Technical Security Risk & Governance Analyst

Harrisburg, PA - USA

Monthly Salary: Not Disclosed

Posted on: 30+ days ago

Vacancies: 1 Vacancy

Job Summary

Location: Harrisburg PA
Position Type: Hybrid
Hybrid Schedule: 2 days onsite a week
Contract Length: Long-term with annual extensions

Position Overview:
The Technical Security Risk & Governance Analyst supports enterprise cybersecurity initiatives by conducting risk assessments control testing and governance activities to ensure security controls are effectively implemented and aligned with established regulatory and industry frameworks. This role collaborates across technical and business teams to strengthen security posture drive compliance manage risk remediation and provide actionable reporting to leadership.

Duties:

Conduct technical security risk assessments across on-premises cloud (IaaS/PaaS/SaaS) and hybrid environments documenting risks impact likelihood and mitigation strategies.
Perform control design and operating-effectiveness testing aligned with frameworks such as NIST CSF/800-53 CIS Controls and ISO/IEC 27001.
Support Authority to Operate (ATO) activities security attestations and continuous monitoring efforts.
Facilitate threat modeling and security architecture reviews providing guidance on secure design practices including network segmentation IAM least privilege encryption and logging.
Maintain and update security policies standards procedures and control libraries to align with evolving regulatory and legislative requirements.
Map organizational controls to regulatory mandates and track compliance gaps through remediation planning and follow-up activities.
Coordinate internal and external audits including evidence collection response preparation and remediation tracking.
Administer and maintain Governance Risk and Compliance (GRC) tools to manage risks exceptions and issue tracking.
Establish governance processes for vulnerability management including SLA tracking exception handling and remediation oversight.
Conduct third-party and vendor security assessments review SOC 2 and ISO certifications and support security requirements in procurement and contracts.
Evaluate data protection encryption and privacy risks associated with new technologies procurements and system changes.
Develop dashboards metrics and performance indicators to report on risk posture control maturity and vulnerability remediation progress.
Produce clear actionable reports and communicate security risks effectively to both technical and non-technical stakeholders.
Promote security awareness and provide targeted training related to secure configuration privacy practices and third-party onboarding.
Provide risk-based guidance during incident response activities including root cause analysis and corrective action recommendations.
Review change requests to assess security impact and ensure appropriate testing monitoring and rollback procedures are in place.
Collaborate with cross-functional teams to translate technical findings into business risk and prioritized remediation actions.
Support governance reporting policy lifecycle management and continuous improvement of security and compliance processes.

Required Skills:

3 years of experience in information security risk management audit or a related technical role.
Knowledge of security frameworks and standards including NIST CSF/800-53 CIS Controls ISO 27001 and applicable organizational policies.
Experience conducting technical assessments and control testing with proven ability to validate configurations and interpret vulnerability or security scan results.
Experience performing data analysis and dashboard development using tools such as Excel or Power BI along with strong report writing and presentation skills for senior leadership audiences.
Experience using Governance Risk and Compliance (GRC) platforms to build workflows maintain control libraries and manage risk registers.
Experience performing risk analysis and documentation including developing practical risk treatment plans and managing exceptions with compensating controls.

Preferred Skills:

Industry certifications such as CISSP CISM CRISC CGRC (CAP) Security CCSK/CCSP or CISA.
AWS or Azure cloud security certifications.

Required Experience:

Senior IC

Location: Harrisburg PAPosition Type: HybridHybrid Schedule: 2 days onsite a weekContract Length: Long-term with annual extensionsPosition Overview:The Technical Security Risk & Governance Analyst supports enterprise cybersecurity initiatives by conducting risk assessments control testing and govern...

Conduct technical security risk assessments across on-premises cloud (IaaS/PaaS/SaaS) and hybrid environments documenting risks impact likelihood and mitigation strategies.
Perform control design and operating-effectiveness testing aligned with frameworks such as NIST CSF/800-53 CIS Controls and ISO/IEC 27001.
Support Authority to Operate (ATO) activities security attestations and continuous monitoring efforts.
Facilitate threat modeling and security architecture reviews providing guidance on secure design practices including network segmentation IAM least privilege encryption and logging.
Maintain and update security policies standards procedures and control libraries to align with evolving regulatory and legislative requirements.
Map organizational controls to regulatory mandates and track compliance gaps through remediation planning and follow-up activities.
Coordinate internal and external audits including evidence collection response preparation and remediation tracking.
Administer and maintain Governance Risk and Compliance (GRC) tools to manage risks exceptions and issue tracking.
Establish governance processes for vulnerability management including SLA tracking exception handling and remediation oversight.
Conduct third-party and vendor security assessments review SOC 2 and ISO certifications and support security requirements in procurement and contracts.
Evaluate data protection encryption and privacy risks associated with new technologies procurements and system changes.
Develop dashboards metrics and performance indicators to report on risk posture control maturity and vulnerability remediation progress.
Produce clear actionable reports and communicate security risks effectively to both technical and non-technical stakeholders.
Promote security awareness and provide targeted training related to secure configuration privacy practices and third-party onboarding.
Provide risk-based guidance during incident response activities including root cause analysis and corrective action recommendations.
Review change requests to assess security impact and ensure appropriate testing monitoring and rollback procedures are in place.
Collaborate with cross-functional teams to translate technical findings into business risk and prioritized remediation actions.
Support governance reporting policy lifecycle management and continuous improvement of security and compliance processes.

Required Skills:

3 years of experience in information security risk management audit or a related technical role.
Knowledge of security frameworks and standards including NIST CSF/800-53 CIS Controls ISO 27001 and applicable organizational policies.
Experience conducting technical assessments and control testing with proven ability to validate configurations and interpret vulnerability or security scan results.
Experience performing data analysis and dashboard development using tools such as Excel or Power BI along with strong report writing and presentation skills for senior leadership audiences.
Experience using Governance Risk and Compliance (GRC) platforms to build workflows maintain control libraries and manage risk registers.
Experience performing risk analysis and documentation including developing practical risk treatment plans and managing exceptions with compensating controls.

Preferred Skills:

Industry certifications such as CISSP CISM CRISC CGRC (CAP) Security CCSK/CCSP or CISA.
AWS or Azure cloud security certifications.

Required Experience:

Senior IC

Key Skills

Apply Now

About Company

LingaTech

Careers at LingaTech: Love Where You Work! Welcome to the vibrant world of LingaTech, where technology meets fun and innovation! Are you ready to join the adventure? As a premier employer of top-notch technology consultants, we're on a mission to assemble the most talented and passion ... View more

View Profile View Profile

AI AutoApply

Apply to 100+ jobs with one click