The Information Technology Department seeks a dynamic team-player for our Cybersecurity Governance, Risk, and Compliance (GRC) initiatives. Reporting to the Chief Information Security Officer (CISO), this role focuses on developing, assessing, and maintaining cybersecurity policies, standards, and procedures compliant with NIST, PCI DSS, CJIS and other relevant standards/frameworks.
General Description
The role will work collaboratively with various Business and IT teams in the design and implementation of Cybersecurity-GRC Program; support the Information Security Compliance initiatives, support/facilitate Compliance requests, conduct Risk Assessments, identify Risk Themes, maintain IT & Cybersecurity Risk Register, and promote GRC Awareness and Training across the appropriate teams within ITD and City of Tucson.
Knowledge, Skills, and Abilities
· Ability to multi-task and prioritize individual and teamwork in fast changing environment.
· Ability to interact with personnel at various levels of an organization to resolve issues and provide solutions in a timely manner.
· Ability to maintain a detail-oriented approach while multitasking in a fast-paced environment.
· Strong technical, analytical and problem-solving skills
· Communications: Excellent written and oral communication skills
· Experience working with partners/stakeholders in sensitive environments.
· Ability to interface with various levels within an organization and provide input to facilitate: risk-based, Cybersecurity or IT Compliance decisions.
Essential Functions
Risk Management (40%): Collaborates with relevant teams and team members to document and manage IT & Cybersecurity Risks, while engaging relevant stakeholders within ITD and City of Tucson. Participates in IT & Cybersecurity planning or other similar activities to help identify new and emerging risks.
3rd Party Risk Management (20%): Facilitates Vendor Risk Assessments and provide oversight of Vendor Risk Management and Mitigation activities for all in-scope vendor engagements, as determined by the CISO. Completes Vendor Risk Assessments and related stakeholder reviews using 3rd Party Risk Management tool.
Compliance (20%): Supports compliance activities within ITD and City of Tucson to stay aligned with ISO27001/2, NIST, PCI DSS and other relevant Standards/Frameworks, as applicable. Re-evaluates risks with relevant teams, as material changes occur, and as the ongoing Compliance expectations evolve to trigger reviews.
Governance (15%): Supports development, assessment, and maintenance of policies, Standards, Processes and Procedures, to a level compliant with ISO27001/2, NIST, PCI DSS and other relevant Standards/Frameworks, as applicable.
Non-Essential Function (15%): Other duties as assigned.
Minimum Qualifications
Minimum Education Level & Type: Associate degree in Computer Science, Management Information Systems
Minimum Experience Qualifications: At least two (2) years of experience working in technical data analysis, data science, data warehousing, and data visualization.
*Any combination of relevant education and experience may be substituted on a year-for-year basis.
Preferred Qualifications
Bachelor’s or Master’s degree in Information Technology, Management Information Systems, Cybersecurity, or a related field.
Proficient understanding of GRC concepts and practices, specifically in the cybersecurity domain.
Relevant certifications such as CISM (Certified Information Security Manager), CRISC (Certified in Risk and Information Systems Control), CGEIT (Certified in the Governance of Enterprise IT), or similar.
Experience in developing, implementing, and maintaining cybersecurity policies and frameworks in compliance with standards like ISO27001/2, NIST, and PCI DSS.
Demonstrated ability in conducting detailed cybersecurity risk assessments, including identifying, analyzing, and prioritizing risks.
Skilled in the use of GRC tools for risk management, compliance tracking, and policy governance.
Strong analytical skills, with the ability to translate complex cybersecurity regulations and requirements into effective compliance strategies.
Experience in coordinating and facilitating internal and external audits for cybersecurity compliance.
Excellent communication skills, capable of articulating cybersecurity risks and compliance requirements to both technical and non-technical stakeholders.
Prior experience in a public sector or municipal government environment, with an understanding of the unique cybersecurity challenges in these settings.
Selection Plan
**You are encouraged to print this bulletin because it contains important dates and information that will not be available online once this position closes.**
All applicants will be required to submit a resume under the “Resume” tab as part of the online application, as your resume will be reviewed and scored during the testing process. Please ensure your application contains the required resume prior to submission. Applications received without a resume will be considered incomplete.
Applicants who meet the minimum qualifications will be evaluated on the education and work experience in their employment profiles and the responses to their supplemental questions. The highest scoring applicants will proceed to the resume review evaluation. Following the resume review evaluation process, the highest scoring applicants, will be invited to participate in an oral board interview.
Virtual Oral Boards will be held the week of February 19, 2024, via Microsoft Teams
Upon completion of all examination processes, the highest scoring applicants will be placed on the Civil Service Employment List. An applicant’s ranking on the Civil Service Employment List will be based on their final score which will be calculated as:
· 10% of the rating for education and work experience
· 10% of the rating for the Resume Review
· 80% rating for the Oral Board Interview
This recruitment will establish a civil service list that may be utilized to fill vacancies occurring in this classification within the next 6 months. Post list hiring interviews may be conducted prior to final selection.
Veterans, Native American, or Disability preference points will be added to the final score for those that are placed on the Civil Service Employment List. If you qualify for preference points as outlined in the Employment Profile, you must present your documentation at the time of your interview. The DD 214 must be a copy that indicates characterization of service.
If you are in need of Americans with Disabilities Act-related accommodation during the testing process, please email Liliana Almeraz at [email protected] at least 48 hours prior to the evaluation.
Conclusion
Communication during this process will be sent via email to the email address on file, so please ensure your browser accepts emails from [email protected] and check your email account regularly; this may include your junk box/spam filter. Failure to respond or follow instructions may result in disqualification.
Bulletin Footer
To ensure accurate payroll information for tax purposes, the successful candidate will need to provide their original Social Security Card or original letter from the Social Security Administration with their social security number prior to beginning work with the City of Tucson.
The City of Tucson hires lawful workers only – US citizens or nationals and non-citizens with valid work authorization – without discrimination. Federal immigration laws require all employers to verify both the identity and employment eligibility of all persons hired to work in the United States. In its efforts to meet the law’s requirements, the City of Tucson participates in the E-Verify program established by the Department of Homeland Security (DHS) and the Social Security Administration (SSA) to aid employers in verifying the eligibility of workers.
Retired City of Tucson employees receiving benefits from the Tucson Supplemental Retirement System who are considering reemployment with the City should be aware that pursuant to Section 22-37(g) of the Tucson City Code, retirement benefits shall be suspended during the period of reemployment with the City of Tucson unless you have been separated at least twelve consecutive months before returning to work AND you return to a non-permanent employment classification. Creditable service does not accrue during any reemployment period.
The City of Tucson offers a wide range of generous benefits for eligible employees. Some of those benefits include:
Your Security and Future
Your Peace of Mind
For a full description of benefits offered to eligible employees, or to inquire further about the City of Tucson’s benefits options, please visit: https://www.tucsonaz.gov/hr/employee-benefit-snapshot
Responsibilities The Specialist, GC Social will assist in the execution of Spirit’s social strategies, including but not limited to copy...
Apply For This JobProvides routine therapeutic services under the supervision of therapist or therapist assistants Provides routine services to patients, as outlined in...
Apply For This JobCompany Description Intercept Telehealth is a transformative tele-critical care provider that uses state-of-the-art technology and data analytics to drive positive...
Apply For This JobPosition Information An Information Specialist II plans and executes a wide range of public informational activities encompassing a variety of...
Apply For This Jobdnata is hiring a Full Time Administrative Assistant at MCO Airport! Pay rate $20.00/hr. Weekly pay, 401K, paid time off,...
Apply For This JobJob Details Full-time$47,713 a year2 hours ago Benefits Health savings account Dental insurance Health insurance Employee assistance program Paid time...
Apply For This Job