Information Technology (IT) Security & Compliance Analyst

SUMMARY

Under the direction of the Director of Technology & Information Security the Information Technology (IT) Security & Compliance Analyst will oversee coordinate enforce Information Security & Disaster Recovery efforts protocols for the Crane Elementary School District. The job requirements will be accomplished by meeting following expectations: installing configuring monitoring security systems and alerts; and participates in the analysis evaluation of enterprise information security as well as ensuring the districts compliance with the Arizona Auditor General and other various compliance regulations. Take on security-oriented responsibilities by implementing formal methodologies educating promoting enforcing approved security policies procedures guidelines standards and provides technical leadership of security and governance following the Crane Schools Leadership Mission.

ESSENTIAL FUNCTIONS Essential functions as defined under the Americans with Disabilities Act may include any of the following representative duties knowledge and skills. This list is ILLUSTRATIVE ONLY and is not a comprehensive listing of all functions and duties performed by incumbents of this class. Employees are required to be in attendance and prepared to begin work at their assigned work location on the specified days and hours. Factors such as regular attendance at the job are not routinely listed in job descriptions but are an essential function. Essential duties and responsibilities may include but are not limited to the following:

1. Protects information technologys assets (i.e. hardware software data etc.) by establishing and enforcing system access controls.
2. Monitor and audit to ensure authorized access by investigating improper access; based on severity of issues immediately revoking access; reporting violations; recommending improvements.
3. Monitor and analyze IT systems for unusual behavior or breaches; Respond to security incidents and audits and report status to management.
4. Ensure network security devices and measures exist and function correctly. Performs periodic information security audits and risk assessments.
5. Performs security monitoring testing prevention and remediation activities across the network taking a proactive approach to mitigate district risks.
6. Manage develop and coordinate the security awareness program with updates provide all management end-user security training and on-going communication.
7. Provide reports audit and monitors internet usage compliance and reports violations of the Crane Elementary School District #13 policy.
8. Work with Information Services personnel and vendors to analyze audit mitigate any risks and compile regular network and security reports to present to the Director of Technology & Information Security and Executive Leadership.
9. Ensure compliance with various IT Compliance Standards - NIST HIPPA PCI-DSS COPPA FERPA etc.
10. Creates compliance policies & procedures cyber incident response plan & procedure documentation and education for Cyber Security Standards.
11. Maintains accurate and current compliance documentation mandated by the Arizona Auditor General regulatory standard(s) as directed by the Director of Technology & Information Security the Director of Finance and Executive Leadership.
12. Develops implements evaluates documents evaluates and modifies Information Technology (IT) Compliance controls (i.e. DLP MDM Encryption etc.) for all Information Technology Resources.
13. Works with Information Services Staff Human Resources Staff Finance Staff to ensure IT security compliance deliverables are met.
14. Coordinates schedules and documents IT Disaster Recovery Exercises with Information Services schools and operations support departments.
15. Works with Information Services schools and operations support departments on keeping their business continuity plans and work arounds up to date.
16. Works with Information Services on creating evaluating and maintaining their IT Disaster Recovery Plan and recovery procedures up to date.
17. Works with Information Services on creating evaluating and maintaining server data backups.
18. Evaluates new technology and assists in the selection of new technologies that affect district-wide technology security and compliance; assists with Request for Proposals (RFP) development proposal evaluations vendor negotiations and contract management.
19. Assist in the short and long-term planning and implementation of information technology security technologies and applicable expansion solutions by providing the most efficient and cost-effective technology.
20. Supports the relationship between the school district and the general public by demonstrating courteous and cooperative behavior when interacting with citizens visitors and district staff; promotes the district goals and priorities and complies with all district policies and procedures.
21. Maintains absolute confidentiality of work-related issues and district information.
22. Follows industry/company standards regarding safety policies and procedures.
23. Maintains work areas tools and PPE in a clean orderly and safe manner.
24. Professional-upbeat attitude assist and work harmoniously with vendors and Crane Elementary School District #13 employees.
25. Uses information technology management tools to manage work orders and task requests.
26. Performs other duties as required or assigned by Director of Technology & Information Security.
27. Troubleshoot communicate and resolve IT security problems in a timely manner.
28. Assist and perform routine scheduled and emergency nonscheduled software firmware and hardware updates and upgrades.
29. Support Information Services on-call staff afterhours with IT security incident management during the week weekend and holidays.

MINIMUM QUALIFICATIONS

Education Training and Experience Guidelines:

Bachelors degree in computer science that focuses on IT Security and 1 of 2 entry level certifications or training (Security MTA Security Fundamentals ISC2 CC); AND 2 years experience in an IT technical role; OR an equivalent combination of education training and experience. 3 years experience in an IT security-related technical role may be substituted for no bachelors degree in computer science or equivalent IT security certifications (i.e. CISSP CISA).

Knowledge of:

1. IT best practices for IT policies procedures standards and guidelines.
2. IT Security and IT Compliance Standards to include Arizona Criminal Justice Information Systems Health Insurance Portability and Accountability (HIPPA) Payment Card Industry (PCI-DSS) Internal Revenue Services - Safe Guards (IRS 1074) Personally Identifiable Information (PII) Federal Information Processing Standards (FIPS) and the Nation Institution of Standards and Technology (NIST).
3. Software enterprise applications various operating systems used within a large IT environment including ERP System Public Safety Systems Asset / Fleet Management Systems Legal CMS video and proximity systems etc.
4. Information security standards logging (SIEM etc.) and methodologies with excellent knowledge of change management processes patch management security methods security tools and current mobile technologies.
5. Enterprise data backups and best practices.
6. Business continuity planning and best practices.
7. IT disaster recovery planning and best practices.
8. Cyber incident planning and best practices.

Skills:

1. System hardening (i.e. firewall security systems web application workstations mobile devices etc.) vulnerability assessments security audits intrusion detection / prevention and incident response.
2. Researching problems that are difficult to identify or where facts may be insufficient and misleading.
3. Handling sensitive or confidential information.
4. Assessing customer support needs and implementing effective solutions mitigating risks.
5. Leadership teamwork presentation and people management skills.
6. Using initiative and independent judgment within established procedural guidelines with a focus on mitigating risks and protecting system data.
7. Working in a group or independent in a technical environment with interlinked and changing priorities.
8. Establishing and maintaining positive and cooperative working relationships with coworkers.
9. Communicating effectively verbally and in writing.
10. Ability to comprehend and execute complex written and oral instructions.
11. Ability to communicate technical information to non-technical individuals.
12. Good driving record.

PHYSICAL DEMANDS AND WORKING ENVIRONMENT

Work is performed in a standard office environment; is required to lift objects up to 50 pounds bend stoop crawl and navigate tight spaces; requires use of hands; requires vision capacity at close range and ability to differentiate between colors.

REPORTS TO:

Director of Technology & Information Security

R13338

258 days

Range 26

Required Experience:

IC