risk analysts with the right skills. This is a wonderful time to enter the field and enjoy the lucrative rewards of this fulfilling career.


Posted: December 12, 2022
Greg Belding
View Profile

Greg is a Veteran IT Professional working in the Healthcare field. He enjoys Information Security, creating Information Defensive Strategy, and writing – both as a Cybersecurity Blogger as well as for fun.