Job Description - Risk Specialist 2 or 3 (26141675)
Position Title:
Risk Specialist 2 or 3 - (26141675)
Why live in Helena, Montana?
Helena is surrounded by rolling hills and lofty mountains and is tucked below the Continental Divide.
It is a relatively quiet place to call home where small-town living collides with outdoor adventure.
Helena has a rich history and was originally founded as a gold camp during the Montana gold rush.
Learn more about moving to and/or living in Helena, Montana here.
Why should you keep reading and consider working here?
We know you have other work options, but we ask you to consider working with us at the State of Montana Department of Administration in the State Information Technology Services Division (SITSD). Our mission to provide shared IT services to support the needs of the state and citizens of Montana. We offer an innovative and collaborative work environment where employees are valued and supported. In addition, our employees have the opportunity to be involved in some of the most exciting and innovative IT projects and initiatives in development within Montana state government.
What is this career opportunity?
State Information Technology Services Division is seeking an experienced Risk Specialist to support the centralized cybersecurity organization by executing cybersecurity risk management processes, conducting risk assessments, documenting risk conditions, maintaining risk documentation, evaluating control effectiveness, and helping customers translate technical findings into actionable treatment decisions under established guidance. The position works across a federated state environment to help assess risk, maintain risk records, registers, and reports, support policy and compliance alignment, and provide practical guidance that references statewide standards while considering agency business needs. The role requires strong analytical ability, willingness to learn, and the ability to communicate risk in plain language to technical, operational, and business stakeholders.
What are we looking for?
Education and Experience:
Specialist 2:
Associate degree in Cybersecurity, Information Technology, Business, Public Administration, or a related field; AND
2 years of experience in cybersecurity risk management, information security, compliance, audit, security assessment, or a closely related field.
Alternate combinations of education, experience, and relevant certifications will be considered on a case-by-case basis.
Specialist 3:
Associate degree in Cybersecurity, Information Technology, Information Assurance, Business, Public Administration, or a related field; AND
4 years of experience in cybersecurity risk management, information security, compliance, audit, security assessment, or a closely related field.
Experience leading risk assessments, complex control assessments, or audits.
Alternate combinations of education, experience, and relevant certifications will be considered on a case-by-case basis.
Preferred:
Bachelor''s degree in Cybersecurity, Information Technology, Information Assurance, Business, Public Administration, or a related field; AND
Advanced cybersecurity certifications such as CRISC, CISA, CISM, CISSP, etc.
Competencies:
Required knowledge, skills, and abilities:
Knowledge of cybersecurity risk management frameworks and standards, including NIST RMF, NIST SP 800-30, NIST SP 800-37, NIST SP 800-53, NIST CSF 2.0, and their practical application in a state government environment.
Knowledge of Information technology (IT) cybersecurity principles and methods such as confidentiality, integrity, availability, authentication, authorization, accountability, encryption, configuration, etc.
Knowledge of common cyber threats, vulnerabilities, attack vectors, and how technical issues translate into business, mission, legal, and reputational impact.
Knowledge of information technology platforms, including hardware, software, network, data storage, cloud service virtualization, security, end-user platforms, etc.
Skill in planning and executing structured risk assessments, including asset identification, threat and vulnerability analysis, likelihood and impact estimation, and residual risk determination.
Skill in evaluating the design and effectiveness of security controls and interpreting assessment, audit, and scan results.
Skill in leading complex risk assessments, including multisystem and cross agency scenarios, and resolving conflicting stakeholder perspectives.
Skill in using GRC platforms, vulnerability management tools, spreadsheets, and ticketing systems to document and track risk work.
Ability to communicate risk in plain language, including providing clear explanation of scenarios, likelihood, impact, and treatment options such as avoid, mitigate, transfer, or accept.
Ability to exercise independent, expert judgment in ambiguous and high impact situations, including advising on risk acceptance when standards and precedents are limited.
Ability to identify control gaps, inconsistencies, and emerging issues in complex technical, procedural, and architectural documentation.
Ability to mentor, coach, and provide informal leadership to team members in risk techniques, documentation standards, and stakeholder communication.
Ability to operate effectively in a federated state environment, balancing centralized standards with agency autonomy and relationship management.
Does this sound like you?
Please tell us how and why by submitting your resume and cover letter. (Please Note: You do not need to complete the "work experience" or the "education & certifications" portion of the application process in our recruiting system. You only need to upload the requested documentation.)
What can you expect from us in return for your hard work?
Ø Look here to see the additional benefits! They include:
o Work/life Balance
o Health Coverage
o Retirement plans
o Paid Vacation and Sick Leave and Holidays
o And more…
Ø Public Service Loan Forgiveness (PSLF) - Employment with the State of Montana may qualify you to receive student loan forgiveness under the PSLF.
Other important information to be aware of.
Applicant Pool Statement: If another department vacancy occurs in this job title within six months, the same applicant pool may be used for the selection. Training Assignment: Not Applicable
Salary: $
37.84 - 40.38 Hourly
Telework Eligibility: Telework Eligible (Full-time telework is not available. Telework schedule must be supervisor approved.) Benefits Package Eligibility: Health Insurance, Paid Leave & Holidays, Retirement Plan
Number of Openings
: 2 Employee Status: Regular Schedule: Full-Time
Job Type
: Standard
Shift
: Day Job
Travel
: No
Primary Location
: Helena
Agency: Department of Administration Union: 000 - None
Posting Date
: Jun 25, 2026, 9:22:46 PM
Closing Date (based on your computer''s timezone)
: Jul 10, 2026, 11:29:00 AM
Required Application Materials: Cover Letter, Resume
Contact Name: Megan Stearman | Contact Email: Megan.Stearman2@mt.gov | Contact Phone: 406-444-4620 The State of Montana has a decentralized human resources (HR) system. Each agency is responsible for its own recruitment and selection. Anyone who needs a reasonable accommodation in the application or hiring process should contact the agency''s HR staff identified on the job listing or by dialing the Montana Relay at 711. Montana Job Service Offices also offer services including assistance with submitting an online application.
State government does not discriminate based on race, color, national origin, religion, sex, sexual orientation, gender identity or expression, pregnancy, childbirth or medical conditions related to pregnancy or childbirth, age, physical or mental disability, genetic information, marital status, creed, political beliefs or affiliation, veteran status, military service, retaliation, or any other factor not related to merit and qualifications of an employee or applicant.