close-menu

Technical Security Risk & Governance Analyst

Tri-Force Consulting Services, Inc.

Not Interested
Bookmark
Report This Job
profile Job Location:

Philadelphia, PA - USA

profile Salary: Not Disclosed
profile Experience Required: 4-5years
Posted on: 2 hours ago
Vacancies: 1 Vacancy
Register to Apply

Job Summary

Job Title: Technical Security Risk & Governance Analyst (795990)
Client: Commonwealth of PA 2
Location: Dauphin County Harrisburg

NOTE:Hybrid schedule - 2 days on-site per week in Harrisburg Local candidates within 2 hours of office strongly preferred

Position Summary:

The Technical Security Risk & Governance Analyst supports the states cybersecurity program by performing risk assessmentscontrol testing and governance activities across enterprise systemsapplications networks and cloud services. This role partners with ITbusiness owners and audit teams to ensure security controls are designedimplemented and operating effectively in alignment with state policy NIST CSF/800-53 and other regulatory frameworks (e.g. CJIS IRS Pub 1075 HIPAA PCI DSS). The Analyst develops pragmatic recommendations tracks remediationand produces metrics for leadership and regulatory reporting.

Key Responsibilities:
  • Risk Assessment & Control Assurance
  • Conduct technical security risk assessments for onprem cloud (IaaS/PaaS/SaaS) and hybrid solutions; document riskslikelihood/impact and recommended mitigations.
  • Perform control design/operatingeffectiveness testing against NIST CSF/80053 CIS Controls ISO/IEC 27001 and agency security standards.
  • Support Authority to Operate (ATO) processessecurity attestations and continuous monitoring.
  • Facilitate threat modeling and security architecture reviews; advise on secure patterns (network segmentation IAMleast privilege encryption logging).
  • Governance& Compliance
  • Maintain security policies standardsprocedures and control libraries; align updates with legislative or regulatory changes.
  • Map agency controls to relevant mandates ( IRS 1075 HIPAA FERPA PCI DSS state statutes/policies) and track compliance gaps.
  • Coordinate internal/external audits; lead evidence collection responses and remediation plans.
  • Administer or contribute to GRC tooling for issues exceptions and risk registers.
Vulnerability& ThirdParty Risk:
  • Establish governance for vulnerability management (SLAs exception management risk acceptance); monitor patching and remediation progress.
  • Perform vendor/security reviews (SaaS MSPscloud providers) evaluate SOC 2/ISO certifications and negotiate security clauses with procurement/legal.
  • Review data protection encryption and privacy risks in new procurement and major system changes.
MetricsReporting & Communication:
  • Develop and maintain dashboards and performance indicators (risk posture control maturity vulnerability closure rates); brief leadership on trends and priorities.
  • Produce clear actionable reports for technical teams and nontechnical stakeholders.
  • Promote security awareness and targeted training(e.g. secure configuration privacy by design thirdparty onboarding).
Incident& Change Advisory Support:
  • Provide risk-informed guidance during incident response (root cause control gaps corrective actions).
  • Review change requests for security impacts;ensure appropriate testing logging and rollback plans.
Required Qualifications:
  • Bachelors degree in Information SecurityComputer Science Information Systems or related field; OR equivalent experience.
  • 13 years in information security risk management audit or related technical role.
Preferred Qualifications(not required):
  • CISSP CISM CRISC CGRC (CAP) Security CCSK/CCSPCISA
  • Vendor/cloud certs (AWS/Azure/GCP security specialty) are a plus.
Knowledge:
  • Security frameworks and regulations: NIST CSF/80053 CIS Controls ISO 27001; familiarity with CJIS IRS Pub 1075HIPAA FERPA PCI DSS and state policy.
  • Core security domains: identity and access management (IAM) network security endpoint security vulnerability management logging/SIEM encryption/PKI secure DevOps.
  • Cloud security concepts (shared responsibility CSPM workload protection KMS/CMKs conditional access zero trust).
Skills:
  • Technical assessment and control testing;ability to validate configurations and interpret scan results
  • Risk analysis and documentation; creating practical risk treatment plans and exceptions with compensating controls.
  • Using GRC platforms; building workflows control libraries and risk registers.
  • Data analysis and dashboarding (Excel/Power BI)concise report writing and presentation to executives.
Abilities:
  • Translate technical findings into business risk terms and prioritized actions.
  • Collaborate across IT operations legalprocurement and program areas; influence without authority.
  • Handle multiple assessments and deadlines;maintain confidentiality and sound judgment.
  • Continuous learning and adapting to new threatstechnologies and mandates.
Work Conditions & Requirements:
  • Background check per state policy; may require CJIS/IRS Pub 1075 clearance depending on data systems.
  • Occasional travel to agency sites or data centers.
  • Participation in afterhours change windows or incident support as needed.
  • Hybrid/telework eligibility per agency policy.
Performance Measures:
  • Ontime completion of risk assessments and control tests.
  • Reduction in high/critical findings; SLA adherence for remediation.
  • Audit outcomes (deficiency reduction timely corrective actions).
  • Governance deliverables (policy refresh cyclecontrol library currency).
  • Stakeholder satisfaction and effectiveness of risk communications.




Required Skills:

Risk Assessment & Control Assurance Conduct technical security risk assessments for onprem cloud (IaaS/PaaS/SaaS) and hybrid solutions; document riskslikelihood/impact and recommended mitigations. Perform control design/operatingeffectiveness testing against NIST CSF/80053 CIS Controls ISO/IEC 27001 and agency security standards. Support Authority to Operate (ATO) processessecurity attestations and continuous monitoring. Facilitate threat modeling and security architecture reviews; advise on secure patterns (network segmentation IAMleast privilege encryption logging). Governance& Compliance Maintain security policies standardsprocedures and control libraries; align updates with legislative or regulatory changes. Map agency controls to relevant mandates ( IRS 1075 HIPAA FERPA PCI DSS state statutes/policies) and track compliance gaps. Coordinate internal/external audits; lead evidence collection responses and remediation plans. Administer or contribute to GRC tooling for issues exceptions and risk registers. Vulnerability& ThirdParty Risk Establish governance for vulnerability management (SLAs exception management risk acceptance); monitor patching and remediation progress. Perform vendor/security reviews (SaaS MSPscloud providers) evaluate SOC 2/ISO certifications and negotiate security clauses with procurement/legal. Review data protection encryption and privacy risks in new procurements and major system changes. MetricsReporting & Communication Develop and maintain dashboards and performance indicators (risk posture control maturity vulnerability closure rates); brief leadership on trends and priorities. Produce clear actionable reports for technical teams and nontechnical stakeholders. Promote security awareness and targeted training(e.g. secure configuration privacy by design thirdparty onboarding). Incident& Change Advisory Support Provide risk-informed guidance during incident response (root cause control gaps corrective actions). Review change requests for security impacts;ensure appropriate testing logging and rollback plans. Required Qualifications Bachelors degree in Information SecurityComputer Science Information Systems or related field; OR equivalent experience. 13 years in information security risk management audit or related technical role. Preferred Qualifications(not required) CISSP CISM CRISC CGRC (CAP) Security CCSK/CCSPCISA Vendor/cloud certs (AWS/Azure/GCP security specialty) are a plus. Knowledge Security frameworks and regulations: NIST CSF/80053 CIS Controls ISO 27001; familiarity with CJIS IRS Pub 1075HIPAA FERPA PCI DSS and state policy. Core security domains: identity and access management (IAM) network security endpoint security vulnerability management logging/SIEM encryption/PKI secure DevOps. Cloud security concepts (shared responsibility CSPM workload protection KMS/CMKs conditional access zero trust). Skills Technical assessment and control testing;ability to validate configurations and interpret scan results Risk analysis and documentation; creating practical risk treatment plans and exceptions with compensating controls. Using GRC platforms; building workflows control libraries and risk registers. Data analysis and dashboarding (Excel/Power BI)concise report writing and presentation to executives.


Required Education:

Bachelors degree in Information SecurityComputer Science Information Systems or related field; OR equivalent experience.13 years in information security risk management audit or related technical CISM CRISC CGRC (CAP) Security CCSK/CCSPCISAVendor/cloud certs (AWS/Azure/GCP security specialty) are a frameworks and regulations: NIST CSF/80053 CIS Controls ISO 27001; familiarity with CJIS IRS Pub 1075HIPAA FERPA PCI DSS and state securit

Job Title: Technical Security Risk & Governance Analyst (795990) Client: Commonwealth of PA 2Location: Dauphin County HarrisburgNOTE:Hybrid schedule - 2 days on-site per week in Harrisburg Local candidates within 2 hours of office strongly preferredPosition Summary:The Technical Security Risk & Gove...
View more view more

Company Industry

IT Services and IT Consulting

Key Skills

  • ISO 27001
  • Microsoft Access
  • Risk Management
  • Financial Services
  • PCI
  • Risk Analysis
  • Analysis Skills
  • COBIT
  • NIST Standards
  • SOX
  • Information Security
  • Data Analysis Skills
Apply Now

About Company

Tri-Force Consulting Services, Inc.
Company Logo
View Profile View Profile

AI AutoApply

Apply to 100+ jobs with one click

AI AutoApply

AI Resume Builder

Create an ATS-ready CV in minutes

AI Resume Builder

AI Cover Letter

Write a personalized letter instantly

AI Cover Letter

Related Jobs

Senior Security Engineer Systems Analyst

Numentica Llc

profile Austin

Technical Project Coordinator

Allied Steel Buildings

profile Fort Lauderdale

Technical Support Engineer

Redtech Recruitment Ltd.

profile New York City

Sr. Business Analyst

Business Intelligence & Informatics Consultant Services, Inc. (biics, Inc)

profile Tallahassee

Technical Support Manager (247 NOC & Service Operations)

No Limit Technology

profile Pinellas Park

Risk Management Analyst Construction

Aecom

profile New York City

Sr Dir, Solution Consulting Risk & Security

Servicenow

profile Boston

Cyber Security Engineer

Llnl

profile Livermore
  1. Home
  2. Jobs In USA
  3. Jobs In Pennsylvania
  4. Jobs In Philadelphia
  5. Technical Security Risk & Governance Analyst
About Dr.Job

Dr.Job is an AI-powered career platform that bridges the gap between employers and talented job seekers. Since 2015, we have been one of the leading job portals in the UAE, trusted by thousands daily to find opportunities faster and smarter. Today, Dr.Job is expanding worldwide, connecting professionals and employers across borders. With AI-driven tools for resume building, interview preparation, and automated applications, Dr.Job empowers job seekers to land their dream roles and helps employers find top talent with accuracy and speed.

Follow Dr.Job
Payment accepted icon
Company
Popular Searches
Employer
Quick Links
Job seeker
Jobs by Countries

Dr Job FZ LLC. 2026 © All Rights Reserved

Terms of Use. Privacy Policy. Cookie Policy