Ready to help us transform healthcare Bring your true colors to blue.
Job Summary: The Security Risk Analyst supports the organization's cybersecurity program by identifying, analyzing, and tracking technology and business risks. This role plays a key part in enabling risk-informed decisions, ensuring that cybersecurity threats are assessed and mitigated in alignment with internal policies and regulatory frameworks.
This role is eligible for our Flex Persona. For candidates local to our Boston, MA and Hingham MA offices.
What We Need:
Blue Cross Blue Shield of Massachusetts (BCBSMA) is looking for a Security Risk Analyst to join the Cybersecurity Governance and Assurance Team. The Security Risk Analyst supports the organization's Cybersecurity program by assisting in maintaining its information security and compliance posture. This involves:
Supporting governance, risk management, and control assurance activities.
Enabling risk-informed decisions under the direction of senior security professionals
Ensuring that cybersecurity threats are assessed and mitigated in accordance with internal policies and regulatory frameworks.
Your Day to Day:
Cyber Risk Assessments: Conduct risk assessments on applications, systems, business processes, and third parties using structured methodologies (e.g., NIST 800-30, FAIR).
Risk Register Maintenance: Document and track identified risks, vulnerabilities, and findings in the security risk register with appropriate severity and ownership.
Threat and Vulnerability Correlation: Collaborate with threat intelligence and vulnerability management teams to map technical exposures to business risks.
Risk Scoring and Reporting: Use qualitative and quantitative risk models to assess likelihood and impact; support risk dashboards and executive summaries.
Residual Risk Analysis: Work with system and control owners to evaluate control gaps, proposed mitigation plans, and residual risk acceptances.
Business Impact Analysis (BIA) Support: Contribute to BIAs by identifying cybersecurity risks affecting mission-critical business functions and services.
Security Consultation: Participate in project and change review processes to identify and advise on emerging risks before go-live (e.g., cloud migrations, new vendors).
Policy & Framework Mapping: Assist in mapping identified risks to NIST CSF, HIPAA, ISO 27001, and other frameworks to ensure controls are adequate.
Support for Internal/External Audits: Provide risk documentation and evidence in support of internal audit and external compliance obligations (e.g., SOC 2, HITRUST).
Risk Review Coordination: Facilitate recurring risk review meetings with IT, business units, and security leadership to track and update mitigation efforts.
We're Looking for:
Education: Bachelors in Cybersecurity, Information Systems, or Risk Management.
Experience: 2-5 years in cybersecurity, risk analysis, or compliance
Certifications: CRISC, CISA, or Security+ preferred
Tools Knowledge: Archer, LogicGate, ServiceNow GRC, RiskRecon, Splunk, Tenable, Excel/Power BI
What You Bring:
Detailed-oriented with strong sense of accountability
Eagerness to learn information security and governance practices
Ability to analyze complex data, identify patterns, and assess risks.
Ability to communicate (written & verbal) and collaborate with various business partners to manage enterprise security risks.
What You'll Gain:
In-depth knowledge of security governance frameworks, risk management methodologies, and regulatory compliance requirements.
Minimum Education Requirements:
High school degree or equivalent required unless otherwise noted above
LocationHinghamTime TypeFull time
Salary Range: $86,310.00 - $105,490.00
The job posting range is the lowest to highest salary we in good faith believe we would pay for this role at the time of this posting. We may ultimately pay more or less than the posted range, and the range may be modified in the future. An employee's pay position within the salary range will be based on several factors including, but limited to, relevant education, qualifications, certifications, experience, skills, performance, shift, travel requirements, sales or revenue-based metrics, and business or organizational needs and affordability.
This job is also eligible for variable pay.
We offer comprehensive package of benefits including paid time off, medical/dental/vision insurance, 401(k), and a suite of well-being benefits to eligible employees.
Note: No amount of pay is considered to be wages or compensation until such amount is earned, vested, and determinable. The amount and availability of any bonus, commission, or any other form of compensation that are allocable to a particular employee remains in the Company's sole discretion unless and until paid and may be modified at the Company's sole discretion, consistent with the law.
WHY Blue Cross Blue Shield of MA
We understand that the confidence gap (https://www.theatlantic.com/magazine/archive/2014/05/the-confidence-gap/359815/) and imposter syndrome (https://www.braintreepayments.com/blog/overcoming-imposter-syndrome/) can prevent amazing candidates coming our way, so please don't hesitate to apply. We'd love to hear from you. You might be just what we need for this role or possibly another one at Blue Cross Blue Shield of MA. The more voices we have represented and amplified in our business, the more we will all thrive, contribute, and be brilliant. We encourage you to bring us your true colors, , your perspectives, and your experiences. It's in our differences that we will remain relentless in our pursuit to transform healthcare for ALL.
As an employer, we are committed to investing in your development and providing the necessary resources to enable your success. Learn how we are dedicated to creating an inclusive and rewarding workplace that promotes excellence and provides opportunities for employees to forge their unique career path by visiting our Company Culture (https://careers.bluecrossma.org/us/en/culturepage) page. If this sounds like something you'd like to be a part of, we'd love to hear from you. You can also join our Talent Community (https://careers.bluecrossma.org/us/en/jointalentcommunityapplyType=JTC) to stay "in the know" on all things Blue.
At Blue Cross Blue Shield of Massachusetts, we believe in wellness and that work/life balance is a key part of associate wellbeing. For more information on how we work and support that work/life balance visit our "How We Work (https://careers.bluecrossma.org/us/en/how-we-work) " Page.
Voted as the highest in member satisfaction among Massachusetts commercial health plans by JD Power , Blue Cross Blue Shield of Massachusetts is a community-focused, tax-paying, not-for-profit health plan headquartered in Boston. We have been a market leader for over 75 years, and are consistently ranked among the nation's best health plans. Our daily efforts are dedicated to effectively serving our 2.8 million members, and consistently offering security, stability, and peace of mind to both our members and associates.
Our Commitment to You
We are committed to investing in your development and providing the necessary resources to enable your success. We are dedicated to creating a refreshing and rewarding workplace that promotes excellence and provides opportunities for employees to forge their unique career path. We take pride in our diverse, community-centric, wellness-focused culture and believe every member of our team deserves to enjoy a positive work-life balance.
Blue Cross Blue Shield of Massachusetts is an Equal Employment Employer - veterans/disability. Applicants are considered for all positions without regard to race, color, religion, sex, national origin, age, veteran status, disability, sexual orientation, gender identity or expression, or any other characteristics protected by law.
Blue Cross Blue Shield of Massachusetts will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with Blue Cross Blue Shield of Massachusetts's legal duty to furnish information.
