Technical Security Risk & Governance Analyst ( PA Local | Hybrid)

About The Position

Requirements

• Bachelor’s degree in Information Security, Computer Science, Information Systems, or equivalent experience.
• 1–3 years of experience in information security, risk management, audit, or a related technical role.
• Strong knowledge of security frameworks: NIST CSF/800-53, ISO 27001, CIS Controls.
• Experience with risk analysis, control testing, and security documentation.
• Proficiency with Excel, Power BI, and reporting to technical and non-technical audiences.

Nice To Haves

• Security certifications: CISSP, CISM, CRISC, CGRC (CAP), Security+, CCSP/CCSK, or CISA.
• Cloud security experience with AWS, Azure, and/or Google Cloud.
• Knowledge of IAM, network security, logging/SIEM, encryption, and DevOps security practices.

Responsibilities

• Conduct technical security risk assessments for on-prem, cloud (IaaS/PaaS/SaaS), and hybrid systems.
• Perform control design and operating effectiveness testing aligned with NIST CSF/800-53, CIS Controls, and ISO 27001.
• Support Authority to Operate (ATO), continuous monitoring, and security attestations.
• Maintain and update security policies, standards, procedures, and control libraries.
• Coordinate internal and external audits (HIPAA, CJIS, PCI DSS, FERPA, IRS Pub 1075).
• Perform third-party/vendor security reviews and support secure procurement activities.
• Develop dashboards and reports using Excel and Power BI for leadership reporting.
• Provide security guidance during incident response and change advisory reviews.