Information Technology Security and Compliance Analyst

The option for telework may be available. Eligibility for telework is based on the position employee and telework environment; not every job or every employee will be compatible with this approach.

The job functions listed below are not inclusive or exclusive and are intended only as illustrations or examples of the various types of work that may be performed in various divisions/departments. Types of work performed shall be within the scope and licensure (if required) for the classification. Reasonable accommodation will be made when requested and determined by the County to be appropriate under applicable law.

• Implements and oversees IT security controls policies and procedures to safeguard the Countys information assets and prevent unauthorized access.
• Conducts regular risk assessments to identify vulnerabilities assess potential threats and recommend mitigation strategies to minimize risks.
• Monitors and ensures compliance with relevant regulatory standards such as GDPR HIPAA and industry-specific requirements and collaborate with departments to maintain compliance.
• Performs regular security control tests and assessments of IT systems networks and applications to identify security gaps and recommend remediation actions.
• Develops and manages incident response plans coordinating timely and effective responses to security incidents breaches and data breaches.
• Provides security awareness training to employees educating them about security best practices policies and the importance of data protection.
• Creates and maintains comprehensive security documentation including policies procedures and incident reports.
• Manages vulnerability scanning and patch management processes ensuring timely remediation of identified vulnerabilities based on risk prioritization.
• Generates and presents security reports to stakeholders highlighting security risks compliance status and recommended improvements.
• Administers security tools and solutions including but not limited to firewalls intrusion detection systems directory services data loss prevention cloud security and anti-malware software ensuring their effectiveness and proper configuration.
• Analyzes security events incidents breaches and threats to identify root causes assess impact and recommend preventive measures.
• Develops disaster recovery plans and procedures including recovery testing to ensure the availability and continuity of Office of Information Technology systems in the event of unforeseen disruptions disasters or data loss.
• Collaborate with information technology staff to ensure security measures are planned integrated reviewed tested and configured.
• Assists in developing and maintaining security governance frameworks policies and procedures to guide IT security efforts.
• Monitors changes in regulations and technology that may affect operations; implements policy and procedural changes after approval.
• Performs related duties as assigned.

Knowledge of:

• Information security frameworks Critical Security Controls understanding their principles implementation and alignment with organizational needs.
• Regulatory compliance standards relevant to the organizations industry and any other regional or sector-specific requirements.
• Security technologies includingbut not limited tonext-generation firewalls intrusion prevention systems (IPS) endpoint protection encryption methods data loss prevention and secure network architecture design.
• Risk management methodologies conducting comprehensive risk assessments prioritizing identified risks and devising effective risk mitigation strategies.
• Incident response lifecycle stages ability to lead and coordinate incident response efforts conduct root cause analysis and implement improvements based on lessons learned.
• Security control tests vulnerability assessments and industry standards and regulations.
• Applicable federal state and local laws codes and ordinances relevant to the area(s) of responsibility.
• Techniques for providing a high level of customer service by effectively dealing with the publicvendors contractors and County staff.
• The structure and content of the English language including the meaning and spelling of words rules of composition and grammar.
• Tools used for business functions and program project and task coordination including computers and software programs relevant to work performed.

• Implement long-term security strategies that align with business goals involving risk assessment threat modeling and proactive security measures.
• Dissect complex security issues analyze patterns within large datasets and identify emerging threats and vulnerabilities.
• Coordinate direct and analyze regular internal and external penetration tests.
• Create review and implement comprehensive security policies procedures and guidelines that address a wide range of security concerns.
• Lead cross-functional teams fostering a security-aware culture providing mentorship and aligning team efforts toward achieving security objectives.
• Manage complex security projects involving planning execution resource allocation risk assessment and status reporting to ensure project success.
• Evaluate emerging technologies such as AI-driven threat detection blockchain security and cloud security controls to stay ahead of evolving threats and trends.
• Understand interpret and apply all pertinent laws codes regulations policies and procedures and standards relevant to the work performed.
• Effectively use computer systems software applications relevant to work performed and modern business equipment to perform a variety of work tasks.
• Communicate clearly and concisely both orally and in writing using appropriate English grammar and syntax.
• Establish maintain and foster positive and effective working relationships with those contacted in the course of work.

• Equivalent to a bachelors degree from an accredited college or university or equivalent technical certification with major coursework in computer science information security technology or a related field and five (5) years of increasingly responsible experience performing professional information security or computer science work.

• Possession of or ability to obtain by the time of appointment an appropriate California drivers license.
• Some positions may require possession of or ability to obtain nationally recognized industry specific technical certification pertinent to the assigned area(s) of responsibility.

The application review process will include screening to ensure applications are complete and meet all minimum addition to the application the applicant is required to complete the Supplemental Questions to further evaluate their education training and experience relative to the required knowledge and abilities for the position. Applicants must submit answers that are as complete as possible.

Only the most qualified applicants who pass the minimum qualifications review will be invited to the examination process which may be administered by a written examination oral interview or any combination of qualifications appraisal determined by the Department of Human Resources to be appropriate. The Department of Human Resources will make reasonable accommodation in the examination process for disabled applicants. If you have an accommodation request please indicate such on your application.

Depending upon the number of applicants meeting the minimum qualifications applicants may be scheduled for one or more of the assessments listed below. Of those passing the initial assessment only the top 15 will move forward to the appraisal panel. Passing score is 70% out of 100% on each assessment section. If only one assessment is conducted the weight for that assessment will be 100%.

THE APPRAISAL PANEL (100%) IS TENTATIVELY SCHEDULED FOR WEDNESDAY JANUARY 7 2026.

To move forward in the application process you must complete an online application through our website All job postings are also included via the TDD phone at and the 24-hour job line at . Please attach a copy of your unofficial transcripts (indicating when the degree was awarded) to your application or your application may be considered incomplete. Resumes may be uploaded but cannot be used in place of a completed application.

Those applicants claiming veterans preference must submit a copy of their DD-214 form along with the application. Candidates who attain ranking on an eligible list and are involuntarily called to active duty may be considered for eligibility reinstatement upon their return.

Placement on Eligible List:

PRE-EMPLOYMENT MEDICAL REQUIREMENTS:
As a condition of employment with the County of Madera a candidate must submit to a Tuberculosis (TB) screening and related follow up testing as necessary. Designated classifications* are also subject to a medical examination which includes a review of medical history. TB screenings and medical exams are administered by the Madera County Public Health Department and/or health care professional designated by the County.

Designated classifications required to submit to an employment medical examination generally include those that are physical in nature or as may be required by law. If you have any questions about the pre-employment requirements please contact the Department of Human Resources at or.

ELIGIBILITY FOR EMPLOYMENT:
You will be required to submit verification of your identity and citizenship or legal right to work in the United States at the time of and as a condition of an offer of employment.

As a condition of employment all prospective employees shall be required to be fingerprinted (Live Scan) and/or undergo a background investigation.

EQUAL EMPLOYMENT OPPORTUNITY

Madera County does not discriminate on the basis of race color religion sex gender gender identity gender expression transgender status national origin age disability (physical or mental) medical condition pregnancy genetic information ancestry marital status sexual orientation veteran or military status political affiliation or any other basis protected by Federal or State law.