Information Security and Compliance Analyst

Summary

Assure information security and compliance with regulatory agencies. Using tools such as Tripwire, must be able to baseline systems and monitor system changes. Comprehend complex compliance requirements and provide assurance those are met. Analyze applications, networks, and systems for cyber security risk using a variety of tools. Apply security patches to both Windows and Linux operating systems. Script common information security tasks using tools such as Visual Basic, Power Shell, PERL, and Python. Demonstrates ongoing education of security of the City's functions, such as for Utilities, PCI, Public Safety, and HIPAA. Perform security breach simulations to test breach response plans and exercise IT and other City staff's ability to execute those response plans. Oversees the execution of external penetration tests and coordinates and participates in any necessary mediation. Oversees the execution of social engineering tests and coordinates and participates in any training and communication needed as a result of those tests.

Essential Functions

• Comprehend complex compliance requirements and provide assurance those are met
• Baseline systems and monitor system changes
• Analyze applications, networks, and systems for cyber security risk
• Create security breach response plans
• Perform security breach simulations

Qualifications

Completion of a bachelor degree in computer science, management information systems or a related field with an additional two years of experience in cyber security; or any combination of relevant education and experience which provides the following:

Job related security certification required. Examples SANS GSEC, CISSP, Security or Certified Ethical Hacker.

This position requires, in addition to any requirements of Human Resources (HR), and prior to a final job offer, per NERC CIP-004, the completion of a seven year criminal background check, identity verification (e.g. Social Security number verification), and the passing of a Personnel Risk Assessment (PRA). Continued employment in this position will require the NERC CIP-004 requirements to be satisfactorily completed every seven years from date of employment, and/or last PRA.

***No Class B Misdemeanor convictions within last 10 years***

***No Class A Misdemeanor, Felony Convictions or Family Violence Conviction***

Knowledge and Abilities

Knowledge of:

• NERC CIP standards and compliance
• HIPAA standards and compliance
• PCI standards and compliance
• CJIS standards and compliance
• Windows security and security tools
• Linux security and security tools
• Tripwire solution
• Juniper SRX
• VMWare
• Palo Alto
• IPv4 networks, routing, and security
• NSX micro segmentation

• Establish effective working relationships with City department personnel;
• Communicate effectively, orally and in writing; and to use analysis techniques to clearly identify the security and compliance requirement of various City organizations;
• Prioritize, plan, and organize tasks based upon security and compliance requirements;
• Work successfully in situations with minimal supervision and maximum scrutiny;
• Research and deploy new security technology and methodologies

• Frequently lift and carry up to 10 pounds;
• Frequently bend and kneel during shift;
• Frequently push and pull objects;
• Frequently flex upper trunk forward, at the waist, and partially at the knees
• Frequently rotate upper trunk to the right or left while sitting or standing;
• Place arms above, at, or below should height