Technical Security Risk & Governance Analyst
Hybrid in Harrisburg, PA, US • Posted 4 hours ago • Updated 4 hours ago

Cyma Systems Inc
Dice Job Match Score™
✨ Finding the perfect fit...
Job Details
Skills
- Technical Security Risk & Governance Analyst
- Risk Assessment & Control Assurance
Summary
Role: TAS1 (Technical Security Risk & Governance Analyst)
Location: Harrisburg, PA (Hybrid)
Hybrid schedule - 2 days on-site per week in Harrisburg, PA
Local candidates within 2 hours of office strongly preferred
Position Summary
The Technical Security Risk & Governance Analyst supports the state’s cybersecurity program by performing risk assessments, control testing, and governance activities across enterprise systems, applications, networks, and cloud services. This role partners with IT, business owners, and audit teams to ensure security controls are designed, implemented, and operating effectively in alignment with state policy, NIST CSF/800-53, and other regulatory frameworks (e.g., CJIS, IRS Pub 1075, HIPAA, PCI DSS). The Analyst develops pragmatic recommendations, tracks remediation, and produces metrics for leadership and regulatory reporting.
Key Responsibilities
Risk Assessment & Control Assurance
·Conduct technical security risk assessments for on‑prem, cloud (IaaS/PaaS/SaaS), and hybrid solutions; document risks, likelihood/impact, and recommended mitigations.
·Perform control design/operating‑effectiveness testing against NIST CSF/800‑53, CIS Controls, ISO/IEC 27001, and agency security standards.
·Support Authority to Operate (ATO) processes, security attestations, and continuous monitoring.
·Facilitate threat modeling and security architecture reviews; advise on secure patterns (network segmentation, IAM, least privilege, encryption, logging).
Governance& Compliance
·Maintain security policies, standards, procedures, and control libraries; align updates with legislative or regulatory changes.
·Map agency controls to relevant mandates (e.g.,CJIS, IRS 1075, HIPAA, FERPA, PCI DSS, state statutes/policies) and track compliance gaps.
·Coordinate internal/external audits; lead evidence collection, responses, and remediation plans.
·Administer or contribute to GRC tooling for issues, exceptions, and risk registers.
Vulnerability& Third‑Party Risk
·Establish governance for vulnerability management (SLAs, exception management, risk acceptance); monitor patching and remediation progress.
·Perform vendor/security reviews (SaaS, MSPs ,cloud providers), evaluate SOC 2/ISO certifications, and negotiate security clauses with procurement/legal.
·Review data protection, encryption, and privacy risks in new procurements and major system changes.
Metrics, Reporting & Communication
·Develop and maintain dashboards and performance indicators (risk posture, control maturity, vulnerability closure rates); brief leadership on trends and priorities.
·Produce clear, actionable reports for technical teams and non‑technical stakeholders.
·Promote security awareness and targeted training(e.g., secure configuration, privacy by design, third‑party onboarding).
Incident& Change Advisory Support
·Provide risk-informed guidance during incident response (root cause, control gaps, corrective actions).
·Review change requests for security impacts; ensure appropriate testing, logging, and rollback plans.
Required Qualifications
·Bachelor’s degree in Information Security, Computer Science, Information Systems, or related field; OR equivalent experience.
·1–3 years in information security, risk management, audit, or related technical role.
Preferred Qualifications (not required)
·CISSP, CISM, CRISC, CGRC (CAP), Security+, CCSK/CCSP,CISA
·Vendor/cloud certs (AWS/Azure/Google Cloud Platform security specialty) are a plus.
Required/Desired Skills:
- Experience in info security, risk management, audit or related technical role- Required, 3 Years
- Knowledge of NIST CSF/800-53, CIS Controls, ISO 27001 and state polices- Required
- Experience conducting technical assessments and control testing; proven ability to validate configs and interpret scan results- Required
- Experience with data analysis and dashboarding (Excel/Power BI), concise report writing, and ability to present to senior leadership- Required
- Experience using GRC platforms; building workflows, control libraries, and risk registers- Required
- Experience with risk analysis and documentation; creating practical risk treatment plans and exceptions with compensating controls- Required
- CISSP, CISM, CRISC, CGRC (CAP), Security+, CCSK/CCSP, or CISA certification- Highly desired
- AWS/Azure cloud certifications are a plus- Highly desired
Knowledge
·Security frameworks and regulations: NIST CSF/800‑53, CIS Controls, ISO 27001; familiarity with CJIS, IRS Pub 1075, HIPAA, FERPA, PCI DSS, and state policy.
·Core security domains: identity and access management (IAM), network security, endpoint security, vulnerability management, logging/SIEM, encryption/PKI, secure DevOps.
·Cloud security concepts (shared responsibility, CSPM, workload protection, KMS/CMKs, conditional access, zero trust).
- Dice Id: RTL327349
- Position Id: 8890710
- Posted 4 hours ago
Company Info
Cyma Systems is a technology solutions firm based in Connecticut serving mid-sized and Fortune 1000 businesses. We work with a range of corporate commercial clients as well as with the government sector. As a full-service consulting firm, we engage with our clients to share ideas on how we can help their businesses to become more profitable, to get a jump start on competitors by bringing products to market quickly, reducing costs, maximizing the use of existing technologies, driving more sales through the channel, and to bring additional value by forming a mutually beneficial partnership.
We think that the essence of a successful business is its ability to adapt and transform keeping ground realities in sight. At Cyma we work on leveraging the right synergies between technology and people that work towards transforming the outlook and results of your business.


Similar Jobs
It looks like there aren't any Similar Jobs for this job yet.
Search all similar jobs