Salt River Pima-Maricopa Indian Community
Senior IT Cybersecurity Analyst
Salt River Pima-Maricopa Indian Community, Scottsdale, Arizona, us, 85261
DefinitionUnder general supervision of the IT Director/CIO, assumes responsibility for the implementation and maintenance of security processes and technology improvements in support of the organization’s Cyber security Strategic Plan. Works cohesively with the IT teams and divisions to conduct risk assessments, administer and audit security systems. As a member of the security team develops, implements and maintains security architecture design and maintains the technologies and processes that support continuous security improvements.
This job class is treated as FLSA Exempt.
Examples of Tasks
Mentoring, Supervision & Leadership:
Mentors security team staff so they attain the technical skills and customer service skills along with experience necessary to perform independently and attain further career progression goals.
Ensures cross-functional training of staff to ensure that primary and secondary support personnel are properly trained to support division services.
Assists with the routine supervision of assigned staff. Prioritizes and coordinates staff workflow and provides training and assistance as needed.
Helps establish criteria for employee performance evaluations based on division and department goals and objectives.
Provides senior leadership to the Security Team staff and works closely with other IT divisions to establish and enforce IT standards. Evaluates and recommends best in class standards and processes.
Security Team Member:
Participates as a key member of the security team in setting organizational security direction.
Contributes knowledge of security best practices and technical skills. Utilizes problem-solving techniques during security planning, implementation and incident response activities.
Assumes responsibility for protecting all confidential information discussed, documented or otherwise provided in the course of security events.
Network Security Support:
Proactively audits and reviews the network and security infrastructure.
Ensures that scheduled maintenance, patching and performance is monitoring and managed.
Monitors LAN/WAN, network, security firewalls, routers and systems to ensure security standards are maintained.
Provides operational reporting that effectively communicates the security posture of the SRPMIC organization.
Provides technical input and assistance to troubleshoot security issues.
Security Risk Assessments:
Develops and implements security, technology and assessments based on the organization’s selected security framework.
Develops and maintains adopted security standards and industry best practices.
Works closely with internal stakeholders and security leadership to build and maintain an effective security program to protect the confidentiality, integrity and availability of IT assets to help mitigate overall organizational risks.
Investigation Support:
Responds to security breaches or personnel investigation requests.
Ensures accurate data capture, chain of custody and reporting for an incident or investigation.
Provides leadership, consultation or technical support.
Maintains confidentiality and integrity of systems, data and security processes.
Vendor Management:
Maintains relationships with vendors and consultants to ensure security standards and deliverables are met.
Manages security vendors to ensure Community projects and objectives are met.
Vendor Security Reviews:
Implements and maintains the Vendor Security Review program and its processes.
Participates in and takes responsibility for individual vendor security reviews.
Perform vendor security reviews as per defined processes and make risk determination on a vendor-by-vendor basis.
Conduct peer reviews of vendor security reviews prior to final report completion.
Provide leadership and consultation to IT peers as relates to completion and submittal of security review requests and vendor liaison through the review process.
Provide quarterly reporting and KPIs reflecting the overall health of the security review program.
Documentation:
Establishes, maintains and enforces IT Department policies and procedures in collaboration with IT management team.
Recognizes and identifies potential areas where existing policies and procedures require change, or where new ones need to be developed.
Develops and implements security operational policies and procedures.
Project Coordinator and SME:
Fulfills all duties as the Cyber Security subject matter expert in support of IT and external departmental projects.
Fulfills all duties as the Cyber Security subject matter expert in support of 3rd part audit engagements.
Leads Cyber Security team projects and initiatives to include security tool integrations, tool evaluations, and process improvements.
Audit and Compliance:
Participates in audit reviews.
Participates and fulfils a lead role in security penetration activities and the coordination of mitigation and remediation efforts.
Other Duties as Assigned:
Performs other job related tasks as assigned by the Cyber Security Manager, IT Assistant Director – Enterprise Architecture, or IT Director/CIO.
Minimum Qualifications
Education:
A Bachelor’s degree from an accredited college or university in Information Security, Cyber Security or related discipline. Maybe accept a combination of 7 years direct cyber security experience and industry certifications in lieu of degree.
Experience:
Five (5) years’ experience with the following:
Direct experience working within an IT/Cyber security role. Hands-on experience implementing network security, security monitoring, cloud security monitoring, or vulnerability management.
Direct experience supporting Microsoft 365 Cloud security.
Direct experience with the Elastic log management platform.
Direct experience supporting cyber security incident response.
Direct experience managing and/or mitigating software and system vulnerabilities.
Direct experience conducting security audits to include: access control and system configuration.
Direct experience conducting security assessment on 3rd party integrations.
Direct experience with secure remote access technologies.
One of the following certifications is required:
CompTIA Security +
Systems Security Certified Practitioner (SSCP)
Certified Information Systems Security Professional (CISSP)
Two of the following certifications is preferred:
Security +
Systems Security Certified Practitioner (SSCP)
Certified Information Systems Security Professional (CISSP)
Certified Information Security Manager (CISM)
SANS Global Information Assurance Certifications (GIAC)
Certified Ethical Hacker (CEH)
Equivalency:
Any equivalent combination of education and/or experience that would allow the candidate to satisfactorily perform the duties of this position, will be considered.
Underfill Eligibility:
An enrolled Community Member whom closely qualifies for the minimum qualifications for a position may be considered for employment under SRPMIC Policy 2-19, Underfill.
Special Requirements
May be required to work beyond normal work hours including nights, weekends and holidays.
May be required to complete and Salt River Police Department (SRPD) background investigation and polygraph examination.
May be required to receive and maintain a Salt River Pima-Maricopa Indian Community, Community Regulatory License, and State Certification (ADOG). All applicants applying for jobs will be subject to Pre-Employment Drug Test and extensive Fingerprint and Background Check. In addition, all employees providing services to a campus with children will be subject to the “Community Code of Ordinances”, Chapter 11 “Minors”, Article X. “Investigation of Persons Working with Children”, random drug testing and completion of a background check every five (5) years.
SRPMIC is an Equal Opportunity/Affirmative Action Employer
Preference will be given to a qualified: Community Member Veteran, Community Member, Spouse of Community Member, qualified Native American, and then other qualified candidate.
In order to obtain preference, the following is required:
Qualified Community Member Veteran (DD-214) will be required at the time of application submission.
Qualified Community Member (must provide Tribal I.D at time of application submission).
Spouse of a Community Member (Marriage License/certificate and spouse Tribal ID or CIB is required at time of application submission).
Native American (Tribal ID or CIB required at time of application submission).
Documents may be submitted by one of the following methods:
attach to application
fax (480) 362-5860
mail or hand deliver to Human Resources.
Documentation must be received by position closing date.
The IHS/BIA Form-4432 is not accepted.
Your Tribal ID/CIB must be submitted to HR-Recruitment-Two Waters.
The SRPMIC offers a comprehensive benefit package including medical, dental, vision, life, disability insurance, and a 401(k) retirement plan. In addition employees enjoy vacation and sick leave and 13 paid holidays.
#J-18808-Ljbffr
This job class is treated as FLSA Exempt.
Examples of Tasks
Mentoring, Supervision & Leadership:
Mentors security team staff so they attain the technical skills and customer service skills along with experience necessary to perform independently and attain further career progression goals.
Ensures cross-functional training of staff to ensure that primary and secondary support personnel are properly trained to support division services.
Assists with the routine supervision of assigned staff. Prioritizes and coordinates staff workflow and provides training and assistance as needed.
Helps establish criteria for employee performance evaluations based on division and department goals and objectives.
Provides senior leadership to the Security Team staff and works closely with other IT divisions to establish and enforce IT standards. Evaluates and recommends best in class standards and processes.
Security Team Member:
Participates as a key member of the security team in setting organizational security direction.
Contributes knowledge of security best practices and technical skills. Utilizes problem-solving techniques during security planning, implementation and incident response activities.
Assumes responsibility for protecting all confidential information discussed, documented or otherwise provided in the course of security events.
Network Security Support:
Proactively audits and reviews the network and security infrastructure.
Ensures that scheduled maintenance, patching and performance is monitoring and managed.
Monitors LAN/WAN, network, security firewalls, routers and systems to ensure security standards are maintained.
Provides operational reporting that effectively communicates the security posture of the SRPMIC organization.
Provides technical input and assistance to troubleshoot security issues.
Security Risk Assessments:
Develops and implements security, technology and assessments based on the organization’s selected security framework.
Develops and maintains adopted security standards and industry best practices.
Works closely with internal stakeholders and security leadership to build and maintain an effective security program to protect the confidentiality, integrity and availability of IT assets to help mitigate overall organizational risks.
Investigation Support:
Responds to security breaches or personnel investigation requests.
Ensures accurate data capture, chain of custody and reporting for an incident or investigation.
Provides leadership, consultation or technical support.
Maintains confidentiality and integrity of systems, data and security processes.
Vendor Management:
Maintains relationships with vendors and consultants to ensure security standards and deliverables are met.
Manages security vendors to ensure Community projects and objectives are met.
Vendor Security Reviews:
Implements and maintains the Vendor Security Review program and its processes.
Participates in and takes responsibility for individual vendor security reviews.
Perform vendor security reviews as per defined processes and make risk determination on a vendor-by-vendor basis.
Conduct peer reviews of vendor security reviews prior to final report completion.
Provide leadership and consultation to IT peers as relates to completion and submittal of security review requests and vendor liaison through the review process.
Provide quarterly reporting and KPIs reflecting the overall health of the security review program.
Documentation:
Establishes, maintains and enforces IT Department policies and procedures in collaboration with IT management team.
Recognizes and identifies potential areas where existing policies and procedures require change, or where new ones need to be developed.
Develops and implements security operational policies and procedures.
Project Coordinator and SME:
Fulfills all duties as the Cyber Security subject matter expert in support of IT and external departmental projects.
Fulfills all duties as the Cyber Security subject matter expert in support of 3rd part audit engagements.
Leads Cyber Security team projects and initiatives to include security tool integrations, tool evaluations, and process improvements.
Audit and Compliance:
Participates in audit reviews.
Participates and fulfils a lead role in security penetration activities and the coordination of mitigation and remediation efforts.
Other Duties as Assigned:
Performs other job related tasks as assigned by the Cyber Security Manager, IT Assistant Director – Enterprise Architecture, or IT Director/CIO.
Minimum Qualifications
Education:
A Bachelor’s degree from an accredited college or university in Information Security, Cyber Security or related discipline. Maybe accept a combination of 7 years direct cyber security experience and industry certifications in lieu of degree.
Experience:
Five (5) years’ experience with the following:
Direct experience working within an IT/Cyber security role. Hands-on experience implementing network security, security monitoring, cloud security monitoring, or vulnerability management.
Direct experience supporting Microsoft 365 Cloud security.
Direct experience with the Elastic log management platform.
Direct experience supporting cyber security incident response.
Direct experience managing and/or mitigating software and system vulnerabilities.
Direct experience conducting security audits to include: access control and system configuration.
Direct experience conducting security assessment on 3rd party integrations.
Direct experience with secure remote access technologies.
One of the following certifications is required:
CompTIA Security +
Systems Security Certified Practitioner (SSCP)
Certified Information Systems Security Professional (CISSP)
Two of the following certifications is preferred:
Security +
Systems Security Certified Practitioner (SSCP)
Certified Information Systems Security Professional (CISSP)
Certified Information Security Manager (CISM)
SANS Global Information Assurance Certifications (GIAC)
Certified Ethical Hacker (CEH)
Equivalency:
Any equivalent combination of education and/or experience that would allow the candidate to satisfactorily perform the duties of this position, will be considered.
Underfill Eligibility:
An enrolled Community Member whom closely qualifies for the minimum qualifications for a position may be considered for employment under SRPMIC Policy 2-19, Underfill.
Special Requirements
May be required to work beyond normal work hours including nights, weekends and holidays.
May be required to complete and Salt River Police Department (SRPD) background investigation and polygraph examination.
May be required to receive and maintain a Salt River Pima-Maricopa Indian Community, Community Regulatory License, and State Certification (ADOG). All applicants applying for jobs will be subject to Pre-Employment Drug Test and extensive Fingerprint and Background Check. In addition, all employees providing services to a campus with children will be subject to the “Community Code of Ordinances”, Chapter 11 “Minors”, Article X. “Investigation of Persons Working with Children”, random drug testing and completion of a background check every five (5) years.
SRPMIC is an Equal Opportunity/Affirmative Action Employer
Preference will be given to a qualified: Community Member Veteran, Community Member, Spouse of Community Member, qualified Native American, and then other qualified candidate.
In order to obtain preference, the following is required:
Qualified Community Member Veteran (DD-214) will be required at the time of application submission.
Qualified Community Member (must provide Tribal I.D at time of application submission).
Spouse of a Community Member (Marriage License/certificate and spouse Tribal ID or CIB is required at time of application submission).
Native American (Tribal ID or CIB required at time of application submission).
Documents may be submitted by one of the following methods:
attach to application
fax (480) 362-5860
mail or hand deliver to Human Resources.
Documentation must be received by position closing date.
The IHS/BIA Form-4432 is not accepted.
Your Tribal ID/CIB must be submitted to HR-Recruitment-Two Waters.
The SRPMIC offers a comprehensive benefit package including medical, dental, vision, life, disability insurance, and a 401(k) retirement plan. In addition employees enjoy vacation and sick leave and 13 paid holidays.
#J-18808-Ljbffr