Risk Specialist 2 or 3

State of MontanaHelena, MT
Hybrid
Match Resume

About The Position

State Information Technology Services Division is seeking an experienced Risk Specialist to support the centralized cybersecurity organization by executing cybersecurity risk management processes, conducting risk assessments, documenting risk conditions, maintaining risk documentation, evaluating control effectiveness, and helping customers translate technical findings into actionable treatment decisions under established guidance. The position works across a federated state environment to help assess risk, maintain risk records, registers, and reports, support policy and compliance alignment, and provide practical guidance that references statewide standards while considering agency business needs. The role requires strong analytical ability, willingness to learn, and the ability to communicate risk in plain language to technical, operational, and business stakeholders.

Requirements

  • Associate degree in Cybersecurity, Information Technology, Business, Public Administration, or a related field; AND 2 years of experience in cybersecurity risk management, information security, compliance, audit, security assessment, or a closely related field (for Specialist 2)
  • Associate degree in Cybersecurity, Information Technology, Information Assurance, Business, Public Administration, or a related field; AND 4 years of experience in cybersecurity risk management, information security, compliance, audit, security assessment, or a closely related field (for Specialist 3)
  • Experience leading risk assessments, complex control assessments, or audits (for Specialist 3)
  • Knowledge of cybersecurity risk management frameworks and standards, including NIST RMF, NIST SP 800-30, NIST SP 800-37, NIST SP 800-53, NIST CSF 2.0, and their practical application in a state government environment.
  • Knowledge of Information technology (IT) cybersecurity principles and methods such as confidentiality, integrity, availability, authentication, authorization, accountability, encryption, configuration, etc.
  • Knowledge of common cyber threats, vulnerabilities, attack vectors, and how technical issues translate into business, mission, legal, and reputational impact.
  • Knowledge of information technology platforms, including hardware, software, network, data storage, cloud service virtualization, security, end-user platforms, etc.
  • Skill in planning and executing structured risk assessments, including asset identification, threat and vulnerability analysis, likelihood and impact estimation, and residual risk determination.
  • Skill in evaluating the design and effectiveness of security controls and interpreting assessment, audit, and scan results.
  • Skill in leading complex risk assessments, including multisystem and cross agency scenarios, and resolving conflicting stakeholder perspectives.
  • Skill in using GRC platforms, vulnerability management tools, spreadsheets, and ticketing systems to document and track risk work.
  • Ability to communicate risk in plain language, including providing clear explanation of scenarios, likelihood, impact, and treatment options such as avoid, mitigate, transfer, or accept.
  • Ability to exercise independent, expert judgment in ambiguous and high impact situations, including advising on risk acceptance when standards and precedents are limited.
  • Ability to identify control gaps, inconsistencies, and emerging issues in complex technical, procedural, and architectural documentation.
  • Ability to mentor, coach, and provide informal leadership to team members in risk techniques, documentation standards, and stakeholder communication.
  • Ability to operate effectively in a federated state environment, balancing centralized standards with agency autonomy and relationship management.
  • Successful completion of a criminal background check.
  • Employment eligibility verification via E-Verify.

Nice To Haves

  • Bachelor's degree in Cybersecurity, Information Technology, Information Assurance, Business, Public Administration, or a related field
  • Advanced cybersecurity certifications such as CRISC, CISA, CISM, CISSP, etc.

Responsibilities

  • Executing cybersecurity risk management processes
  • Conducting risk assessments
  • Documenting risk conditions
  • Maintaining risk documentation
  • Evaluating control effectiveness
  • Helping customers translate technical findings into actionable treatment decisions under established guidance
  • Assessing risk across a federated state environment
  • Maintaining risk records, registers, and reports
  • Supporting policy and compliance alignment
  • Providing practical guidance that references statewide standards while considering agency business needs

Benefits

  • Work/life Balance
  • Health Coverage
  • Retirement plans
  • Paid Vacation and Sick Leave and Holidays
  • Public Service Loan Forgiveness (PSLF)

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume

What This Job Offers

Job Type

Full-time

Career Level

Mid Level

Education Level

Associate degree

Job Search Resources

Similar Risk Specialist 2 or 3 job opportunities

Risk Specialist
State of Montana
State of Montana • Helena, MT3d • Hybrid
Corrections ARDC Specialist
State of Louisiana
State of Louisiana • St. Gabriel, LA5d • Onsite
Environmental Health Specialist
Georgia Department of Public Health
Georgia Department of Public Health • Monroe County, GA5d • Onsite
Corrections Support Specialist
State of Louisiana
State of Louisiana • Natchitoches, LA4d • Onsite
Network Engineer
Berkshire Hathaway Energy
Berkshire Hathaway Energy • Des Moines, IA9d
🔥 New JobFinancial Consultant
NW Natural
NW Natural • Happy Valley, OR1d • $98,450 - $157,100 • Onsite

Tools

Templates & Examples

Resources

Comparisons

Company

Over 4 Million Users
Free AI tools and resources to help you land your next job, faster
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service