What are the responsibilities and job description for the Information Security Analyst position at Yuba County Water Agency (CA)?
JOB
Class ConceptClass specifications are intended to present a descriptive list of the range of duties performed by employees in the class. Specifications are not intended to reflect all duties performed within the job. DESCRIPTION: Under general direction of the Information Systems and Security Manager, the Information Security Analyst provides support for the Agency business technology and information system security needs associated with hardware, software, networking, compliance, and training. DISTINGUISHING CHARACTERISTICS: This is an exempt position that reports directly to the Information Systems and Security Manager. The Information Systems Security Analyst supports the Information Systems Manager to provide for and support the security design and analysis of business technology and operational technology hardware, software, and system maintenance procedures to meet the Agency’s security objectives. This position supports the Information Systems and Security Manager in selecting security controls that meet Agency security objectives and regulatory compliance standards. Work is performed within a broad framework of general policy and requires creativity and resourcefulness to accomplish goals and objectives and in applying concepts, plans and strategies in ways which may deviate from traditional methods and practices. All work is expected to be carried out in an ethical, accurate, secure, timely, and confidential manner. The incumbent must be familiar with current cybersecurity best practices, standards, and technologies. EXAMPLES OF ESSENTIAL DUTIES: The following duties are typical for this classification. Incumbents may not perform all the listed duties and/or may be required to perform additional or different duties from those set forth below to address business needs and changing business practices. Supports the Information Systems and Security Manager to plan and select security systems to monitor the Agency’s business technology and operational technology consistent with current industry cybersecurity practices and technologies.Analyzes data produced by agency security systems to look for security anomalies.Supports and plans the effective implementation of assigned projects, including system specification, equipment procurement, and coordination of staff and consultants.Assists Agency staff by providing input on and supporting cybersecurity objectives related to projects.Has a working knowledge of modern cybersecurity requirements, including the ability to support and maintain security based on industry regulatory requirements, such as NIST, and NERC CIP.Writes procedures and helps develop standards for best practices for cybersecurity, including cyber vulnerability assessments for Agency cyber assets.Assists in the development and implementation of procedures for business technology and information systems secure development, operation, and use.Provides recommendations to staff to harden Agency cyber assets according to business requirements and policy.Maintains organizational effectiveness and efficiency by supporting strategic plans for implementing information technologies.Safeguards Agency information assets by assisting in development of disaster recovery procedures.Assists the Information Systems Manager in performing internal security audits.Assists the Information Systems Manager in selecting and assisting competent and secure consultants to provide specialized technology support for Agency systems.Inspects systems for unauthorized activity and responds appropriately.Maintains system logs and records.In times of emergency, assists in troubleshooting any of the Agency’s business technology and information systems.Provides cybersecurity orientation and training to staff and contractors.Assists in maintaining current and accurate inventory of technology hardware, software, and other resources.Responsible for analyzing and developing recommendations of risk that considers the impact and likelihood of impairment or destruction of systems, and the cost effectiveness of countermeasures to enable executives and directors to make informed decisions for managing organizational-wide cybersecurity and privacy risks to people, processes and technology.Responsible for conducting a comprehensive assessment of implemented controls and control enhancements to determine the effectiveness of the controls (i.e., the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security and privacy requirements for systems and the organization).Provides an assessment of the severity of the deficiencies discovered in Agency systems, environment of operation, and common controls and can recommend corrective actions to address the identified vulnerabilities.Provides guidance for the procurement of information technology infrastructure to meet the NERC CIP requirements and to support the Agency’s cyber security goals.Implements methods and systems to capture events and evidence for CIP audits.Available for after hours, on-call support for critical systems, as necessary.Builds and maintains positive working relationships with co-workers, other Agency employees, government entities, contract providers and the public using principles of good customer service.Regular attendance and adherence to prescribed work scheduled to conduct job responsibilities.Performs related duties as required.KNOWLEDGE OF: Business technology and information systems security design best practices.Assess system security for information systems.Security auditing.Working knowledge of cybersecurity standards such as CIP, NIST, CIS, etc.Log and information analysis/SIEM.Troubleshooting and resolution/mitigation techniques.Operating systems.Vulnerability assessment.Communication and problem-solving techniques.Collaboration with multiple business departments and projects.Principles of business letter writing and technical documentation.Structure and content of the English language including the meaning and spelling of words, and rules of composition and grammar.Basic business arithmetic as it applies to the position.Pertinent laws, codes, and regulations as it applies to the position and the Agency.SKILLED IN: Maintaining sensitive and confidential information in the course of supporting Agency business technology and information systems.Excellent change management skills to minimize data loss during upgrades or troubleshooting; ideally be able to support testing in a test environment prior to release to Agency production network.Maximizing system visibility.Resolving problems and situations in the workplace.Drafting professional correspondence and letters, independently or from brief instructions.Organizing work, setting priorities, meeting critical deadlines, and following up assignments with a minimum of direction.Maintaining accurate records and files.Communicating clearly and concisely, both orally and in writing.ABILITY TO: Troubleshoot various business technology and information system security issues.Establish and maintain security based upon policies, procedures, and standards.Analyze cybersecurity needs and identify appropriate technology solutions.Maintain complete and accurate records and prepare clear and concise reports.Be detail-oriented and view discrepancies in designs or patterns.Communicate clearly and effectively, both orally and in writing, with an emphasis on team building and interpersonal relationshipsUse initiative and independent judgment within the appropriate management and supervision guidelines of the Information Systems Manager.Establish and maintain effective working relationships with those contacted in the course of work.PHYSICAL DEMANDS AND WORKING ENVIRONMENT: The conditions herein are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential job functions.ENVIRONMENT: Work is primarily performed in a standard office setting with some travel from site to site; exposure to noise, dirt, dust, traffic, electrical energy, and high voltage; may work irregular hours; work and/or walk on various types of surfaces including slippery or uneven surfaces and rough terrain; opportunity and requirements to interact with the general public and property owners, contractors, suppliers and state, federal, county and other public agencies. PHYSICAL: Primary functions require sufficient physical ability and mobility to work in an office setting and in a field environment; to stand or sit for prolonged periods of time; to occasionally stoop, bend, kneel, crouch, reach, and twist; walk on uneven terrain, loose soil, and sloped surfaces; to lift, carry, push, and/or pull light to moderate amounts of weight; to operate office equipment requiring repetitive hand movement and fine coordination including use of a computer keyboard; to travel to other locations; to operate equipment and vehicles; and to verbally communicate to exchange information. VISION: See in the normal visual range with or without correction.HEARING: Hear in the normal audio range with or without correction. MINIMUM QUALIFICATIONS: The minimum and preferred requirements are listed below. While the following requirements outline the minimum qualifications the Agency reserves the right to select applicants for further consideration who demonstrate the best qualifications match for the job. Meeting the minimum qualifications does not guarantee further participation in the selection process. EDUCATION: Equivalent to a Bachelor’s degree from an accredited college or university with major course work in computer science, information systems, or a closely related field; or 4 years equivalent combination of education and/or experience may be substituted for the listed qualifications. EXPERIENCE: Must have 4 years of related experience in computer science, information systems, information security, or closely related discipline. LICENSE or CERTIFICATE: Possession of, and ability to maintain, an appropriate, valid driver’s license. SPECIAL REQUIREMENT: This position is subject to call out at any time and must reside close enough to travel to the Colgate Powerhouse within one hour. POST OFFER/PRE-EMPLOYMENT PHYSICAL: Employment is subject to passing a physical examination, including a drug test, and a pre-employment background check.
Class ConceptClass specifications are intended to present a descriptive list of the range of duties performed by employees in the class. Specifications are not intended to reflect all duties performed within the job. DESCRIPTION: Under general direction of the Information Systems and Security Manager, the Information Security Analyst provides support for the Agency business technology and information system security needs associated with hardware, software, networking, compliance, and training. DISTINGUISHING CHARACTERISTICS: This is an exempt position that reports directly to the Information Systems and Security Manager. The Information Systems Security Analyst supports the Information Systems Manager to provide for and support the security design and analysis of business technology and operational technology hardware, software, and system maintenance procedures to meet the Agency’s security objectives. This position supports the Information Systems and Security Manager in selecting security controls that meet Agency security objectives and regulatory compliance standards. Work is performed within a broad framework of general policy and requires creativity and resourcefulness to accomplish goals and objectives and in applying concepts, plans and strategies in ways which may deviate from traditional methods and practices. All work is expected to be carried out in an ethical, accurate, secure, timely, and confidential manner. The incumbent must be familiar with current cybersecurity best practices, standards, and technologies. EXAMPLES OF ESSENTIAL DUTIES: The following duties are typical for this classification. Incumbents may not perform all the listed duties and/or may be required to perform additional or different duties from those set forth below to address business needs and changing business practices. Supports the Information Systems and Security Manager to plan and select security systems to monitor the Agency’s business technology and operational technology consistent with current industry cybersecurity practices and technologies.Analyzes data produced by agency security systems to look for security anomalies.Supports and plans the effective implementation of assigned projects, including system specification, equipment procurement, and coordination of staff and consultants.Assists Agency staff by providing input on and supporting cybersecurity objectives related to projects.Has a working knowledge of modern cybersecurity requirements, including the ability to support and maintain security based on industry regulatory requirements, such as NIST, and NERC CIP.Writes procedures and helps develop standards for best practices for cybersecurity, including cyber vulnerability assessments for Agency cyber assets.Assists in the development and implementation of procedures for business technology and information systems secure development, operation, and use.Provides recommendations to staff to harden Agency cyber assets according to business requirements and policy.Maintains organizational effectiveness and efficiency by supporting strategic plans for implementing information technologies.Safeguards Agency information assets by assisting in development of disaster recovery procedures.Assists the Information Systems Manager in performing internal security audits.Assists the Information Systems Manager in selecting and assisting competent and secure consultants to provide specialized technology support for Agency systems.Inspects systems for unauthorized activity and responds appropriately.Maintains system logs and records.In times of emergency, assists in troubleshooting any of the Agency’s business technology and information systems.Provides cybersecurity orientation and training to staff and contractors.Assists in maintaining current and accurate inventory of technology hardware, software, and other resources.Responsible for analyzing and developing recommendations of risk that considers the impact and likelihood of impairment or destruction of systems, and the cost effectiveness of countermeasures to enable executives and directors to make informed decisions for managing organizational-wide cybersecurity and privacy risks to people, processes and technology.Responsible for conducting a comprehensive assessment of implemented controls and control enhancements to determine the effectiveness of the controls (i.e., the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security and privacy requirements for systems and the organization).Provides an assessment of the severity of the deficiencies discovered in Agency systems, environment of operation, and common controls and can recommend corrective actions to address the identified vulnerabilities.Provides guidance for the procurement of information technology infrastructure to meet the NERC CIP requirements and to support the Agency’s cyber security goals.Implements methods and systems to capture events and evidence for CIP audits.Available for after hours, on-call support for critical systems, as necessary.Builds and maintains positive working relationships with co-workers, other Agency employees, government entities, contract providers and the public using principles of good customer service.Regular attendance and adherence to prescribed work scheduled to conduct job responsibilities.Performs related duties as required.KNOWLEDGE OF: Business technology and information systems security design best practices.Assess system security for information systems.Security auditing.Working knowledge of cybersecurity standards such as CIP, NIST, CIS, etc.Log and information analysis/SIEM.Troubleshooting and resolution/mitigation techniques.Operating systems.Vulnerability assessment.Communication and problem-solving techniques.Collaboration with multiple business departments and projects.Principles of business letter writing and technical documentation.Structure and content of the English language including the meaning and spelling of words, and rules of composition and grammar.Basic business arithmetic as it applies to the position.Pertinent laws, codes, and regulations as it applies to the position and the Agency.SKILLED IN: Maintaining sensitive and confidential information in the course of supporting Agency business technology and information systems.Excellent change management skills to minimize data loss during upgrades or troubleshooting; ideally be able to support testing in a test environment prior to release to Agency production network.Maximizing system visibility.Resolving problems and situations in the workplace.Drafting professional correspondence and letters, independently or from brief instructions.Organizing work, setting priorities, meeting critical deadlines, and following up assignments with a minimum of direction.Maintaining accurate records and files.Communicating clearly and concisely, both orally and in writing.ABILITY TO: Troubleshoot various business technology and information system security issues.Establish and maintain security based upon policies, procedures, and standards.Analyze cybersecurity needs and identify appropriate technology solutions.Maintain complete and accurate records and prepare clear and concise reports.Be detail-oriented and view discrepancies in designs or patterns.Communicate clearly and effectively, both orally and in writing, with an emphasis on team building and interpersonal relationshipsUse initiative and independent judgment within the appropriate management and supervision guidelines of the Information Systems Manager.Establish and maintain effective working relationships with those contacted in the course of work.PHYSICAL DEMANDS AND WORKING ENVIRONMENT: The conditions herein are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential job functions.ENVIRONMENT: Work is primarily performed in a standard office setting with some travel from site to site; exposure to noise, dirt, dust, traffic, electrical energy, and high voltage; may work irregular hours; work and/or walk on various types of surfaces including slippery or uneven surfaces and rough terrain; opportunity and requirements to interact with the general public and property owners, contractors, suppliers and state, federal, county and other public agencies. PHYSICAL: Primary functions require sufficient physical ability and mobility to work in an office setting and in a field environment; to stand or sit for prolonged periods of time; to occasionally stoop, bend, kneel, crouch, reach, and twist; walk on uneven terrain, loose soil, and sloped surfaces; to lift, carry, push, and/or pull light to moderate amounts of weight; to operate office equipment requiring repetitive hand movement and fine coordination including use of a computer keyboard; to travel to other locations; to operate equipment and vehicles; and to verbally communicate to exchange information. VISION: See in the normal visual range with or without correction.HEARING: Hear in the normal audio range with or without correction. MINIMUM QUALIFICATIONS: The minimum and preferred requirements are listed below. While the following requirements outline the minimum qualifications the Agency reserves the right to select applicants for further consideration who demonstrate the best qualifications match for the job. Meeting the minimum qualifications does not guarantee further participation in the selection process. EDUCATION: Equivalent to a Bachelor’s degree from an accredited college or university with major course work in computer science, information systems, or a closely related field; or 4 years equivalent combination of education and/or experience may be substituted for the listed qualifications. EXPERIENCE: Must have 4 years of related experience in computer science, information systems, information security, or closely related discipline. LICENSE or CERTIFICATE: Possession of, and ability to maintain, an appropriate, valid driver’s license. SPECIAL REQUIREMENT: This position is subject to call out at any time and must reside close enough to travel to the Colgate Powerhouse within one hour. POST OFFER/PRE-EMPLOYMENT PHYSICAL: Employment is subject to passing a physical examination, including a drug test, and a pre-employment background check.