Business Operations Security Analyst

About The Position

Requirements

• Bachelor's degree in Information Security, Cybersecurity, Information Technology, Computer Science, Public Administration, Business Administration, Legal Studies, or a related field; OR an equivalent combination of education, training, and experience that provides the required knowledge, skills, and abilities.
• 2+ years of experience supporting information security, privacy, data governance, risk management, legal compliance, or related functions.
• Experience with regulatory compliance or legal practice.

Nice To Haves

• Experience supporting public-sector or municipal organizations.
• Experience with Colorado Open Records Act (CORA) requests or eDiscovery processes.
• Experience using governance, risk, and compliance (GRC) platforms.
• Relevant professional certifications such as Security+, CISSP, CISM, CRISC, CIPP, CIPM, or similar credentials.
• Knowledge of information security, privacy, and technology risk management principles.
• Knowledge of legal and regulatory requirements related to cybersecurity, CORA, and eDiscovery.
• Understanding of data governance frameworks including data classification and lifecycle management.
• Knowledge of municipal legal systems and CAO operations.
• Knowledge of security-by-design concepts and secure architecture principles.
• Familiarity with Microsoft Purview and IT governance tools.
• Awareness of industry standards, legislation, and best practices.
• Skill in developing and delivering training and awareness programs.
• Skill in preparing business reviews, metrics dashboards, and performance reporting.
• Skill in technical writing, documentation, and report creation.
• Skill in stakeholder engagement and facilitating collaboration across departments.
• Skill in using governance, risk, and compliance platforms.
• Skill in conducting research and analyzing emerging technology risks.
• Ability to translate complex legal and technical requirements into business-friendly language.
• Ability to perform comprehensive security and privacy risk assessments.
• Ability to establish and maintain effective working relationships with internal departments, external agencies, business owners, and the public.
• Ability to work independently, exercise sound judgment, and adapt to evolving priorities and technologies.
• Ability to manage sensitive information with tact and discretion.
• Ability to support incident response activities and adapt to changing operational priorities.
• Ability to champion secure practices and drive organizational change.
• Ability to manage competing priorities effectively.

Responsibilities

• Evaluate and consult on security and privacy risks for departmental technology and business processes.
• Develop and maintain strong business relationships to support adoption of secure practices.
• Create and deliver security awareness training and educational content.
• Develop reporting, metrics, and quarterly business reviews in partnership with the City Attorney Office’s (CAO) leadership and the CISO.
• Coordinate and support responses to open records requests and eDiscovery holds involving information technology systems and records.
• Develop risk mitigation recommendations, security control requirements, and implementation strategies to address identified information security and privacy risks.
• Perform risk assessments on infrastructure, software, and business operations and track remediation activities.
• Collaborate with Security Operations, Program Management, Infrastructure, and Applications teams to support secure technology decisions.
• Translate legal and regulatory technical requirements into business language.
• Support deployment and governance of ISO platforms and co-manage the IT Risk Management platform.
• Conduct research on emerging technologies and evaluate associated risks.
• Evaluate CAO policies, systems, and processes for security and privacy compliance.
• Assist in emergency response and incident investigations.
• Support development of CAO technology strategies using security-by-design principles.
• Participate in data governance program development including data discovery, labeling, and controls.
• Perform other duties as assigned to support IT and ISO program maturation.
• Performs other duties as assigned.

Benefits

• Medical benefits
• Dental benefits
• Vision benefits
• Accrue paid time off
• 11 paid holidays
• Competitive total compensation package
• Well-Funded General Employees Retirement Plan
• On-site fitness center
• Employee well-being programs
• Internal educational programs to assist with career advancement
• Access to innovation workspaces
• Generous paid leave program
• 100% funded Employee and Family Care Leave Program
• Retirement pension plan and 457b plans available
• Subsidized recreation center pass
• Wellness programs