IT Enterprise Risk Analyst

Posting Close Date:

Applicants must submit their completed application byat 11:59 p.m. MST

Application and Special Instructions

The ideal candidate should have experience in IT governance risk management and a basic understanding of IT controls and security. They should understand core IT concepts including fundamental knowledge of operating systems networking basics knowledge of cloud computing and a basic understanding of scripting. Additionally they should have knowledge of industry-standard data and privacy protection regulations be familiar with risk assessment methodologies and have an understanding of IT audit processes and security controls. Adept documentation skills are essential demonstrated through experience in documenting IT policies controls and creating compliance reports. An understanding of change management and the use of metrics would also be beneficial.

As part of the application process all applicants are required to submit a chronological resume and cover letter at the time of the application. Applications that do not include both a chronological resume and cover letter by the closing date of the recruitment will be considered incomplete and will not receive further consideration for this recruitment.

The City of Tucson does not provide VISA sponsorship. Candidates must be legally authorized to work in the United States at the time of application and throughout the duration of employment.

Relocation expenses will not be provided for this position. Candidates are responsible for all costs associated with relocating to the Tucson area if applicable.

**Save the date: Highest scoring applicants will be invited to attend a virtual interview to be held on February 26 2026 and February 27 2026.

Recruiter contact information: If you have any questions please contact Liliana Almeraz at (520 )837-4303 or

ABOUT THIS JOB

The IT Enterprise Risk Analyst position at the City of Tucsons Information Technology Department (ITD) is responsible for supporting the organizations Governance Risk and Compliance (GRC) efforts by developing implementing and maintaining IT policies procedures and controls. This position analyzes and applies governance frameworks to maintain compliance and protect the data and IT infrastructure while ensuring adherence to regulatory requirements.

Work is performed under the supervision of an IT Manager. This position does not supervise.

Duties and Responsibilities

• Analyzes and supports the development of IT Governance Identify and Mitigate risks (GRC) frameworks policies standards procedures and governance controls in collaboration with teams and subject matter experts (SMEs). Provides guidance on understanding and adhering to established policies and procedures with IT teams embedded in partner departments. Recommends and implements improvements documenting identified risks risk score mitigation strategies contingency plans and monitoring activities.

• Supports the development and maintenance of a comprehensive risk register tracking identified risks risk scores mitigation strategies contingency plans and monitoring activities. Contributes to the definition and continuous improvement of key risk indicators (KRIs) and performance metrics to assess program effectiveness.

• Conducts and facilitates IT risk assessments to identify and evaluate potential threats vulnerabilities and impacts on tech-enabled business operations. Assesses risks associated with third-party vendors and service providers. Supports internal and external audits by gathering evidence preparing documentation and addressing audit findings.

• Performs gap analyses and compliance assessments to identify areas for improvement and ensure adherence to IT GRC standards. Maintains an up-to-date knowledge base for IT GRC-related information to support ongoing compliance and risk management efforts. Monitors organization-wide compliance with administrative directives and policies external regulations (e.g. PCI HIPAA CJIS etc.) and other IT governance requirements for corrective measures.

• Identifies opportunities for process improvements by working with SMEs to enhance risk management and compliance practices. Educates employees on IT standards policies and compliance obligations

• Assists in IT incident response documenting findings supporting remediation and root cause analysis efforts and assessing security and compliance impacts. Assists in the development and implementation of risk mitigation strategies and controls to enhance IT security and compliance.

• Performs all other duties and tasks as assigned.

Working Conditions

Mostly office environment.

All duties and responsibilities listed are subject to change.

MINIMUM QUALIFICATIONS

Education: Bachelors Degree

Experience: Three (3) years of relevant experience

*Any combination of relevant education and experience may be substituted on a year-for-year basis.

A valid and unrestricted drivers license with two (2) years of licensed driving is required.

Preferred Qualifications:

Three years of experience as an Enterprise Risk Analyst IT GRC Analyst or in a related role.

POSITION DETAILS

Job Profile

J0328 - Enterprise Risk Analyst

To view the full job profile including classification specifications and physical demands click Grade

G108

Hourly Range

$29.23 - 43.85 USD

The City of Tucson considers several factors when extending an offer including but not limited to the role and associated responsibilities a candidates work experience education/training key skills and internal equity.

FLSA

Exempt

Position Type

Regular

Time Type

Full time

Department

Information Technology ZBUDG HIER - Recurring

Department Link

No Website

Background Check: This position has been designated to require a criminal background check. The City of Tucson is a Second Chance Employer.

ABOUT US

Benefits: The City of Tucson offers a generous benefits package for benefit-eligible positions. The comprehensive flexible and affordable coverage is designed to optimize health and well-being security and future and peace of mind. Benefits begin with medical dental vision life disability and FSA coverage surpassing your standard 401(k) program by offering a rich pension plan plus optional Roth and pretax deferred compensation savings. With your well-being in mind our paid time off program provides new hires with 38 paid days off in the first year of employment with time off increasing steadily in subsequent years. We offer twelve weeks of paid parental leave paid tuition reimbursement student loan repayment off- and on-the-job training and opportunities to forge connections with peers and the community through employee resource groups and paid volunteer hours. You can learn more about our benefits at The City of Tucson employs only U.S. Citizens and lawfully authorized non-U.S. Citizens. All new employees must show employment eligibility verification as required by the U.S. Citizenship and Immigration Status. The City of Tucson does not offer visa sponsorship.

City of Tucson is an Equal Opportunity/Affirmative Action/Veterans/Disability Employer and does not discriminate based on race color religion sex (including sexual orientation gender identity and pregnancy) national origin veteran status age disability genetic testing or any other protected status. If you believe you have been a victim of discrimination you may file a complaint with the City of Tucsons Office of Equal Opportunity Programs U.S. Equal Employment Opportunity Commission (EEOC) or Arizona Attorney Generals Office of the Civil Rights Division (ACRD). Click for more information from ACRD about employment discrimination and how to file a complaint with ACRD

The City of Tucson is committed to providing access and reasonable accommodation for individuals with disabilities or who require religious accommodation; please contact Human Resources at or .

Recruiter Name

Liliana Almeraz (99363)

Recruiter Email

For Human Resources general questions please contact .