Water Business Operations Security Analyst or Senior Analyst

JOB LOCATIONAurora, Colorado City of Aurora, Colorado It is an exciting time to work for the City of Aurora, we're growing and looking for dedicated and collaborative individuals to join our team of talented and valued employees. Excellent organizations have a set of principles, or core values, that are used to implement their mission and vision. Those values represent the touchstone for the organization, guiding the decisions of the individuals and the organization.

At the City of Aurora, we demonstrate our excellence by modeling the CORE 4 Values of:
Integrity, Respect, Professionalism, and Customer Service, and we welcome all who share these values to apply.

Why Work for Aurora?

Make a difference in the lives of real people every day Diverse community

Competitive total compensation package

Well-Funded General Employees Retirement Plan Light rail station minutes away

On-site fitness center and overall employee well-being programs Internal educational programs to assist with career advancement

Access to innovation work spaces

PRIMARY DUTIES & RESPONSIBILITIESHiring Salary:

Analyst: $86,772 - $108,466/year Senior Analyst: $99,788 - $124,736/year

This position will be posted until filled. However, it is subject to close at any time once a qualified pool of applications is obtained.

OVERVIEW OF JOBAurora Water is seeking an experienced cybersecurity professional to oversee and enhance the security posture of our critical infrastructure in compliance with the latest industry standards. The successful Business Operations Security Analyst or Senior Analyst (BOSA) candidate will lead cybersecurity initiatives to protect the water utilities' Operational Technology (OT) and Information Technology (IT) environments ensuring resilient and secure water services.

They will balance the needs of cybersecurity against the production needs of a water utility. They will engage all levels of the business to identify risk and work with both business leadership and the Chief Information Security Officer (CISO) to design and execute on risk assessment, remediation, and the maturation of information protection processes that will support AW's compliance with industry, federal, and legal requirements as well as city security and privacy requirements.

This includes adhering to guidance from the American Water Works Association (AWWA).The role will report through the Aurora Water organization, with a line of responsibility to the CISO. The role will serve as a communicator, ensuring alignment and understanding between all parties to achieve optimal security outcomes. This role will closely coordinate with the Information Security Office's (ISO) Engagement team to evaluate and consult around information security and privacy risk.

Common Primary

Duties & Responsibilities Drive adoption of good information and system protection practices by building strong business relationships, understanding the business risk and needs, and collaborating with the business as a trusted subject matter expert (SME) to support inquiries and adopt innovative technologies

Coordinate with AW leadership and the CISO to develop metrics and reporting, as well as quarterly Customer Business Reviews (CBRs) to inform the business and ISO on program efficacy and effectiveness, as well as identify risks and solutions

Offer business strategies and processes to ensure security-by-design, regulatory compliance and requirements for confidentiality, availability and integrity are met Research, compile, and consistently present information on the cost and benefits of different risk mitigation approaches to enable management to make informed decisions

Partner with Risk & Compliance to assess new IT or OT software products, applications, and platforms for potential security risk and vulnerabilities

Ensure that new software purchases have Master Service Agreements {MSA) appropriate for the risk presented

Build a culture of cybersecurity through developing and delivery of cybersecurity training to staff

Support the development of comprehensive cybersecurity strategy aligned with AWWA guidelines, Water Infrastructure Act and NIST Standards Review Incident Response plans for the OT network and conduct regular exercises to ensure readiness.

Create and prioritize plans to restore SaaS systems quickly after an incident and ensure proper testing

Coordinate risk assessments and penetration testing of AW OT infrastructure and the AW IT technology portfolio, and report findings and recommendations for resolution Track risk findings and coordinate with the appropriate parties on remediation efforts for identified vulnerabilities, especially those that could impact critical operations

Inform the Security Operations and Risk & Compliance divisions on how best to deploy security tooling based around the production needs of the utility

Partner with the Security Operations and Risk & Compliance divisions of the ISO, OT Networking staff, and IT Networking staff to ensure security tooling is deployed, tuned,…