Information Security and Compliance Analyst

Summary:

Assure information security and compliance with regulatory agencies. Using tools such as Tripwire, must be able to baseline systems and monitor system changes. Comprehend complex compliance requirements and provide assurance those are met. Analyze applications, networks, and systems for cybersecurity risk using a variety of tools. Apply security patches to both Windows and Linux operating systems. Script common information security tasks using tools such as Visual Basic, Power Shell, PERL, and Python.

Demonstrates ongoing education on the security of the City's functions, including Utilities, PCI, Public Safety, and HIPAA. Perform security breach simulations to test breach response plans and exercise IT and other City staff's ability to execute those response plans. Oversees the execution of external penetration tests and coordinates and participates in any necessary mediation. Oversees the execution of social engineering tests and coordinates and participates in any training and communication needed as a result of those tests.

• Comprehend complex compliance requirements and assure that they are met
• Baseline systems and monitor system changes
• Analyze applications, networks, and systems for cybersecurity risk
• Create security breach response plans
  
  Perform security breach simulations

Completion of a bachelor's degree in computer science, management information systems, or a related field with an additional two years of experience in cyber security; or any combination of relevant education and experience which provides the following:

Job-related security certification required. Examples: SANS GSEC, CISSP, Security+, or Certified Ethical Hacker.

This position requires, in addition to any requirements of Human Resources (HR), that a final job offer be contingent upon the completion of a seven-year criminal background check, identity verification (e.g., Social Security number verification), and passing a Personnel Risk Assessment (PRA) before commencement. Continued employment in this position will require the NERC CIP-004 requirements to be satisfactorily completed every seven years from date of employment, and/or last PRA.

*** No Class B Misdemeanor convictions within last 10 years***

*** No Class A Misdemeanor, Felony Convictions or Family Violence Conviction***

Knowledge of:

• NERC CIP standards and compliance
• HIPAA standards and compliance
• PCI standards and compliance
• CJIS standards and compliance
• Windows security and security tools
• Linux security and security tools
• Tripwire solution
• Juniper SRX
• VMWare
• Palo Alto
• IPv4 networks, routing, and security
• NSX micro segmentation

Ability to:

• Establish effective working relationships with City department personnel;
• Communicate effectively, orally and in writing; and to use analysis techniques to clearly identify the security and compliance requirements of various City organizations;
• Prioritize, plan, and organize tasks based upon security and compliance requirements;
• Work successfully in situations with minimal supervision and maximum scrutiny;
• Research and deploy new security technology and methodologies.

• Frequently lift and carry up to 10 pounds;
• Frequently bend and kneel during shift;
• Frequently push and pull objects;
• Frequently flex upper trunk forward, at the waist, and partially at the knees;
• Frequently rotate upper trunk to the right or left while sitting or standing;
• Place arms above, at, or below the height.