Compliance Analyst

About The Position

Requirements

• Bachelor’s Degree or equivalent experience
• Five (5) years of experience performing security operations, compliance, risk, legal, or technical audit duties with any of the following: NIST SP800 Series, CJIS Security Policy, or comparable frameworks, standards, or laws.
• Applied experience that shows knowledge of cybersecurity controls, policies, and procedures
• Strong understanding of technical processes, tools, guidelines, and benchmarks
• A high level of attention to detail, communication, presentation, and customer service skills
• Ability to prioritize
• Establish and maintain effective working relationships with IT and the business
• Handle sensitive situations with tact and diplomacy
• Communicate effectively both verbally and in writing
• Establish and fulfill goals and objectives
• Must maintain residency within the State of Colorado.

Nice To Haves

• Security, privacy, or industry certification such as Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), Certified Risk and Information Systems Control (CRISC), Certified Information Privacy Management (CIPM), Certified Information Privacy Technologist (CIPT), or comparable is strongly preferred.
• Experience with security control systems, such as SIEM, EDR, scanning tools, vulnerability tools, etc.
• Experience with metrics/reporting, audit management, or third-party risk management is preferred.
• Experience with CJIS Security Policy, legal, and regulatory compliance practices

Responsibilities

• Manage and develop the enterprise information and technology compliance program, including managing the associated control catalog, control mapping, and research.
• Develop position papers for the CISO on new and existing compliance requirements, perform business compliance analysis, document noncompliance and associated treatment plans, and provide reporting/metrics.
• Lead the end-to-end health and maturity of the CJIS compliance program across the city’s 11 agencies.
• Perform the biennial CBI certification audit response, including reviewing and documenting CJIS-governed technologies and business processes for compliance, and creating gap and treatment reports.
• Maintain CBI training certificates for IT and develop training as needed.
• Provide expertise and consultation to the Security Operations team and the IT Department during the evaluation and configuration of security controls, processes, and products.
• Represent the ISO at various industry-related task forces and governing body meetings.
• Support the Security Operations, IT, and business process owners during response to ensure noncompliance is identified and a treatment plan is developed.
• Advise the CISO on possible compliance violations and reporting requirements, and document treatment plans.
• Work with Security Operations and Business Engagement to identify risk to technology and data, perform assessments, document risk, and develop treatment plan recommendations.
• Manage the maintenance of CJIS artifacts throughout the year, ensuring responsive evidence is current and readily available for audit.
• Support the CISO in the development of the annual audit and assessment plan and track the resolution of findings.
• Reshape the change and configuration management program for the city’s technical infrastructure.
• Develop and enforce compliance with change management standards of practice and configuration baseline development and deviation.
• Run the Change Advisory Board (CAB) meetings, ensuring requests for change are vetted and compliant with ISO standards of practice (SOP).
• Monitor and alert for non-compliant changes and program violations, and provide coaching and guidance to staff.
• As Special Projects lead, identify, document, and address control-specific IT and ISO risk gaps, oversee their treatment, and perform after-action reviews.
• Keep current on industry regulations applicable to the city’s CJIS governance program, as well as federal and state laws regarding personal and criminal information.
• Develop metrics and reporting for program measurement and presentation to leadership.
• Provide input and expertise in the development of policy and standards of practice.

Benefits

• Medical, Dental, and Vision benefits
• Accrue paid time off
• 11 paid holidays
• Competitive total compensation package
• Well-Funded General Employees Retirement Plan
• On-site fitness center and overall employee well-being programs
• Internal educational programs to assist with career advancement
• Access to innovation workspaces
• Rewarding public sector work impacting a large and diverse community
• Growing city and employee population
• Rich benefits package with low employee costs
• Generous paid leave program
• 100% funded Employee and Family Care Leave Program
• Retirement pension plan and 457b plans available
• Subsidized recreation center pass, on-site fitness centers and wellness programs
• Continued education and career advancement opportunities