Technical Security Risk & Governance Analyst

Required Qualifications

Bachelor s degree in Information Security, Computer Science, Information Systems, or related field; OR equivalent experience.

1 3 years in information security, risk management, audit, or related technical role.

Preferred Qualifications(not required)

CISSP, CISM, CRISC, CGRC (CAP), Security+, CCSK/CCSP,CISA

Vendor/cloud certs (AWS/Azure/Google Cloud Platform security specialty) are a plus.

Knowledge

Security frameworks and regulations: NIST CSF/80053, CIS Controls, ISO 27001; familiarity with CJIS, IRS Pub 1075,HIPAA, FERPA, PCI DSS, and state policy.

Core security domains: identity and access management (IAM), network security, endpoint security, vulnerability management, logging/SIEM, encryption/PKI, secure DevOps.

Cloud security concepts (shared responsibility, CSPM, workload protection, KMS/CMKs, conditional access, zero trust).

Skills

Technical assessment and control testing; ability to validate configurations and interpret scan results

Risk analysis and documentation; creating practical risk treatment plans and exceptions with compensating controls.

Using GRC platforms; building workflows, control libraries, and risk registers.

Data analysis and dashboarding (Excel/Power BI),concise report writing, and presentation to executives.

Abilities

Translate technical findings into business risk terms and prioritized actions.

Collaborate across IT, operations, legal, procurement, and program areas; influence without authority.

Handle multiple assessments and deadlines; maintain confidentiality and sound judgment.

Continuous learning and adapting to new threats, technologies, and mandates.