Technical Security Risk & Governance Analyst ( PA Local | Hybrid)

Posted 2026-05-06
Remote, USA Full-time Immediate Start

About the position

The Commonwealth of Pennsylvania is seeking a Technical Security Risk & Governance Analyst to support its enterprise cybersecurity program. This role focuses on performing security risk assessments, control testing, governance, and compliance activities across on-premises and cloud environments. The analyst will collaborate with IT, audit, and business stakeholders to ensure security controls align with state policies and industry frameworks.

    Responsibilities
  • Conduct technical security risk assessments for on-prem, cloud (IaaS/PaaS/SaaS), and hybrid systems.
  • Perform control design and operating effectiveness testing aligned with NIST CSF/800-53, CIS Controls, and ISO 27001.
  • Support Authority to Operate (ATO), continuous monitoring, and security attestations.
  • Maintain and update security policies, standards, procedures, and control libraries.
  • Coordinate internal and external audits (HIPAA, CJIS, PCI DSS, FERPA, IRS Pub 1075).
  • Perform third-party/vendor security reviews and support secure procurement activities.
  • Develop dashboards and reports using Excel and Power BI for leadership reporting.
  • Provide security guidance during incident response and change advisory reviews.
    Requirements
  • Bachelor’s degree in Information Security, Computer Science, Information Systems, or equivalent experience.
  • 1–3 years of experience in information security, risk management, audit, or a related technical role.
  • Strong knowledge of security frameworks: NIST CSF/800-53, ISO 27001, CIS Controls.
  • Experience with risk analysis, control testing, and security documentation.
  • Proficiency with Excel, Power BI, and reporting to technical and non-technical audiences.
    Nice-to-haves
  • Security certifications: CISSP, CISM, CRISC, CGRC (CAP), Security+, CCSP/CCSK, or CISA.
  • Cloud security experience with AWS, Azure, and/or Google Cloud.
  • Knowledge of IAM, network security, logging/SIEM, encryption, and DevOps security practices.
Apply Now

Similar Jobs

Recent Jobs

Manager, Governance, Risk & Compliance (GRC)
Manager, IT Governance, Risk & Compliance (Remote - West Coast)
Procurement Contract Compliance Specialist
U.S. Federal Government Contracts Specialist at SnappyCX
Government Contract Specialist (Entry Level, Remote)
Cybersecurity Governance, Risk and Compliance Manager
Senior Compliance Risk Analyst - Governance & Oversight
Governance, Risk, and Compliance Manager
Science Project Manager & Grant Writer (Part-Time / Flexible)
Graphic Designer - Homebuilding Industry

You May Also Like

Experienced Part-Time Remote Data Entry Specialist – E-Commerce Product Information Management (Flexible Work From Home Opportunity)
**Experienced Entry-Level Data Entry Specialist – Remote Opportunity at arenaflex**
**Experienced Customer Service Representative – Retail and Customer Experience Expert**
**Experienced Online Chat Specialist – Customer Service Representative (Entry Level) at arenaflex**
Director, Sourcing
**Experienced Customer Support Specialist – Pet Care and E-commerce Expert (Remote)**
Insurance_Policy Administration_Senior Process Associate _Dutch_Remote EMEA!
Online Market Research Coordinator
**Experienced Chat Support Specialist – Online Community Engagement and Content Promotion for arenaflex**
**Experienced Data Entry Specialist – Remote Data Management and Operations**
Back to Job Board