Über
Role Overview:
We are seeking a highly experienced Senior Information Security Analyst to lead the development and maturation of the City's information security program. In this role, you will be the primary engine. driving the protection of the City's critical systems, sensitive data, and technology infrastructure. Working closely with IT, Legal, and departmental stakeholders, you will ensure the confidentiality, integrity, and availability of our systems while shaping a resilient, compliance-driven security posture.
Key Responsibilities:
Risk Management & Compliance
Conduct targeted and ad-hoc risk assessments and vulnerability scans across systems, applications, and networks. Recommend and implement necessary mitigation. Set up and manage a framework for conducting an annual technology Risk and Control Self-Assessment (RCSA) to systematically identify and mitigate operational risks. Conduct SOC (System and Organizational Controls) testing and audits focused on data security and operational integrity. Participate in broader compliance audits and track Plan of Action and Milestones (POA&M) remediation. Draft, implement, and maintain Information Security policies, procedures, and standards in alignment with federal regulations (e.g., FISMA, NIST, FedRAMP). Security Operations & Incident Response
Monitor, analyze, and respond to security events and incidents across all enterprise systems. Lead incident response activities, including the investigation of cybersecurity breaches, remediation, and containment. Support, configure, and maintain core security tools including SIEM, IDS/IPS, Data Loss Prevention (DLP), firewalls, and endpoint protection systems. Serve as the primary point of contact for threat intelligence, monitoring emerging cybersecurity trends and adapting mitigation strategies accordingly. Program Strategy & Leadership
Establish and maintain the City's risk taxonomy, risk register, and control inventory. Deliver security awareness training to City employees and stakeholders to cultivate a proactive, security-first mindset. Core Deliverables Expected
An IT risk taxonomy leveraging risk domains sourced from the NIST RMF framework. A comprehensive, ongoing IT risk register covering all City departments. Formalized methodologies for Application and Infrastructure risk assessments, including SOC testing and RCSA processes. A documented, repeatable process for threat intelligence gathering and cross-departmental collaboration. Requirements
Qualifications & Experience
:
8-10 years
of progressive, hands-on experience in information security, risk management, or IT security operations. Prior experience working within
government environments
is highly preferred. Technical Skills
:
Deep expertise with SIEMs, IDS/IPS, firewalls, endpoint protection, and vulnerability management platforms. Familiarity with securing cloud environments (AWS, Azure, GovCloud). Strong understanding of Zero Trust architecture principles. Deep working knowledge of major security frameworks, specifically NIST Cybersecurity Framework 2.0, NIST RMF, ISO 27001, and CIS Controls. Soft Skills
:
Exceptional analytical and problem-solving abilities. Strong written communication skills, with the ability to translate complex technical risks into clear policies and actionable advice for city leadership and non-technical stakeholders.
Sprachkenntnisse
- English
Hinweis für Nutzer
Dieses Stellenangebot stammt von einer Partnerplattform von TieTalent. Klicken Sie auf „Jetzt Bewerben“, um Ihre Bewerbung direkt auf deren Website einzureichen.