Risk Specialist 2 Or 3
Automate your job search with Sonara.
Submit 10x as many applications with less effort than one manual application.1
Reclaim your time by letting our AI handle the grunt work of job searching.
We continuously scan millions of openings to find your top matches.

Overview
Job Description
Why live in Helena, Montana?
Helena is surrounded by rolling hills and lofty mountains and is tucked below the Continental Divide.
It is a relatively quiet place to call home where small-town living collides with outdoor adventure.
Helena has a rich history and was originally founded as a gold camp during the Montana gold rush.
Learn more about moving to and/or living in Helena, Montana here.
Why should you keep reading and consider working here?
We know you have other work options, but we ask you to consider working with us at the State of Montana Department of Administration in the State Information Technology Services Division (SITSD). Our mission to provide shared IT services to support the needs of the state and citizens of Montana. We offer an innovative and collaborative work environment where employees are valued and supported. In addition, our employees have the opportunity to be involved in some of the most exciting and innovative IT projects and initiatives in development within Montana state government.
What is this career opportunity?
State Information Technology Services Division is seeking an experienced Risk Specialist to support the centralized cybersecurity organization by executing cybersecurity risk management processes, conducting risk assessments, documenting risk conditions, maintaining risk documentation, evaluating control effectiveness, and helping customers translate technical findings into actionable treatment decisions under established guidance. The position works across a federated state environment to help assess risk, maintain risk records, registers, and reports, support policy and compliance alignment, and provide practical guidance that references statewide standards while considering agency business needs. The role requires strong analytical ability, willingness to learn, and the ability to communicate risk in plain language to technical, operational, and business stakeholders.
What are we looking for?
Education and Experience:
Specialist 2:
Associate degree in Cybersecurity, Information Technology, Business, Public Administration, or a related field; AND
2 years of experience in cybersecurity risk management, information security, compliance, audit, security assessment, or a closely related field.
Alternate combinations of education, experience, and relevant certifications will be considered on a case-by-case basis.
Specialist 3:
Associate degree in Cybersecurity, Information Technology, Information Assurance, Business, Public Administration, or a related field; AND
4 years of experience in cybersecurity risk management, information security, compliance, audit, security assessment, or a closely related field.
Experience leading risk assessments, complex control assessments, or audits.
Alternate combinations of education, experience, and relevant certifications will be considered on a case-by-case basis.
Preferred:
Bachelor's degree in Cybersecurity, Information Technology, Information Assurance, Business, Public Administration, or a related field; AND
Advanced cybersecurity certifications such as CRISC, CISA, CISM, CISSP, etc.
Competencies:
Required knowledge, skills, and abilities:
Knowledge of cybersecurity risk management frameworks and standards, including NIST RMF, NIST SP 800-30, NIST SP 800-37, NIST SP 800-53, NIST CSF 2.0, and their practical application in a state government environment.
Knowledge of Information technology (IT) cybersecurity principles and methods such as confidentiality, integrity, availability, authentication, authorization, accountability, encryption, configuration, etc.
Knowledge of common cyber threats, vulnerabilities, attack vectors, and how technical issues translate into business, mission, legal, and reputational impact.
Knowledge of information technology platforms, including hardware, software, network, data storage, cloud service virtualization, security, end-user platforms, etc.
Skill in planning and executing structured risk assessments, including asset identification, threat and vulnerability analysis, likelihood and impact estimation, and residual risk determination.
Skill in evaluating the design and effectiveness of security controls and interpreting assessment, audit, and scan results.
Skill in leading complex risk assessments, including multisystem and cross agency scenarios, and resolving conflicting stakeholder perspectives.
Skill in using GRC platforms, vulnerability management tools, spreadsheets, and ticketing systems to document and track risk work.
Ability to communicate risk in plain language, including providing clear explanation of scenarios, likelihood, impact, and treatment options such as avoid, mitigate, transfer, or accept.
Ability to exercise independent, expert judgment in ambiguous and high impact situations, including advising on risk acceptance when standards and precedents are limited.
Ability to identify control gaps, inconsistencies, and emerging issues in complex technical, procedural, and architectural documentation.
Ability to mentor, coach, and provide informal leadership to team members in risk techniques, documentation standards, and stakeholder communication.
Ability to operate effectively in a federated state environment, balancing centralized standards with agency autonomy and relationship management.
Does this sound like you?
Please tell us how and why by submitting your resume and cover letter. (Please Note: You do not need to complete the "work experience" or the "education & certifications" portion of the application process in our recruiting system. You only need to upload the requested documentation.)
What can you expect from us in return for your hard work?
Ø Look here to see the additional benefits! They include:
o Work/life Balance
o Health Coverage
o Retirement plans
o Paid Vacation and Sick Leave and Holidays
o And more…
Ø Public Service Loan Forgiveness (PSLF) - Employment with the State of Montana may qualify you to receive student loan forgiveness under the PSLF.
Other important information to be aware of.
- This position requires successful completion of a criminal background check.
- Only online applications are accepted. By applying online, you can receive updates and monitor the status of your application.
- The Department of Administration participates in E-Verify to confirm employment eligibility. After accepting a job offer and completing form I-9, your information will be submitted to the Department of Homeland Security and Social Security Administration for verification. For more information about E-Verify, please visit the E-Verify website found here, https://www.e-verify.gov/.
- The first review of applicants will take place on July 2, 2026.
- In this position you will be afforded the opportunity to telework, however there will be required weekly in-office day(s) in Helena. Specific conditions will be outlined as part of the job offer and must adhere to state policy.
Automate your job search with Sonara.
Submit 10x as many applications with less effort than one manual application.
