Business Operations Security Analyst. Aurora Lilylifestyle

Business Operations Security Analyst – Aurora, CO

Summary:

The Information Security Office (ISO) seeks a professional with expertise in information security, technology risk assessment, technology audit, or legal experience to join the Engagement team. Business Operations Security Analysts work within the ISO and are embedded in city departments to evaluate and consult on information security and privacy risk associated with business drivers and technology. The analyst will engage all levels of the business to identify risk, work directly with business leadership and the CISO to design and execute remediation projects, and build processes that support compliance with industry, legal, policy, security, and privacy requirements.

• Build the foundation for the ISO’s Engagement division and drive adoption of security hygiene practices.
• Develop and deliver training materials and education programs for business, industry, and community stakeholders.
• Create metrics, reporting, and quarterly Customer Business Reviews to inform program efficacy and risks.
• Manage open‑record and eDiscovery hold requests for the IT department, coordinating with the City Attorney and stakeholders.
• Collaborate with the CISO, Risk & Compliance, and other security teams in developing business strategies and roadmaps, forecasting implementation costs, TCO, ROI and effort.
• Perform security and privacy risk assessments of CAO infrastructure, reporting findings and recommendations.
• Serve as subject‑matter expert during internal and external audits, ensuring audit requests are fulfilled and findings addressed.
• Engage cross‑department teams to resolve issues, champion business change, and ensure security hygiene is foundational to all initiatives.
• Translate legal and regulatory technical requirements into business‑friendly language.
• Ensure ISO platforms are deployed, tuned, and effective for governance requirements.
• Conduct ongoing research to identify new technology and prepare the ISO to secure those technologies.
• Respond to emergencies and incidents, participate in investigations and remediation efforts.
• Maintain up‑to‑date knowledge of legislation, industry standards, and best practices.

• Education:
  
  Bachelor’s degree or equivalent combination of education and at least four years of directly related experience.
• Required
  
  Experience and Skills:
  • Extensive background in information security.
  • Experience in regulatory compliance or legal practice.
  • Self‑starter and lifelong learner.
  • Critical thinker who sees security as an enabler of business.
  • Strong interpersonal, communication, conflict resolution, and documentation skills.
  • Excellent analytical, problem‑solving, and decision‑making abilities.
• Preferred
  
  Experience and Skills:
  • Previous work performing security for a law firm or legal organization.
  • Experience with Microsoft Purview and eDiscovery.
  • Risk assessment experience.
  • Knowledge of cloud‑based technology.
  • Experience in IT audit and technical writing/reporting.
  • Relevant security certifications such as CISSP, CISA, Security+, or comparable.
  • Relevant privacy or legal certifications or comparable education.

• Work flexibility: on‑site, hybrid, or telework options.
• Competitive total compensation package.
• Well‑funded General Employees Retirement Plan.
• Convenient location near light rail station.
• On‑site fitness center and employee well‑being programs.
• Internal educational programs for career advancement.