Information Technology (IT) Security & Compliance Analyst

About The Position

Requirements

• Bachelor’s degree in computer science that focuses on IT Security and 1 of 2 entry level certifications or training (Security+, MTA Security Fundamentals, ISC2 CC); OR an equivalent combination of education, training and experience.
• 2 + years' experience in an IT technical role.
• 10 years’ experience in an IT security-related technical role may be substituted for no bachelor’s degree in computer science or equivalent IT security certifications (i.e., CISSP, CISA).
• Knowledge of IT best practices for IT policies, procedures, standards, and guidelines.
• Knowledge of IT Security and IT Compliance Standards to include Arizona Criminal Justice Information Systems, Health Insurance Portability and Accountability (HIPPA), Payment Card Industry (PCI-DSS), Internal Revenue Services - Safe Guards (IRS 1074), Personally Identifiable Information (PII), Federal Information Processing Standards (FIPS), and the Nation Institution of Standards and Technology (NIST).
• Knowledge of Software enterprise applications, various operating systems used within a large IT environment, including ERP System, Public Safety Systems, Asset / Fleet Management Systems, Legal – CMS, video, and proximity systems, etc.
• Knowledge of Information security standards, logging (SIEM, etc.), and methodologies with excellent knowledge of change management processes, patch management, security methods, security tools and current mobile technologies.
• Knowledge of Enterprise data backups and best practices.
• Knowledge of Business continuity planning and best practices.
• Knowledge of IT disaster recovery planning and best practices.
• Knowledge of Cyber incident planning and best practices.
• System hardening (i.e., firewall, security systems web, application, workstations, mobile devices, etc.), vulnerability assessments, security audits, intrusion detection / prevention and incident response.
• Researching problems that are difficult to identify or where facts may be insufficient and misleading.
• Handling sensitive or confidential information.
• Assessing customer support needs, and implementing effective solutions mitigating risks.
• Leadership, teamwork, presentation, and people management skills.
• Using initiative and independent judgment within established procedural guidelines with a focus on mitigating risks and protecting system data.
• Working in a group or independent in a technical environment with interlinked and changing priorities.
• Establishing and maintaining positive and cooperative working relationships with coworkers.
• Communicating effectively verbally and in writing.
• Ability to comprehend and execute complex written and oral instructions.
• Ability to communicate technical information to non-technical individuals.
• Good driving record.

Responsibilities

• Protects information technology's assets (i.e., hardware, software, data, etc.) by establishing and enforcing system access controls.
• Monitors and audits to ensure authorized access by investigating improper access; based on severity of issues immediately revoking access; reporting violations; recommending improvements.
• Monitors and analyzes IT systems for unusual behavior or breaches; Responds to security incidents and audits and reports status to management.
• Ensures network security devices and measures exist and function correctly.
• Performs periodic information security audits and risk assessments.
• Performs security monitoring, testing, prevention, and remediation activities across the network taking a proactive approach to mitigate district risks.
• Manages, develops, and coordinates the security awareness program with updates, provides all management, end-user security training, and on-going communication.
• Provides reports, audits and monitors internet usage compliance and reports violations of the Crane Elementary School District #13 policy.
• Works with Information Services personnel and vendors to analyze, audit, mitigate any risks and compile regular network and security reports to present to the Director of Technology & Information Security and Executive Leadership.
• Ensures compliance with various IT Compliance Standards - NIST, HIPPA, PCI-DSS, COPPA, FERPA etc.
• Creates compliance policies & procedures, cyber incident response plan & procedure documentation, and education for Cyber Security Standards.
• Maintains accurate and current compliance documentation mandated by the Arizona Auditor General regulatory standard(s) as directed by the Director of Technology & Information Security, the Director of Finance, and Executive Leadership.
• Develops, implements, evaluates, documents, evaluates, and modifies Information Technology (IT) Compliance controls (i.e., DLP, MDM, Encryption, etc.) for all Information Technology Resources.
• Works with Information Services Staff, Human Resources Staff, Finance Staff to ensure IT security compliance deliverables are met.
• Coordinates, schedules, and documents IT Disaster Recovery Exercises with Information Services, schools, and operations support departments.
• Works with Information Services, schools, and operations support departments on keeping their business continuity plans and work arounds up to date.
• Works with Information Services on creating, evaluating, and maintaining their IT Disaster Recovery Plan and recovery procedures up to date.
• Works with Information Services on creating, evaluating, and maintaining server data backups.
• Evaluates new technology, and assists in the selection of new technologies that affect district-wide technology security and compliance; assists with Request for Proposals (RFP) development, proposal evaluations, vendor negotiations and contract management.
• Assists in the short and long-term planning and implementation of information technology security technologies and applicable expansion solutions by providing the most efficient and cost-effective technology.
• Supports the relationship between the school district and the general public by demonstrating courteous and cooperative behavior when interacting with citizens, visitors, and district staff; promotes the district goals and priorities and complies with all district policies and procedures.
• Maintains absolute confidentiality of work-related issues and district information.
• Follows industry/company standards regarding safety policies and procedures.
• Maintains work areas, tools, and PPE in a clean, orderly, and safe manner.
• Uses information technology management tools to manage work orders and task requests.
• Performs other duties as required or assigned by Director of Technology & Information Security.
• Troubleshoots, communicates, and resolves IT security problems in a timely manner.
• Assists and performs routine scheduled and emergency nonscheduled software, firmware, and hardware updates and upgrades.
• Supports Information Services on-call staff afterhours with IT security incident management during the week, weekend, and holidays.