WHAT DOES THE ROLE ENTAIL? The Information Security Office (ISO) is seeking a professional with information security, technology risk assessment, technology audit, or legal experience to join our team. Business Security Analysts work within the ISO's Engagement team but are embedded within departments to evaluate and consult on information security and privacy risk of business drivers and technology. This position will engage all levels of the business to identify risk and work with business leadership and the CISO to design and execute on remediation projects and build processes that will support the CAO's compliance with industry, legal, as well as policy, security, and privacy requirements.
This position is a senior-level analyst position due to experience required in building a program, strong interpersonal and documentation skills required, and preference for CAO experience.
WHAT ARE THE DAY TO DAY EXPECTATIONS? You'll build the foundation for the Information Security Office's Engagement division. You'll drive adoption of good security hygiene practices by building strong business relationships, understanding the business risk and needs, collaborating with the business as a trusted subject matter expert to support them as they adopt innovative technologies. You'll drive education and awareness for the business, industry, and our community through the development of training materials/content and delivery of training to staff as needed. You will work with leadership and the CISO to develop metrics and reporting, as well as quarterly Customer Business Reviews (CBRs) to inform the business and ISO on program efficacy and effectiveness, as well as identify risks and solutions. You will manage the open record requests and eDiscovery hold requests for the IT department and engage the CAO and business stakeholders to ensure successful response to requests. You will work with leadership and the CISO in development and execution of their business strategies and roadmaps, identifying requisite security control requirements, forecasting implementation costs, TCO, ROI and the level of effort to implement and sustain. You will perform security and privacy risk assessments of infrastructure and provide reporting of findings and recommendations for resolution. You will track risk findings and support the team, Security Operations, Enterprise Infrastructure and Public Safety teams to properly address. You will be the subject matter expert (SME) for security during internal and external audits, working with the CISO, Risk and Compliance, and leadership to ensure audit requests are fulfilled and findings addressed. You will regularly engage the Security Operations, Enterprise Infrastructure and Enterprise Applications teams to resolve issues and be a champion of business change to ensure good security hygiene is foundational to everything you do. The successful candidate will be able to translate legal and regulatory technical requirements into business language. You will work alongside the Security Operations and Risk & Compliance divisions to ensure existing ISO platforms are deployed, tuned, and effective in meeting governance requirements. You will be a key member in the design and implementation of security controls to meet this objective. You will perform ongoing learning and research to identify new technology and ensure the ISO is prepared to address and secure those technologies. You will be responsible for evaluating systems, policies, and processes to ensure compliance with the requirements and standards applicable to securing business. Stay up to date with relevant legislation, industry standards, and best practices. Respond to emergencies and other incidents as required and participate in investigations and remediation efforts. You will support leadership as they develop technology strategy, including liaise with IT and ISO colleagues to help drive innovative change in technologies and processes, and ensure the architecture is developed with security-by-design methods to meet compliance and business requirements for confidentiality, availability, and integrity. You will meet regularly with leadership to understand the department's needs and current and future needs. MINIMUM QUALIFICATIONS Education: Bachelor's degree OR four (4) years of directly relatable experience OR a combination of both equal to four years. Experience: Required Experience and Skills
You will have an extensive background in information security. Experience in regulatory compliance or legal practice. Must be a self-starter and a life-long learner. Must be a critical thinker who believes security can be an enabler of business. Well-developed interpersonal and communication skills. Conflict resolution skills. Strong documentation skills Strong communication skills Excellent analytical, problem-solving, and decision-making skills. Preferred Experience and Skills
You will preferably have prior experience performing security for a law firm or other legal organization. Prior experience using Microsoft Purview. eDiscovery experience Risk assessment experience. Knowledge of cloud-based technology Experience in IT audit Experience in technical writing and/or report writing. Knowledge: All ISO employees are expected to maintain currency in security practices, technology, and trends. The ISO provides c ontinuing education assistance to its staff to maintain licensure and learning. Licenses Or Certificates Required: You will have, or obtain within your first six months, an applicable security certification such as CISSP, CISA, Security+, or comparable. Valid Colorado Driver's License.
