Technical Security Risk & Governance Analyst / Full-Time / Hybrid / Harrisburg, PA

Technical Security Risk & Governance Analyst / Full-Time / Hybrid / Harrisburg, PA

Become a member of a growing team of Information Technology professionals making an impact and providing solutions for Government and Commercial clients since 1996 Join the Domino Tech Team!

Accepting Candidates Until 02/20/2026 at 2:00 PM

The Position:
Client: Commonwealth of Pennsylvania Office of Administration Enterprise Information Security Office (OA-EISO)
Position Title: OA-EISO - Technical Security Risk & Governance Analyst TAS1 (795990)
Location: Hybrid; Remote Off-Site and On-Site in Harrisburg, PA
Duration: Initial term through 06/30/2026 (+ Annual Renewal in 1-Year Terms)

Note: Position is hybrid; estimated 2 days/week on-site, and may require occasional travel to a data center and/or agency site as needed. Candidates must currently reside within a reasonable commuting distance (2-hours/100-miles +/-) of Harrisburg, PA. Current residency will be verified.

The Technical Security Risk & Governance Analyst supports the state s cybersecurity program by performing risk assessments, control testing, and governance activities across enterprise systems, applications, networks, and cloud services. This role partners with IT, business owners, and audit teams to ensure security controls are designed, implemented, and operating effectively in alignment with state policy, NIST CSF/800-53, and other regulatory frameworks (e.g., CJIS, IRS Pub 1075, HIPAA, PCI DSS). The Analyst develops pragmatic recommendations, tracks remediation, and produces metrics for leadership and regulatory reporting.
Key Responsibilities;
Risk Assessment & Control Assurance:
- Conduct technical security risk assessments for onprem, cloud (IaaS/PaaS/SaaS), and hybrid solutions; document risks, likelihood/impact, and recommended mitigations.
- Perform control design/operatingeffectiveness testing against NIST CSF/80053, CIS Controls, ISO/IEC 27001, and agency security standards.
- Support Authority to Operate (ATO) processes, security attestations, and continuous monitoring.
- Facilitate threat modeling and security architecture reviews; advise on secure patterns (network segmentation, IAM, least privilege, encryption, logging).
Governance& Compliance:
- Maintain security policies, standards, procedures, and control libraries; align updates with legislative or regulatory changes.
- Map agency controls to relevant mandates (e.g., CJIS, IRS 1075, HIPAA, FERPA, PCI DSS, state statutes/policies) and track compliance gaps.
- Coordinate internal/external audits; lead evidence collection, responses, and remediation plans.
- Administer or contribute to GRC tooling for issues, exceptions, and risk registers.
Vulnerability& ThirdParty Risk:
- Establish governance for vulnerability management (SLAs, exception management, risk acceptance); monitor patching and remediation progress.
- Perform vendor/security reviews (SaaS, MSPs, cloud providers), evaluate SOC 2/ISO certifications, and negotiate security clauses with procurement/legal.
- Review data protection, encryption, and privacy risks in new procurements and major system changes.
Metrics, Reporting & Communication:
- Develop and maintain dashboards and performance indicators (risk posture, control maturity, vulnerability closure rates); brief leadership on trends and priorities.
- Produce clear, actionable reports for technical teams and nontechnical stakeholders.
- Promote security awareness and targeted training (e.g., secure configuration, privacy by design, thirdparty onboarding).
Incident& Change Advisory Support:
- Provide risk-informed guidance during incident response (root cause, control gaps, corrective actions).
- Review change requests for security impacts; ensure appropriate testing, logging, and rollback plans.

The Skills and Experience:
- 3+ Years: Experience in info security, risk management, audit or related technical role
- Knowledge of NIST CSF/800-53, CIS Controls, ISO 27001 and state polices
- Experience conducting technical assessments and control testing; proven ability to validate configs and interpret scan results
- Experience with data analysis and dashboarding (Excel/Power BI), concise report writing, and ability to present to senior leadership
- Experience using GRC platforms; building workflows, control libraries, and risk registers
- Experience with risk analysis and documentation; creating practical risk treatment plans and exceptions with compensating controls
- CISSP, CISM, CRISC, CGRC (CAP), Security+, CCSK/CCSP, or CISA certification(s) highly desired
- AWS/Azure cloud certifications highly desired

The Company:
The mission of Domino Technologies, Inc. is to provide clients with IT solutions for their individual business processes that lead to strategic market advantages. Since its founding in 1996, the Domino Tech Team has built a solid record of performance working with clients in the Government and Commercial sectors.

The Perks:
- Excellent Market Salary
- Competitive Benefits
- Paid Holidays and Vacation
- Positive Work-Life Balance

The Location:
Domino Technologies is based in the Harrisburg area the capital city of the Commonwealth of Pennsylvania and the county seat of Dauphin County. Located on the east bank of the Susquehanna River, Harrisburg is the anchor of the Susquehanna Valley metropolitan area.

Contact Us Today!