Technical Security Risk Governance Analyst PA Local ...

? Job Post: Technical Security Risk & Governance Analyst (Hybrid)Job Code: OA/EISO 795990 Client: Commonwealth of Pennsylvania Location: Harrisburg, PA (Hybrid – 2 days onsite per week) Duration: Through 06/30/2026 (Extension Possible) Hours: Full-time, 40 hours/week Preference: Local candidates within 2 hours of HarrisburgJob SummaryThe Commonwealth of Pennsylvania is seeking a Technical Security Risk & Governance Analyst to support its enterprise cybersecurity program. This role focuses on performing security risk assessments, control testing, governance, and compliance activities across on-premises and cloud environments. The analyst will collaborate with IT, audit, and business stakeholders to ensure security controls align with state policies and industry frameworks.Key ResponsibilitiesConduct technical security risk assessments for on-prem, cloud (IaaS/PaaS/SaaS), and hybrid systems.Perform control design and operating effectiveness testing aligned with NIST CSF/800-53, CIS Controls, and ISO 27001.Support Authority to Operate (ATO), continuous monitoring, and security attestations.Maintain and update security policies, standards, procedures, and control libraries.Coordinate internal and external audits (HIPAA, CJIS, PCI DSS, FERPA, IRS Pub 1075).Perform third-party/vendor security reviews and support secure procurement activities.Develop dashboards and reports using Excel and Power BI for leadership reporting.Provide security guidance during incident response and change advisory reviews.Required QualificationsBachelor"s degree in Information Security, Computer Science, Information Systems, or equivalent experience.1–3 years of experience in information security, risk management, audit, or a related technical role.Strong knowledge of security frameworks: NIST CSF/800-53, ISO 27001, CIS Controls.Experience with risk analysis, control testing, and security documentation.Proficiency with Excel, Power BI, and reporting to technical and non-technical audiences.Preferred QualificationsSecurity certifications: CISSP, CISM, CRISC, CGRC (CAP), Security+, CCSP/CCSK, or CISA.Cloud security experience with AWS, Azure, and/or Google Cloud.Knowledge of IAM, network security, logging/SIEM, encryption, and DevOps security practices.Work RequirementsHybrid schedule with approximately 2 days onsite per week in Harrisburg, PA.Occasional travel to data centers or agency sites may be required.Background check required per state policy.

Created: 2026-03-04