Security Administrator

Job Description

The Information Security Group is seeking a GRC Professional with experience in risk management, incident response, and policy/procedure development to join our team. The GRC Professional will be responsible for assisting with the development and implementation of an updated cybersecurity program. The professional will work with the City’s security team to ensure existing City policies are enforced throughout the organization and identify areas where new policies are needed. The GRC Professional will also work with the owners of OT and IT services to identify and communicate risk and develop mitigation strategies for these risks. Additionally, the GRC Professional will be responsible for maintaining and supporting the City's GRC system. The ideal candidate will have a background in cybersecurity that includes technical skills as well as experience with developing policies and procedures.

Essential Functions

• Assist in conducting risk assessments and identifying potential areas of compliance vulnerability.
• Support the development and implementation of policies and procedures to ensure compliance with regulatory requirements.
• Participate in internal audits and prepare reports on findings and recommendations.
• Monitor and analyze compliance data to identify trends and areas for improvement.
• Assist in the development and delivery of compliance training programs.
• Collaborate with various departments to ensure compliance with internal policies and external regulations.
• Maintain up-to-date knowledge of industry regulations and best practices.

Qualifications

• Education:
  • Preferred: Bachelor's degree in a related field such as Computer Science, Information Security, Business Administration, or a similar discipline.
  • Working towards relevant industry certifications, if not already certified, such as Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), Certified Information Security Manager (CISM), CompTIA Security+ or Certified Information Systems Security Professional (CISSP).
• Experience:
  • Internship or coursework related to information security, risk management, or compliance is preferred.
  • Basic understanding of regulatory frameworks such as NIST, ISO 27001, HIPAA, or GDPR.

Skills and Competencies:

• Strong analytical and problem-solving skills.
• Excellent written and verbal communication skills.
• Ability to work independently and as part of a team.
• Detail-oriented with strong organizational skills.
• Proficiency in Microsoft Office Suite (Word, Excel, PowerPoint).
• Familiarity with GRC tools and software is a plus.

Additional Information:

• Employment is contingent upon passing a background check.
• The candidate must be willing to continuously update their knowledge and skills in the field of GRC.