Technical Security Risk & Governance Analyst
Position Type: Hybrid
Hybrid Schedule: 2 days onsite a week
Contract Length: Long-term with annual extensions Position Overview:
The Technical Security Risk & Governance Analyst supports enterprise cybersecurity initiatives by conducting risk assessments, control testing, and governance activities to ensure security controls are effectively implemented and aligned with established regulatory and industry frameworks. This role collaborates across technical and business teams to strengthen security posture, drive compliance, manage risk remediation, and provide actionable reporting to leadership. Duties:
Conduct technical security risk assessments across on-premises, cloud (IaaS/PaaS/SaaS), and hybrid environments, documenting risks, impact, likelihood, and mitigation strategies.
Perform control design and operating-effectiveness testing aligned with frameworks such as NIST CSF/800-53, CIS Controls, and ISO/IEC 27001.
Support Authority to Operate (ATO) activities, security attestations, and continuous monitoring efforts.
Facilitate threat modeling and security architecture reviews, providing guidance on secure design practices including network segmentation, IAM, least privilege, encryption, and logging.
Maintain and update security policies, standards, procedures, and control libraries to align with evolving regulatory and legislative requirements.
Map organizational controls to regulatory mandates and track compliance gaps through remediation planning and follow-up activities.
Coordinate internal and external audits, including evidence collection, response preparation, and remediation tracking.
Administer and maintain Governance, Risk, and Compliance (GRC) tools to manage risks, exceptions, and issue tracking.
Establish governance processes for vulnerability management, including SLA tracking, exception handling, and remediation oversight.
Conduct third-party and vendor security assessments, review SOC 2 and ISO certifications, and support security requirements in procurement and contracts.
Evaluate data protection, encryption, and privacy risks associated with new technologies, procurements, and system changes.
Develop dashboards, metrics, and performance indicators to report on risk posture, control maturity, and vulnerability remediation progress.
Produce clear, actionable reports and communicate security risks effectively to both technical and non-technical stakeholders.
Promote security awareness and provide targeted training related to secure configuration, privacy practices, and third-party onboarding.
Provide risk-based guidance during incident response activities, including root cause analysis and corrective action recommendations.
Review change requests to assess security impact and ensure appropriate testing, monitoring, and rollback procedures are in place.
Collaborate with cross-functional teams to translate technical findings into business risk and prioritized remediation actions.
Support governance reporting, policy lifecycle management, and continuous improvement of security and compliance processes.
3 years of experience in information security, risk management, audit, or a related technical role.
Knowledge of security frameworks and standards including NIST CSF/800-53, CIS Controls, ISO 27001, and applicable organizational policies.
Experience conducting technical assessments and control testing, with proven ability to validate configurations and interpret vulnerability or security scan results.
Experience performing data analysis and dashboard development using tools such as Excel or Power BI, along with strong report writing and presentation skills for senior leadership audiences.
Experience using Governance, Risk, and Compliance (GRC) platforms to build workflows, maintain control libraries, and manage risk registers.
Experience performing risk analysis and documentation, including developing practical risk treatment plans and managing exceptions with compensating controls.
Preferred Skills:
Industry certifications such as CISSP, CISM, CRISC, CGRC (CAP), Security+, CCSK/CCSP, or CISA.
AWS or Azure cloud security certifications.
Recommended Jobs
Cook
Job Description Cook PeopleReady of Reading, PA is now hiring Cooks in Hamburg, PA. As a Cook, you will perform many different duties that are part of preparing meals. Apply today and you co…
Dental Practice Manager (4 days a week/32hr)
For Water Street Mission to fulfill its mission and purpose, it is critical for all staff to participate in the development and maintenance of a healthy Christian Community. By living out our faith w…
Associate software engineer internship
Reference #: REQ343873 T-Mobile is synonymous with innovation-and you could be part of the team that disrupted an entire industry! We reinvented customer service, brought real 5G to the nation, an…
Mechatronics and Robotics Tech
Philadelphia - Pennsylvania - United States of America CBRE is an equal opportunity employer that values diversity. At CBRE Global Workplace Solutions (GWS) , Safety is our top priority! We mai…
Automation Engineer
Work Schedule Standard Office Hours (40/wk) Environmental Conditions Able to lift 40 lbs. without assistance, Adherence to all Good Manufacturing Practices (GMP) Safety Standards, Fluctuating…
PCP Opportunity | Philadelphia | $340,000 Per Year + $75,000 Signing Bonus
 Were a new, innovative healthcare provider devoted to improving the lives of our patients. We deliver best-in-class care at comfortable, accessible neighborhood clinics where our patients can feel…
Recruiter
Regional VP of Sales, Travel Services Seeking a seasoned Regional Vice President of Sales leader to drive enterprise-level corporate travel and technology solutions. Overview This senior rev…
5-Axis CNC Machine Operator, Navy Systems (Job Number: 1043)
We are seeking a 5-Axis Machine Operator to join our federal team at our York, PA location. This job consists of duties required to operate CNC controlled 5 or more axis machining. Utilize live spi…
Sales Director
Job Description – Sales Director The primary role of the Sales Director at Spherix Global Insights is to lead the sales strategy for identified franchises and accounts and to develop long-term r…
Development Assistant
Little Sisters of the Poor JOB DESCRIPTION JOB TITLE: Development Assistant REPORTS TO: Development Coordinator / Mother Superior All interested applicants please send resumes to: …