Job ID: JOB_ID_1899
Role Overview
The Technical Security Risk & Governance Analyst is a pivotal role within the state’s cybersecurity program, responsible for safeguarding enterprise systems, applications, and cloud services. This position focuses on performing comprehensive risk assessments, control testing, and governance activities to ensure that security controls are not only implemented but operating with maximum effectiveness. You will act as a strategic partner to IT teams, business owners, and audit departments, ensuring that all operations align with state policies and major regulatory frameworks such as NIST CSF/800-53, CJIS, IRS Pub 1075, HIPAA, and PCI DSS.
Key Responsibilities
- Risk Assessment & Control Assurance: Conduct deep-dive technical security risk assessments for on-premise, cloud (IaaS/PaaS/SaaS), and hybrid environments. You will be responsible for documenting risks, assessing likelihood and impact, and providing actionable mitigation strategies.
- Compliance & Governance: Maintain and update security policies, standards, and procedures. You will map agency controls to various mandates including CJIS and HIPAA, tracking compliance gaps and leading remediation efforts.
- Vulnerability Management: Establish governance for vulnerability remediation, monitoring patching progress, and managing exceptions. You will also perform third-party security reviews for vendors and cloud providers, evaluating SOC 2 and ISO certifications.
- Metrics & Reporting: Develop high-level dashboards using tools like Power BI to track risk posture and control maturity. You will brief leadership on security trends and priorities through concise, data-driven reports.
- Incident & Change Advisory: Provide risk-informed guidance during incident response and review change requests to ensure security impacts are minimized and rollback plans are robust.
Qualifications and Skills
The ideal candidate possesses a Bachelor’s degree in Information Security or Computer Science and has 1-3 years of experience in a technical risk management or audit role. Proficiency in NIST frameworks and GRC platforms is essential. Highly desired certifications include CISSP, CISM, CRISC, or CISA. Candidates must demonstrate the ability to translate complex technical findings into business risk terms and collaborate effectively across diverse departments including legal and procurement. This role requires a hybrid schedule with two days per week on-site in Harrisburg, PA, and candidates must reside within a two-hour radius of the office.
Special Requirements
Locals only (within 2 hours of Harrisburg, PA). Hybrid schedule (2 days on-site). Video interview. Background check (CJIS/IRS Pub 1075) required.
Compensation & Location
Salary: $115,000 – $155,000 per year (Estimated)
Location: Harrisburg, PA
Recruiter / Company – Contact Information
Recruiter / Employer: Steneral Consulting Inc.
Email: abhishek.kumar@steneral.com
Recruiter Notice:
To remove this job posting, please send an email from
abhishek.kumar@steneral.com with the subject:
DELETE_JOB_ID_1899