IT Security Analyst
Location: Aviation 01
Divisions: AVIATION 01
CITY OF ATLANTA, GEORGIA
JOB CLASS SPECIFICATION
The salary for this position is $68,000 – $90,600
This position will expire on September 26, 2018
General Description and Classification Standards
The Information Security Analyst is responsible for IT security policy enforcement and maintenance; design of security policy education, training, and awareness activities; monitoring compliance within the Department of Aviation and applicable law; and coordinating investigation and reporting of security incidents. Monitor, assess, and fine-tune the IT business continuity and disaster recovery program, perform network penetration tests, application vulnerability assessment scans and risk assessment reviews.
Develop and monitor practices to ensure that the network information is secure from unauthorized access, protected from inappropriate alteration, physically secure, and available to authorized users in a timely fashion. The ISA’s duties include training in and dissemination of security policies and practices as well as developing strategies and plans to provide for timely business resumption in the event of a serious disruption. Applicants employed in this position will be required to work extra hours, as needed, and to be on-call for scheduled after-hour emergencies and respond to after-hours emergencies as needed.
Direction received is very general and focuses on end results and is typically collaborative in nature. Position plans own work and project schedules and sequences.
Essential Duties && Responsibilities
Monitor and advise on information security issues related to the systems and workflow at the DOA to ensure the internal security controls for the Aviation IT infrastructure is appropriate and operating as intended.
Coordinate and execute IT security projects.
Coordinate and execute IT security assessment audits and manage remediation
Coordinate response to information security incidents.
Develop and publish Information Security policies, procedures, standards and guidelines based on knowledge of best practices and compliance requirements.
Conduct data classification assessment and security audits and manage remediation plans.
Collaborate with IT management, the legal department, safety and security, and law enforcement agencies to manage security vulnerabilities.
Create, manage and maintain user security awareness.
Conduct security research in keeping abreast of latest security issues.
Prepare security notification, alerts and procedures for handling security incidents.
Perform other related duties as assigned.
Creating, testing and implementing network disaster recovery plans
Performing risk assessments and testing of data processing systems
Installing firewalls, data encryption and other security measures
Recommending security enhancements and purchases
Training staff on network and information security procedures