CrawlJobs Logo

Technical Security Risk & Governance Analyst

oceanbluecorp.com Logo

Ocean Blue Solutions

Location Icon

Location:
United States , Harrisburg

Category Icon
Category:
IT - Administration

Job Type Icon

Contract Type:
Not provided

Salary Icon

Salary:

Not provided
Save Job
Save Icon
Apply Position

Job Description:

The Technical Security Risk & Governance Analyst supports the state’s cybersecurity program by performing risk assessments, control testing, and governance activities across enterprise systems, applications, networks, and cloud services. This role partners with IT, business owners, and audit teams to ensure security controls are designed, implemented, and operating effectively in alignment with state policy, NIST CSF/800-53, and other regulatory frameworks (e.g., CJIS, IRS Pub 1075, HIPAA, PCI DSS). The Analyst develops pragmatic recommendations, tracks remediation, and produces metrics for leadership and regulatory reporting.

Job Responsibility:

  • Conduct technical security risk assessments for on‑prem, cloud (IaaS/PaaS/SaaS), and hybrid solutions
  • document risks, likelihood/impact, and recommended mitigations
  • Perform control design/operating‑effectiveness testing against NIST CSF/800‑53, CIS Controls, ISO/IEC 27001, and agency security standards
  • Support Authority to Operate (ATO) processes, security attestations, and continuous monitoring
  • Facilitate threat modeling and security architecture reviews
  • advise on secure patterns (network segmentation, IAM, least privilege, encryption, logging)
  • Maintain security policies, standards, procedures, and control libraries
  • align updates with legislative or regulatory changes
  • Map agency controls to relevant mandates (e.g., CJIS, IRS 1075, HIPAA, FERPA, PCI DSS, state statutes/policies) and track compliance gaps
  • Coordinate internal/external audits
  • lead evidence collection, responses, and remediation plans
  • Administer or contribute to GRC tooling for issues, exceptions, and risk registers
  • Establish governance for vulnerability management (SLAs, exception management, risk acceptance)
  • monitor patching and remediation progress
  • Perform vendor/security reviews (SaaS, MSPs, cloud providers), evaluate SOC 2/ISO certifications, and negotiate security clauses with procurement/legal
  • Review data protection, encryption, and privacy risks in new procurements and major system changes
  • Develop and maintain dashboards and performance indicators (risk posture, control maturity, vulnerability closure rates)
  • brief leadership on trends and priorities
  • Produce clear, actionable reports for technical teams and non‑technical stakeholders
  • Promote security awareness and targeted training (e.g., secure configuration, privacy by design, third‑party onboarding)
  • Provide risk-informed guidance during incident response (root cause, control gaps, corrective actions)
  • Review change requests for security impacts
  • ensure appropriate testing, logging, and rollback plans

Requirements:

  • Bachelor’s degree in Information Security, Computer Science, Information Systems, or related field
  • OR equivalent experience
  • 1–3 years in information security, risk management, audit, or related technical role
  • Knowledge of security frameworks and regulations: NIST CSF/800‑53, CIS Controls, ISO 27001
  • familiarity with CJIS, IRS Pub 1075, HIPAA, FERPA, PCI DSS, and state policy
  • Knowledge of core security domains: identity and access management (IAM), network security, endpoint security, vulnerability management, logging/SIEM, encryption/PKI, secure DevOps
  • Knowledge of cloud security concepts (shared responsibility, CSPM, workload protection, KMS/CMKs, conditional access, zero trust)
  • Skills in technical assessment and control testing
  • ability to validate configurations and interpret scan results
  • Skills in risk analysis and documentation
  • creating practical risk treatment plans and exceptions with compensating controls
  • Skills in using GRC platforms
  • building workflows, control libraries, and risk registers
  • Skills in data analysis and dashboarding (Excel/Power BI), concise report writing, and presentation to executives
  • Ability to translate technical findings into business risk terms and prioritized actions
  • Ability to collaborate across IT, operations, legal, procurement, and program areas
  • influence without authority
  • Ability to handle multiple assessments and deadlines
  • maintain confidentiality and sound judgment
  • Ability for continuous learning and adapting to new threats, technologies, and mandates
  • Background check per state policy
  • may require CJIS/IRS Pub 1075 clearance depending on data systems
  • Occasional travel to agency sites or data centers
  • Participation in after‑hours change windows or incident support as needed

Nice to have:

  • CISSP, CISM, CRISC, CGRC (CAP), Security+, CCSK/CCSP, CISA
  • Vendor/cloud certs (AWS/Azure/GCP security specialty) are a plus

Additional Information:

Job Posted:
February 18, 2026

Expiration:
February 22, 2026

Employment Type:
Fulltime
Work Type:
Hybrid work
Icon
Ocean Blue Solutions - All Job Offers
Job Link Share:
Copy Link Icon
Facebook Icon Twitter Icon LinkedIn Icon

Looking for more opportunities? Search for other job offers that match your skills and interests.

Briefcase Icon

Similar Jobs for Technical Security Risk & Governance Analyst

Governance, risk and compliance technical analyst intern

This is a 10 week internship program that runs from May 27th, 2026 to August 7th...
Location
Location
United States , San Diego; San Francisco
Salary
Salary:
35.00 USD / Hour
gofundme.com Logo
GoFundMe
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Confidently maintain clear and concise communication with colleagues while working in a remote or hybrid environment
  • Inquisitive with a solution-oriented mindset
  • Demonstrate excellent analytical, problem-solving, time-management, and multitasking abilities
  • Passionate about staying current on regulatory changes, industry guidance, and card scheme compliance
Job Responsibility
Job Responsibility
  • Coordinate external auditor requests and facilitate meetings with Information Technology, Engineering Teams, Security and Control Owners
  • Build trust center tiles to communicate internal controls to customers and regulatory bodies
  • Assist in evidence collection for IT control reviews, infrastructure, change management and product releases
  • Assist in building communication portfolios, customer journeys and feedback forms for all audit stakeholders to ensure consistency in reaching audit goals, and note potential opportunities, risks, or complications
What we offer
What we offer
  • Competitive pay and comprehensive healthcare benefits
  • Financial assistance for things like hybrid work, family planning
  • Generous parental leave
  • Flexible time-off policies
  • Mental health and wellness resources
  • Learning, development, and recognition programs
  • Fulltime
Read More
Arrow Right

Security Governance Risk & Compliance (GRC) Analyst

Here at Virtru you’ll help build a cutting edge security compliance program alig...
Location
Location
United States , Washington, DC
Salary
Salary:
130000.00 - 180000.00 USD / Year
virtru.com Logo
Virtru
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Minimum of 5+ years of information security, IT audit and/or IT Risk Management, or GRC Analyst/Engineer experience
  • Deep understanding of at least few of the following: CMMC, NIST 800-53 & 800-171, FedRAMP, SOC 2, PCI, and/or other global privacy compliance frameworks
  • Technical acumen. Strong understanding of modern cloud technologies (AWS, GCP, Azure, etc.) and familiarity with GRC tools (Hyperproof, Vanta, Drata, etc) and SIEM tools (Datadog, Splunk)
  • You’re a relationship builder and have worked with both business and technical risk and understand how to translate risk to various levels of the organization
  • Have experience training and coaching teams to become better security and privacy practitioners
  • Like working on an autonomous agile team
  • Ability to resolve conflicts and drive issues to completion
  • Work independently with little or no supervision while maintaining a high level of efficiency
  • Hands on experience deploying and managing vulnerability scanning/cloud security posture management tools (Wiz, Prismacloud, etc.) to meet security compliance requirements
  • Real-world IR experience participating on security On-Call teams
Job Responsibility
Job Responsibility
  • Manage and implement complex controls frameworks for large systems, consisting of Cloud infrastructure and Software as a Service (SaaS) services (GCP, AWS, GitHub, Okta, etc)
  • Design and develop automation solutions for evidence collection across Cloud infrastructure, endpoints, and SaaS services
  • Conduct risk assessments across business units and processes. Identify risk findings and recommend remediation and risk mitigation strategies
  • Assist or implement automated controls to support risk mitigation efforts across various business units with stakeholders
  • Incorporate CMMC certification into Virtru’s slate of compliance assessments and ongoing monitoring activities (FedRAMP, SOC 2, PCI)
  • Facilitate the third-party vendor on-boarding and annual review process by evaluating the security of current and prospective partners
  • Participate in incident response (IR) activities, providing risk analysis and remediation support as needed
  • Enhance the team with your individualism, spirit, and love of learning
What we offer
What we offer
  • A Flexible PTO policy
  • A $1,500 annual Learning & Development Stipend
  • Frequent company-sponsored team celebrations
  • Access to an Employee Assistance Program
  • Access to Headspace, a mental health app
  • A flat 3% contribution to your retirement account
  • A high degree of flexibility
  • Competitive compensation
  • Generous parental, medical, and bereavement policies
  • 401K contribution and stock options
  • Fulltime
Read More
Arrow Right

Senior Governance, Risk and Compliance Analyst - Governance

Come join the company that is reinventing cloud security and empowering business...
Location
Location
Netherlands
Salary
Salary:
Not provided
wiz.io Logo
Wiz
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of experience in one or more of the Governance, Risk, and Compliance domains
  • Passion for security and keeping Wiz safe
  • Ability to collaborate with technical and non-technical teams alike to further oversight responsibilities of Security
  • Deep knowledge of one or more industry frameworks such as ISO 27001, ISO 27017, SOC 2, PCI DSS, NIST CSF, etc. and baseline knowledge of others
  • Ability to assist with security compliance assessments to ensure compliance with internal and external requirements (ISO, NIST, CIS, etc.)
  • Experience working in a fast-paced tech environment both independently, and collaboratively within a team environment
  • Ability to build strong relationships across teams and functions in a global workplace
  • Applicants must have the legal right to work in the country where the position is based, without the need for visa sponsorship
Job Responsibility
Job Responsibility
  • Design and update policies, procedures, and controls to drive confidentiality, integrity, and availability across the Wiz environment
  • Continuously improve processes, tools, and procedures for audit and compliance management
  • Collaborate and work cross-functionally across the company to address governance and compliance needs and to support the Wiz Control Framework, partnering with Engineering, Product, Sales, Legal, HR, and other teams
  • Proactively improvement control design and performance to address a changing risk landscape
  • Deliver timely audits through working with internal and external auditors
  • Help customer-facing teams respond to information security requirements and questionnaires
  • Assist with third party risk management reviews, assessing vendor’s security, compliance, and privacy posture
  • Participate in team project management, including documentation, project planning, task management, and prioritization
  • Participate in recurring annual core audits (e.g., SOC 2, ISO, PCI)
  • Maintain awareness of security and regulatory trends, perform research and analysis on new certifications, and help Wiz pursue new international compliance initiatives
Read More
Arrow Right

Information Security Technology Analyst - Governance

The Information Security Technology Analyst is an intermediate level position re...
Location
Location
Philippines , City of Taguig, Metro Manila
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5-8 years of relevant experience
  • Consistently demonstrates clear and concise written and verbal communication
  • Proven influencing and relationship management skills
  • Proven analytical skills
  • Bachelor's degree/University degree or equivalent experience
Job Responsibility
Job Responsibility
  • Assist Security Incident Response Teams with incident investigations and aid in technical risk assessments
  • Coordinate with system development and infrastructure units to identify Information Security (IS) risks and the appropriate controls for development, day-to-day operation, and emerging technologies
  • Perform regular assessments based on changes in the threat landscape
  • Monitor vulnerability assessments and ethical hacks, ensuring that issues are addressed for the applications that they support
  • Provide information security support with related activities during systems development (e.g. authentication, encryption)
  • Identify and develop new and improved technical procedures and process control manuals
  • Identify significant IS threats and vulnerabilities
  • Assume informal/formal mentorship role within teams and assist with the coaching and training of new team members
  • Appropriately assess risk when business decisions are made, demonstrating particular consideration for the firm's reputation and safeguarding Citigroup, its clients and assets
  • Fulltime
Read More
Arrow Right

AI Risk Analyst

The AI Risk Analyst plays a critical role in ensuring the responsible, compliant...
Location
Location
United States , Easton
Salary
Salary:
Not provided
victaulic.com Logo
Victaulic
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Familiarity with AI/ML concepts, lifecycle stages, risks, and ethical considerations
  • Strong analytical skills
  • Knowledge of governance frameworks (e.g., NIST AI RMF, ISO/IEC 42001)
  • Understanding of data privacy, ethical AI principles, and risk management processes
  • Experience in regulatory monitoring, compliance, or policy development
  • Exceptional written and verbal communication skills
  • Experience collaborating with stakeholders across legal, IT, data, business operations, and security
  • Bachelor’s degree in Business, Data / Information Technology, Law, or related field
  • 5+ years of experience in governance, IT compliance, technology policy, risk management, or related areas
Job Responsibility
Job Responsibility
  • Serve as the primary coordinator for the AI Governance Council
  • Track decisions, action items, and policy updates
  • Support the development and maintenance of the organization's AI governance framework
  • Monitor and interpret AI-related regulatory updates
  • Provide summaries, impact assessments, and recommendations
  • Maintain a centralized inventory of all AI/ML solutions
  • Ensure all AI solutions have corresponding governance guardrails
  • Coordinate with data science, IT, legal, security, and business teams
  • Support the risk assessment process for new and existing AI use cases
  • Conduct or facilitate impact assessments
Read More
Arrow Right

Senior Information Security Compliance Analyst

We're looking for a technically grounded Senior IS Compliance Analyst who speaks...
Location
Location
United States , Chicago
Salary
Salary:
90000.00 - 130000.00 USD / Year
blumeglobal.com Logo
Blume Global
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Hands-on experience in technical security roles such as Security Operations, Incident Response, Security Analysis, penetration testing, or similar
  • Practical knowledge of security tools, SIEM platforms, vulnerability management, and security monitoring
  • and ability to read and understand security logs, configurations, and technical documentation
  • 6+ years of total experience with significant time in GRC
  • Working knowledge of ISO 27001, NIST frameworks, SOC 1/2, and GDPR requirements
  • Experience developing and implementing information security policies and controls
  • ISO 27001:2022 Lead Implementer and Lead Auditor certification
Job Responsibility
Job Responsibility
  • Lead technical security assessments and integration of acquired companies, mapping their security architectures and controls to our GRC frameworks, identifying gaps, and building remediation roadmaps that address both technical security and compliance alignment
  • Bridge technical security and business stakeholders by evaluating risks through a technical lens, working alongside security engineering teams to translate GRC requirements into practical security measures, and communicating effectively across technical and non-technical audiences
  • Develop and harmonize security policies and control frameworks across acquired entities, ensuring they're both audit ready and operationally sound, while translating between technical security requirements and governance documentation
  • Own customer security questionnaire responses by leveraging your hands-on security background to provide detailed, accurate answers and collaborating with infrastructure, application security, and operations teams to gather technical evidence
  • Drive continuous improvement of our GRC program through technical security enhancements, meaningful security and compliance metrics, and process improvements that increase both control effectiveness and operational efficiency
What we offer
What we offer
  • health and welfare benefits
  • tuition assistance
  • 401K savings and other retirement programs
  • employee assistance programs
Read More
Arrow Right

Product Security Engineer - Secure SDLC Analyst

HPE Aruba Networking is looking for a person excited to work at the intersection...
Location
Location
United States , San Juan
Salary
Salary:
Not provided
https://www.hpe.com/ Logo
Hewlett Packard Enterprise
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • BS in Information Security, Computer Science, or related technical field
  • A background in software security, either academic or work experience, including reverse engineering, vulnerability classes such as buffer overflows and their prevention, web application security, and/or cloud security
  • Programming knowledge of at least one programming language with the ability to look at source code and figure out what it’s doing
  • Familiarity with the purpose of tools such as IDEs, compilers, source code revision control systems, ASPM, SCA and code scanners
  • Minimum 3 years of experience working directly in software engineering or in an adjacent field with exposure to the software engineering environment
  • Experience conducting risk assessments, threat modeling, and/or compliance assessments
  • Experience supporting the integration of security practices through the software development lifecycle
Job Responsibility
Job Responsibility
  • Assist in the execution of product compliance assessments against various frameworks (e.g. NIST SSDF, NIST SP 800-218, SP 800-53, CIS Benchmarks)
  • Assist in the development and/or maintenance of GRC and SDLC tooling implementations, including scripting and automation
  • Operate as a representative of HPE Aruba in working groups, with government representatives, and with auditors
  • Provide consulting, information, and advice to product teams around implementing and improving the maturity of our SDLC
  • Document known issues and provide information to product teams in a manner which allows for easy interpretation and corrective actions to be performed
  • Monitor worldwide government standards and communicate to management and product teams when changes are made that may impact an existing control or introduce new requirements
What we offer
What we offer
  • Health & Wellbeing
  • Personal & Professional Development
  • Unconditional Inclusion
  • Fulltime
Read More
Arrow Right

Security Analyst

As a Security Analyst, you will be a key player in our IT security team, focusin...
Location
Location
United States , Tallahassee
Salary
Salary:
Not provided
https://www.roberthalf.com Logo
Robert Half
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Lead the technical execution of security-related projects, focusing on system hardening and network security
  • Engage in effective communication and collaboration with various teams to meet specific security standards
  • Utilize your expertise in firewalls, Intrusion Detection Systems/Intrusion Prevention Systems (IDS/IPS), and encryption to ensure secure configurations
  • Conduct comprehensive vulnerability assessments and devise relevant remediation strategies
  • Manage security tools and provide support for incident response, ensuring the seamless integration of security platforms
  • Ensure strict adherence to Criminal Justice Information Services (CJIS) and State of Florida regulations
  • Work closely with Governance, Risk, and Compliance (GRC) teams to address audit gaps
  • Document and provide training on cybersecurity solutions and processes with a focus on CJIS and State regulations
  • Reengineer security processes for improved efficiency and compliance
  • Stay informed about emerging threats and technologies, providing support for cybersecurity issues
Job Responsibility
Job Responsibility
  • Lead the technical execution of security-related projects, focusing on system hardening and network security
  • Engage in effective communication and collaboration with various teams to meet specific security standards
  • Utilize your expertise in firewalls, Intrusion Detection Systems/Intrusion Prevention Systems (IDS/IPS), and encryption to ensure secure configurations
  • Conduct comprehensive vulnerability assessments and devise relevant remediation strategies
  • Manage security tools and provide support for incident response, ensuring the seamless integration of security platforms
  • Ensure strict adherence to Criminal Justice Information Services (CJIS) and State of Florida regulations
  • Work closely with Governance, Risk, and Compliance (GRC) teams to address audit gaps
  • Document and provide training on cybersecurity solutions and processes with a focus on CJIS and State regulations
  • Reengineer security processes for improved efficiency and compliance
  • Stay informed about emerging threats and technologies, providing support for cybersecurity issues
What we offer
What we offer
  • medical, vision, dental, and life and disability insurance
  • eligible to enroll in our company 401(k) plan
  • Fulltime
Read More
Arrow Right
Jobs by Category
Art and Entertainment Jobs Banking Jobs Call Center Jobs Construction Jobs Consulting Jobs Customer Service Jobs Education Jobs Energy Jobs Finance Jobs Gastronomy Jobs Health and Beauty Jobs Hospitality and Tourism Jobs Human Resources Jobs Insurance Jobs IT - Administration Jobs IT - Software Development Jobs Legal Jobs Logistics Jobs Manufacturing Jobs Marketing, Digital Marketing, SEO, SEM Jobs Media Jobs Nursing Jobs Office Administration Jobs Pharmacy Jobs Physical Work Jobs Public Relations Jobs Public Sector Jobs Purchasing Jobs Quality Control Jobs Real Estate Jobs Research and Development Jobs Sales Jobs
Job Positions Jobs by Country
United States Jobs United Kingdom Jobs India Jobs Canada Jobs Australia Jobs Germany Jobs Ireland Jobs Poland Jobs
Company
Blog About Us Contact
Follow Us
Facebook
X (Twitter)
LinkedIn
Instagram
CrawlJobs Group
ITFlashcards AllDevBlogs
© 2026 CrawlJobs Ltd. All Rights Reserved
Terms & Conditions Privacy Policy