Loading...
HomeMy WebLinkAboutInformation Security AnalystCITY OF IOWA CITY - Job Description Job Class #26-15 FLSA Exempt Civil Service Identification Position Title: Information Security Analyst Department: Finance Division: Information Technology Services Supervisor: ITS Coordinator Job Summary Plan and carry out security measures to protect an organization’s computer networks and systems. Job Scope No direct supervision. No budget responsibilities. Essential Job Duties and Responsibilities Updates and maintains cybersecurity related plans and policy, such as the Incident Response Plan, Continuity of Operations Plan and Interconnection Agreements. Updates, maintains and audits backup and restoration plans and policies. Updates, maintains and audits endpoint security solutions such as antivirus, antimalware, email pre- scanning, firewalls and multi factor authentication. Audits, coordinates and tests Windows and third-party updates. Coordinates with external security companies for pen testing, vulnerability scanning and internal staff for mitigation. Coordinates the design, testing and implementing secure operating systems and applications. Coordinates incident response, digital forensics, loss prevention and eDiscovery actions. Conducts risk and vulnerability assessment in the network, system and application level. Maintains documentation, program listings, layouts and other records in support of system, modification and problem resolving efforts. Coordinates change and configuration management plan and policy. Works with staff from City offices to collect, organize, update and maintain data in a least privilege environment. Designs and maintains appropriate workflows. Job Class #26-15 Information Technology Services Page 2 Updated 10/26/2021 Coordinates the needs of various departments and government agencies in establishing and enforcing security measures. Conducts user needs assessments and implements effective procedures and applications. Promotes security educational programs. Assists governmental agency users with issues relating to the City’s security plans and polices. Provides technical support on implemented security measures. Estimates effort required for assigned tasks. Refers major hardware and software problems to vendor and/or service personnel for correction. Acquire and maintain security certification such as CySA+ or CASP+ every two years. Maintains communication and follow-up on resolutions. Reviews new technology and provides ideas and information on new technology and ways it can enhance the security infrastructure. Participates in on-call rotation or may be required to work extended hours. Conducts self in a manner which promotes and supports diversity and inclusivity in the workplace and community. Performs other related duties as assigned. Physical and Environmental Conditions The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. Lift, push, pull, and/or carry up to 50 pounds, Sit, stand, walk, climb, balance, stoop, kneel, crouch, crawl, squat, bend, twist and reach. Have sufficient personal mobility to complete field work at various city facilities and other locations. Specific vision abilities include close vision and ability to adjust focus. The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. While performing the duties of this job, the employee is occasionally exposed to outdoor weather conditions, risk of electrical shock and vibration. The noise level in the work environment is usually moderate. Minimum Education, Experience and Certification Associate degree in Computer Science with a focus on security from an educational institution Job Class #26-15 Information Technology Services Page 3 Updated 10/26/2021 accredited by a DOE recognized accreditation body required. System-specific technical certifications such as SSCP, CCSP, CISSP, SANS and two years’ experience in an information security role may be considered a substitution for an Associate degree. Candidate will be required to obtain Security+ certification during first six months of employment and CySA+ or CASP+ within 12 months of employment. Must pass criminal background check. Preferred Education, Experience and Certification Bachelor's degree in Information Technology or Computer Science from an educational institution accredited by a DOE recognized accreditation body and 4 years in an information security role preferred. Knowledgeable of Cyber Kill Chain and Diamond Model of Intrusion Analysis preferred. Knowledge of SIEM, IDS, anti-virus/anti-malware and firewall technologies preferred. Understanding of networking and TCP/IP preferred. Experience with a wide variety of operating systems such as Windows Server, Windows 10, Windows 7, Linux etc. preferred. Ability to troubleshoot technical and security related issues preferred. Experience working in a rapidly changing, high intensity environment preferred. Avid, proactive learner and ability to work well in a team based environment preferred. Strong interpersonal and writing skills preferred. Knowledge, Skills and Abilities Capable of collaborating with other team members to ensure that security features meet business needs and not cripple user access. Skilled in interpersonal communications, negotiation, and conflict resolution. Proven experience working in a team environment within minimal supervision; team oriented. Proven leadership skills and experience, influence effectively, ability to resolve impediments in a timely manner. Eager to develop their own skills and those of others. Knowledge of analysis practices for role specific security functions, processes, and procedures as well as a foundation in the NIST Cyber Security Framework The above statements are intended to describe the general nature and level of work being performed by individuals assigned to this job. They are not intended to be an exhaustive list of all responsibilities, duties, and skills required of personnel so classified in this position.