Cyber Security Analyst

Position Information

Under general direction, plans, organizes, and implements, and directs Citywide information systems security related operations and activities. Operational areas include, but are not limited to, security awareness, risk assessment and mitigation, compliance monitoring, and disaster recovery; plans, develops and implements security related policies and procedures; coordinates activities and fosters cooperative working relationships among City departments, officials, outside agencies, the public, and private groups; advises City management staff in areas of responsibility; and performs related duties as assigned.

Supervision Received and Exercised
Receives general direction from assigned supervisory or management personnel. Exercises technical and functional direction over and provides training to lower-level staff on a project basis. Supervise, train and evaluate the performance of subordinate staff.
This classification is responsible for serving as a subject matter expert and for performing complex work related to the management of the City’s cybersecurity operations and activities. Incumbents regularly work on tasks which are varied and complex, requiring considerable discretion and independent judgement. Positions in the classification rely on experience and judgement to perform assigned duties. Assignments are given with general guidelines and incumbents are responsible for establishing objectives, timelines, and methods to deliver services. Work is typically reviewed upon completion for soundness, appropriateness and conformity to policy and requirements.

Job Description

Typical functions may include any of the following tasks, knowledge, abilities, and other characteristics. The list that follows is not intended as a comprehensive list; it is intended to provide a representative summary of the major duties and responsibilities. Incumbent(s) may not be required to perform all duties listed, and may be required to perform additional, position-specific tasks.

• Plans, develops, and implements a Citywide information systems security program which includes, but is not limited to, security awareness, risk assessment and mitigation, compliance monitoring, disaster recovery, and related staff training and exercises.
• Provides project management and complex operational support to Citywide information systems security systems, recommends solutions, and serves as a liaison between departmental users, information systems staff, and third-party vendors.
• Advises City staff and departments in the review of security policies, computer operations, server infrastructure, logical access controls, and network and data communication systems security; recommends the use of information systems and network security solutions and tools.
• Acts as the central point of contact for information systems related security incidents or violations; assists City departments in the investigation of security threats, incidents, or violations.
• Plans, coordinates, and participates in conducting security risk assessments and business impact analyses of City department processes and information systems infrastructure and systems to identify and address threats and vulnerabilities; facilitates the development of effective disaster recovery and business continuity plans.
• Development and implementation of policies and procedures designed to mitigate the City's exposure to cybersecurity threats; conducts research to identify best management practices in cybersecurity program management; modifies and updates policies according to regulatory requirements and best practices.
• Evaluates and ensures the installation, management, operation, and maintenance of information systems infrastructure, systems, and support environments adhere to cybersecurity policy and guidelines; troubleshoots and resolves security-related issues.
• Develops, promotes, and presents Citywide appropriate computer use and cybersecurity training and education to all levels of the City organization structure on an ongoing basis; tests City employee understanding of phishing by sending out phishing emails and monitoring employee actions.
• Leads security research, development, and installation projects; conducts an extensive review of processes, regulatory changes, or business requirements with user focus groups; identifies options to develop new or modify existing applications and databases to respond to these needs; analyzes work processes and flows and creates technical documentation; identifies need for integration of technology infrastructure or systems and creates specifications for same; ensures adherence to Citywide information systems policies, procedures, protocols, and standards.
• Collaborates with and coordinates the City information systems security program with state and federal agencies.
• Plans, prioritizes, assigns, supervises, reviews, and participates in the work of information systems staff.
• Development and implementation of information systems goals, objectives, policies, and priorities; monitors work activities to ensure compliance with established policies and procedures; makes recommendations for changes and improvements to existing standards and procedures.
• Participates in the preparation and administration of assigned program and project budgets; submits budget recommendations; coordinate vendor activities, write and evaluate proposals, and negotiate contracts for information systems related equipment and services; monitors expenditures.
• Continuously monitors and evaluates the efficiency and effectiveness of service delivery methods and procedures; assesses and monitors the distribution of work, support systems, and internal reporting relationships; identifies and recommends opportunities for improvement; implements approved changes.
• Writes and maintains comprehensive technical documentation including workflow diagrams, design specifications, and City information systems policies and procedures; maintains systems certification, authorization documentation, and related documents.
• Attends and participates in professional group meetings; stays abreast of new trends and innovations in the field of information systems security.
• Performs related duties as assigned.

Qualifications

• Advanced information systems security management theory, principles, and practices and their application to a wide variety of services and programs.
• Principles and practices of securing cloud-hosted systems and applications
• Endpoint detection and response (EDR) platform deployment, monitoring, and management,
• Principles and practices of information systems and functions, including firewalls; general networking and security testing protocols.
• Advanced principles and practices of system design, development, analysis, testing and security administration; advanced methods and techniques of evaluating information security requirements and developing security solutions for City systems, NIST framework and CIS benchmarks.
• Advanced methods and techniques of developing data security, integrity, compliance requirements for HIPAA, PCI DSS, CJIS
• Backup and recovery processes
• Industry best practices of information systems security management and control.
• Operational characteristics, services, and activities of information security programs and requirements.
• Methods and techniques of developing technology security related training programs and educational materials.
• Methods and techniques of identifying and assessing security threats and violations and developing response and mitigation strategies.
• Principles and practices of project management.
• Operational relationships between information systems security program, application development, database management, and components of technology infrastructure such as server and network systems.
• Principles, frameworks, and methods used in the analysis and development of information security systems and policies and procedures.
• Principles of disaster recovery and business continuity planning.
• Principles and practices of developing and maintaining technical documentation, files, and records.
• Principles and practices of leadership.
• Principles and techniques for working with groups and fostering effective team interaction to ensure teamwork is conducted smoothly.
• Applicable federal, state, and local laws, codes, and ordinances relevant to the area(s) of responsibility.

Ability To:

• Plan, manage, direct, and oversee an enterprise-wide information security vision, strategy, and program to ensure information assets and resources and appropriately protected.
• Conduct risk assessments of City information systems infrastructure, systems, and devices and make recommendations on needed changes.
• Develop and implement security related goals, objectives, policies, and procedures.
• Establish an environment which promotes the criticality of technology system security.
• Serve as a technical advisor to departments on security matters.
• Respond to and investigate, security threats, incidents, and violations.
• Assist in developing and implementing goals, objectives, practices, policies, procedures, and work standards.
• Evaluate and recommend improvements in operations, procedures, policies, or methods.
• Integrate information systems security needs of diverse departments with Citywide information systems, infrastructure, and policies, procedures, and standards.
• Work collaboratively with City staff to identify and implement security solutions for business process improvements and efficiencies.
• Recommend, design, develop, and implement new, enhanced, or modified information systems security systems and tools.
• Prepare clear and concise technical documentation, information systems procedures, staff reports, and other written materials.
• Understand, interpret, and apply all pertinent laws, codes, regulations, policies and procedures and standards relevant to work performed.
• Effectively represent the department and the City in meetings with governmental agencies; community groups; various business, professional and regulatory organizations; and in meetings with individuals.
• Independently organize work, set priorities, meet critical deadlines, and follow-up on assignments.
• Use tact, initiative, prudence and independent judgment within general policy, procedural, and legal guidelines.
• Effectively use computer systems, software applications relevant to work performed and modern business equipment to perform a variety of work tasks.
• Communicate clearly and concisely, both orally and in writing, using appropriate English grammar and syntax.
• Establish, maintain, and foster positive and effective working relationships with those contacted in the course of work.

Education and Experience:
Any combination of training, experience and educational degrees that would provide the required knowledge, skills, and abilities is qualifying. Substitutions will be made on a year for year basis. A typical way to obtain the required qualifications would be:
Equivalent to bachelor’s degree from an accredited college or university with major coursework in management information systems, computer science, or a related field; and
Five (5) years of increasingly responsible professional experience in cybersecurity program design, development, and management.
Certifications and Licenses:

• Must possess a valid US driver’s license upon date of application. Must obtain California driver’s license following hire date per California DMV regulations. Certified Information Systems Security Professional (CISSP), CompTIA CySA+ and/or Certified Ethical Hacker (CEH) is preferred.

Additional Information

Physical Demands
Must possess mobility to work in a standard office setting and use standard office equipment, including a computer; to operate a motor vehicle and visit various City sites; vision to read printed materials and a computer screen; and hearing and speech to communicate in person and over the telephone. This is primarily a sedentary office classification although standing in work areas and walking between work areas may be required. Finger dexterity is needed to access, enter, and retrieve data using a computer keyboard or calculator and to operate standard office equipment. Positions in this classification occasionally bend, stoop, kneel, reach, push, and pull drawers open and closed to retrieve and file information. Employees must possess the ability to lift, carry, push, and pull materials and objects up to 25 pounds.

Environmental Conditions
Employees work in an office environment with moderate noise levels, controlled temperature conditions, and no direct exposure to hazardous physical substances. Employees may interact with upset staff and/or public and private representatives in interpreting and enforcing departmental policies and procedures.

The City of Chico offers a wide range of employee benefits. Benefits are subject to negotiations with employee organizations and may vary with individual bargaining units. For a summary of benefits, please visit the City of Chico website at: City of Chico - Employee Benefits

Closing Date/Time: 7/23/2025 11:59 PM Pacific

• 

• City of Chico

• 530-879-7905

Show more