Technical Security Risk & Governance Analyst

Tri-Force Consulting Services, Inc.Swatara Township, PA
15hHybrid
Match Resume

About The Position

The Technical Security Risk & Governance Analyst supports the state’s cybersecurity program by performing risk assessments,control testing, and governance activities across enterprise systems,applications, networks, and cloud services. This role partners with IT,business owners, and audit teams to ensure security controls are designed,implemented, and operating effectively in alignment with state policy, NIST CSF/800-53, and other regulatory frameworks (e.g., CJIS, IRS Pub 1075, HIPAA, PCI DSS). The Analyst develops pragmatic recommendations, tracks remediation,and produces metrics for leadership and regulatory reporting.

Requirements

  • Bachelor’s degree in Information Security,Computer Science, Information Systems, or related field; OR equivalent experience.
  • 1–3 years in information security, risk management, audit, or related technical role.
  • Security frameworks and regulations: NIST CSF/800‑53, CIS Controls, ISO 27001; familiarity with CJIS, IRS Pub 1075,HIPAA, FERPA, PCI DSS, and state policy.
  • Core security domains: identity and access management (IAM), network security, endpoint security, vulnerability management, logging/SIEM, encryption/PKI, secure DevOps.
  • Cloud security concepts (shared responsibility, CSPM, workload protection, KMS/CMKs, conditional access, zero trust).
  • Technical assessment and control testing;ability to validate configurations and interpret scan results
  • Risk analysis and documentation; creating practical risk treatment plans and exceptions with compensating controls.
  • Using GRC platforms; building workflows, control libraries, and risk registers.
  • Data analysis and dashboarding (Excel/Power BI),concise report writing, and presentation to executives.
  • Translate technical findings into business risk terms and prioritized actions.
  • Collaborate across IT, operations, legal,procurement, and program areas; influence without authority.
  • Handle multiple assessments and deadlines;maintain confidentiality and sound judgment.
  • Continuous learning and adapting to new threats,technologies, and mandates.
  • Background check per state policy; may require CJIS/IRS Pub 1075 clearance depending on data systems.
  • Occasional travel to agency sites or data centers.
  • Participation in after‑hours change windows or incident support as needed.
  • Hybrid/telework eligibility per agency policy.

Nice To Haves

  • CISSP, CISM, CRISC, CGRC (CAP), Security+, CCSK/CCSP,CISA
  • Vendor/cloud certs (AWS/Azure/GCP security specialty) are a plus.

Responsibilities

  • Risk Assessment & Control Assurance
  • Conduct technical security risk assessments for on‑prem, cloud (IaaS/PaaS/SaaS), and hybrid solutions; document risks,likelihood/impact, and recommended mitigations.
  • Perform control design/operating‑effectiveness testing against NIST CSF/800‑53, CIS Controls, ISO/IEC 27001, and agency security standards.
  • Support Authority to Operate (ATO) processes,security attestations, and continuous monitoring.
  • Facilitate threat modeling and security architecture reviews; advise on secure patterns (network segmentation, IAM,least privilege, encryption, logging).
  • Governance& Compliance
  • Maintain security policies, standards,procedures, and control libraries; align updates with legislative or regulatory changes.
  • Map agency controls to relevant mandates (e.g.,CJIS, IRS 1075, HIPAA, FERPA, PCI DSS, state statutes/policies) and track compliance gaps.
  • Coordinate internal/external audits; lead evidence collection, responses, and remediation plans.
  • Administer or contribute to GRC tooling for issues, exceptions, and risk registers.
  • Vulnerability& Third‑Party Risk:
  • Establish governance for vulnerability management (SLAs, exception management, risk acceptance); monitor patching and remediation progress.
  • Perform vendor/security reviews (SaaS, MSPs,cloud providers), evaluate SOC 2/ISO certifications, and negotiate security clauses with procurement/legal.
  • Review data protection, encryption, and privacy risks in new procurement and major system changes.
  • Metrics,Reporting & Communication:
  • Develop and maintain dashboards and performance indicators (risk posture, control maturity, vulnerability closure rates); brief leadership on trends and priorities.
  • Produce clear, actionable reports for technical teams and non‑technical stakeholders.
  • Promote security awareness and targeted training(e.g., secure configuration, privacy by design, third‑party onboarding).
  • Incident& Change Advisory Support:
  • Provide risk-informed guidance during incident response (root cause, control gaps, corrective actions).
  • Review change requests for security impacts;ensure appropriate testing, logging, and rollback plans.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume

What This Job Offers

Job Type

Full-time

Career Level

Entry Level

Job Search Resources

Similar Technical Security Risk & Governance Analyst job opportunities

🔥 New JobTechnical Security Risk & Governance Analyst
LingaTech
LingaTech • Harrisburg, PA1d • Hybrid
🔥 New JobTechnical Security Risk & Governance Analyst
Novalink Solutions LLC
Novalink Solutions LLC • Middle Paxton Township, PA1d • Hybrid
Security Governance, Risk & Compliance Analyst
ORION
ORION • Lehi, UT13d • $87,448 - $133,873 • Hybrid
Security Governance, Risk & Compliance Analyst
Orion
Orion • Lehi, UT11d • $87,448 - $133,873 • Hybrid
🔥 New JobTechnical Specialist-Information Security Governance, Risk & Compliance
CECONY
CECONY • New York, NY2h
Governance, Risk, and Compliance Analyst
Open Dealer Exchange
Open Dealer Exchange • Southfield, MI8d • Hybrid
Explore More Jobs

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service