The URL can be used to link to this page

Home My WebLink AboutInformation Security AnalystUpdated: August 2025 (Admin Review) CITY OF IOWA CITY – JOB DESCRIPTION Position Title: Information Security Analyst Department: Finance Division: Information Technology Services Supervisor: Information Technology Services Coordinator FLSA: Exempt Civil Service: Yes Pay Grade: 27 Job Number: 2731 Job Summary Plan and carry out security measures to protect an organization’s computer networks and systems. Essential Job Duties and Responsibilities The following duties are normal for this position. These are not to be construed as exclusive or all-inclusive. Other duties may be required and assigned. • Updates and maintains cybersecurity related plans and policy, such as the Incident Response Plan, Continuity of Operations Plan and Interconnection Agreements. • Updates, maintains and audits backup and restoration plans and policies. • Updates, maintains and audits endpoint security solutions such as antivirus, antimalware, email pre-scanning, ﬁrewalls and multi factor authentication. • Audits, coordinates and tests Windows and third-party updates. • Coordinates with external security companies for pen testing, vulnerability scanning and internal staﬀ for mitigation. • Coordinates the design, testing and implementing secure operating systems and applications. • Coordinates incident response, digital forensics, loss prevention and eDiscovery actions. • Conducts risk and vulnerability assessment in the network, system and application level. • Maintains documentation, program listings, layouts and other records in support of system, modiﬁcation and problem resolving eﬀorts. • Coordinates change and conﬁguration management plan and policy. • Works with staﬀ from City oﬃces to collect, organize, update and maintain data in a least privilege environment. • Designs and maintains appropriate workﬂows. • Coordinates the needs of various departments and government agencies in educating, establishing, and enforcing security measures. • Conducts user needs assessments and implements eﬀective procedures and applications. • Estimates eﬀort required for assigned tasks. • Refers major hardware and software problems to vendor and/or service personnel for correction. Updated: August 2025 (Admin Review) • Reviews new technology and provides ideas and information on new technology and ways it can enhance the security infrastructure. • Participates in on-call rotation or may be required to work extended hours. • Conducts self in a professional manner which demonstrates courtesy and respect for all community members and coworkers. • Performs other related duties as assigned. Minimum Education, Experience, Certification/Licensure, Other • Bachelor’s degree from an accredited educational institution; or four years of related experience and/or equivalent combination of education and experience. Degree in Computer Science or Information Technology with emphasis on security. • Certiﬁcations such as SSCP, CCSP, CISSP, SANS or equivalent. Security+ certiﬁcation with ﬁrst six months of employment. CySA+ or CASP+ within 12 months of employment. Must pass criminal background check. Preferred Education, Experience, Certification/Licensure, Other • Bachelor’s degree from an accredited educational institution and one year of related experience; or ﬁve years of related experience and/or equivalent combination of education and experience. Knowledgeable of Cyber Kill Chain, Diamond Model of Intrusion Analysis, SIEM, IDS, anti-virus/anti-malware and ﬁrewall technologies, and understanding of networking and TCP/IP. Experience with Windows Server, Windows 10, Windows 7, and Linux. Knowledge, Skills, and Abilities • Ability to add, subtract, multiply, and divide in all units of measure, using whole numbers, common fractions, and decimals, ability to compute rate, ratio, and percent. • Ability to develop their own skills and those of others. • Ability to eﬀectively present information and respond to questions from groups of managers, clients, customers, and the general public. • Ability to exercise leadership skills and inﬂuence eﬀectively, ability to resolve impediments in a timely manner. • Ability to interpret a variety of instructions furnished in written, oral, diagram, or schedule form. • Ability to read, analyze, and interpret general business periodicals, professional journals, technical procedures, or governmental regulations. • Ability to reliably and predictably carry out duties. • Ability to solve practical problems and deal with a variety of concrete variables in situations where only limited standardization exists. • Ability to write reports, business correspondence, and procedure manuals. • Knowledge of analysis practices for role speciﬁc security functions, processes, and procedures as well as a foundation in the NIST Cyber Security Framework. • Skill in collaborating with other team members to ensure that security features meet business needs and not cripple user access. Updated: August 2025 (Admin Review) • Skill in negotiation and conﬂict resolution. • Skill in using computers and applicable software applications (Microsoft Oﬃce – Word, Excel, Outlook) • Skill in working in a team environment within minimal supervision; team oriented. Supervision No supervision of direct reports. Physical Demands The physical demands described here are representative of those that must be met by an employee to successfully perform the essential duties and responsibilities of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential duties and responsibilities. While performing the duties of this job, the employee is regularly required to talk or hear. The employee is frequently required to sit; use hands to finger, handle, or feel and reach with hands and arms. The employee is occasionally required to stand; walk and stoop, kneel, crouch, or crawl. The employee must occasionally lift and/or move 25 pounds. Specific vision abilities required by this job include close vision, distance vision, color vision, depth perception and ability to adjust focus. Work Environment The work environment characteristics described here are representative of those an employee encounters while performing the essential duties and responsibilities of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential duties and responsibilities. The noise level in the work environment is usually moderate. Duties are generally performed in an office setting with a controlled environment. While performing the duties of this job, the employee is occasionally exposed to risk of electrical shock and vibration. The job requires sitting for extended periods of time and the work may expose the employee to unpleasant social situations and significant work pace pressure. Iowa City is an Equal Opportunity Employer. In compliance with the Americans with Disabilities Act as Amended, the City will provide reasonable accommodations to qualified individuals with disabilities and encourages both prospective and current employees to discuss potential accommodations with the employer. Reviewed/Approved by: Nicole Davies, Finance Director (4/2024) Updated: August 2025 (Admin Review) I have read and understand the duties and requirements of this job description, and I agree that I can perform the duties of this position with or without reasonable accommodation. Employee Date ________________________________ __________________