IT Security & Compliance Analyst

Are you looking to join a team that values Professionalism, Accountability, Integrity, and Responsiveness? Do you want to be a part of a strong team dedicated to serving our community, building relationships, and creating opportunities? Then this might be the opportunity for you! We are looking for someone to join Team Yuma as an IT Security & Compliance Analyst with the Department of Information Technology. This ideal candidate will develop policies & plans, implement and carry out cybersecurity measures to protect the confidentiality, integrity, and availability of the City's enterprise IT systems. Under basic supervision, this job classification oversees, coordinate and enforces Information Security efforts and protocols for the organization; installing, configuring, and monitoring security systems and alerts; and participates in the analysis and evaluation of enterprise information security, as well as ensures the City of Yuma's compliance with various Compliance Regulations. Takes on security-oriented responsibilities by implementing formal methodologies, educating, promoting and enforcing approved security policies, procedures, guidelines and standards and provides technical leadership of security and governance initiatives on behalf of City-wide interests.

ESSENTIAL FUNCTIONS

-- Essential functions, as defined under the Americans with Disabilities Act, may include any of the following representative duties, knowledge, and skills. This is not a comprehensive listing of all functions and duties performed by incumbents of this class; employees may be assigned duties which are not listed below; reasonable accommodations will be made as required. The job description does not constitute an employment agreement and is subject to change at any time by the employer. Essential duties and responsibilities may include, but are not limited to, the following: Protects information technology's (IT) assets (i.e., hardware, software, data, etc.) by establishing and enforcing system access controls. Monitor and audit to ensure authorized access by investigating improper access; based on severity of issues immediately revoking access; reporting violations; recommending improvements. Monitor and analyze IT systems for unusual behavior or breaches; Respond to security incidents and audits and report status to management. Ensure network security devices and measures exist and function correctly. Performs periodic information security audits and risk assessments. Performs security monitoring, testing, prevention and remediation activities across the network taking a proactive approach to mitigate City risks. Manage, develop, and coordinate security awareness program with updates, provide all management, end-user security training, and on-going communication. Provide reports, audit and monitors internet usage compliance and reports violations of City policy. Working with networking personnel to analyze, audit, mitigate any risks and compile regular network and security reports to present to the Assistant IT Director and/or Chief Information Officer as requested. Ensure compliance with various IT Compliance Standards - NIST, HIPPA, PCI-DSS, IRS 1074, FIPS, CJIS etc. Creates compliance procedures, documentation and education for Cyber Security Standards. Maintains accurate and current compliance documentation for mandated regulatory Standard(s) as directed by all the IT Management, Administrators and Senior City Management. Develops, implement, tests, documents, evaluates, and modifies IT Compliance controls (i.e., DLP, MDM, Encryption, etc.) for all IT Resources. Collaborates with IT management, IT Network Engineer and Administrators, and other stakeholders to ensure IT Security and Compliance deliverables are met. Evaluates new technology and assists in the selection of new technologies that affect city-wide technology security and compliance; assists with Request for Proposals (RFP) development, proposal evaluations, vendor negotiations and contract management. Supports the relationship between the City and the general public by demonstrating courteous and cooperative behavior when interacting with citizens, visitors, and City staff; promotes the City goals and priorities and complies with all City policies and procedures. Maintains absolute confidentiality of work-related issues and City information; performs other duties as required or assigned.

MINIMUM QUALIFICATIONS

Education, Training and Experience Guidelines:

Bachelor's degree in Computer Science or equivalent IT security certifications (i.e. CISSP, CISA, Security+); AND three + years' experience in IT security or a related technical role; OR an equivalent combination of education, training and experience.

Knowledge of:

IT best practices for IT policies, procedures, standards and guidelines. IT Security and IT Compliance Standards to include Arizona Criminal Justice Information Systems, Health Insurance Portability and Accountability (HIPPA), Payment Card Industry (PCI-DSS), Internal Revenue Services - Safe Guards (IRS 1074), Personally Identifiable Information (PII), Federal Information Processing Standards (FIPS), and the Nation Institution of Standards and Technology (NIST). Software enterprise applications, various operating systems used within a large IT environment, including ERP System, Public Safety Systems, Asset / Fleet Management Systems, Legal - CMS, video and proximity systems, etc. Information security standards, logging (SIEM, etc.), and methodologies with excellent knowledge of change management processes, patch management, security methods, security tools and current mobile technologies.

Skill in:

System hardening (i.e., firewall, web, application, workstations, mobile devices, etc.), vulnerability assessments, security audits, intrusion detection / prevention and incident response. Researching problems that are difficult to identify or where facts may be insufficient and misleading. Handling sensitive or confidential information. Assessing customer support needs and implementing effective solutions mitigating risks. Leadership, teamwork, presentation and people management skills. Using initiative and independent judgment within established procedural guidelines with a focus on mitigating risks and protecting system data. Working independently in a technical environment with interlinked and changing priorities. Establishing and maintaining positive and cooperative working relationships with co-workers. Communicating effectively verbally and in writing.

LICENSE AND CERTIFICATION REQUIREMENTS A

valid Arizona State Driver's License is required. Terminal Operator Certification (Level-D) for access to Arizona Criminal Justice Information System (ACJIS) is required within six months of hire. A Certified Information Systems Security Professional (CISSP) certification, Microsoft (MCTS, MCSE), Cisco (CCNA, CCSP), CompTIA (Security +, CASP) and other professional IT certifications are highly desirable. This position may require participation in an advanced background investigation through the City of Yuma Police Department.

PHYSICAL DEMANDS AND WORKING ENVIRONMENT

Work is performed in a standard office environment; is required to lift objects, bend, stoop, crawl, and navigate tight spaces; requires use of hands; requires vision capacity at close range and ability to differentiate between colors.