Overview
This position supports the activities required for Information Technology governance and cybersecurity on behalf of the City. The IT Compliance Analyst is responsible for researching and recommending sound practices as well as proposing enhancements to existing processes that strengthen the confidentiality, integrity and availability of IT systems and data; while fostering a culture of security awareness via promoting consistent practices related to IT compliance and cyber risk management for the city.
Examples of key responsibilities include, but are not limited to:
Researches and recommends sound IT compliance models or practices related to cybersecurity and IT governance
Develops documents related to IT security policies, procedures and standards adhering to the relevant legislation and industry sound practices
Supports the maintenance or enhancement of existing IT security policies, procedures and standards
Assists the planning and execution of assessments and reviews to identify improvement opportunities related to IT governance and cybersecurity for the City
Directs and evaluates the work of external consultants in performing IT risk or security audits/assessments as defined by statement of work
Prepares status reports on relevant audits/assessments for review by IT Management as needed
Liaises with City staff, senior management staff and occasionally external organizations related to cybersecurity and IT governance
Promotes a culture of security awareness which include conducting cybersecurity awareness training and phishing simulation exercises for City staff
Coordinates IT Security Steering Committee meetings and supports relevant action items
Supports the maintenance of the City’s IT security incident response plan, playbooks and relevant procedures
Coordinates security incident response and recovery activities with stakeholders on IT security breaches and cyber attacks
Assists with security event log monitoring, analyzing and reporting tasks
Knowledge, Skills & Abilities:
Understanding of IT governance and cybersecurity principles, frameworks and methodologies (e.g. NIST CSF, CIS Critical Security Controls, ISO27001, PCI-DSS and MITRE ATT&CK).
Ability to draft, customize, appraise and present written IT security policies, procedures and standards.
Strong organizational, team-building and people skills
Ability to work and navigate within a matrixed organization
Strong communication and leadership skills
Ability to understand the impact on new technologies on processes and adapt and apply changes to working environment
Knowledge of industry sound practices/procedures, regulations, and laws related to IT governance and cybersecurity
Demonstrated understanding of municipal environments
Strong computer skills, including word processing, spreadsheet, systems documentation, and other business software to prepare reports, memos, summaries, and analysis
Qualifications and Experience:
Bachelor's degree in computer science, information technology, information security or related field or an equivalent combination of education, training and experience
A minimum of 2 years of relevant work experience related to information technology governance and cybersecurity
Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA) or other relevant industry certifications preferred
Working Conditions:
This job is generally performed in an office environment.
