TITLE: Information Technology (IT) Security & Compliance Analyst

SUMMARY

Under the direction of the Information Services Director, the Information Technology (IT) Security & Compliance Analyst will oversee, coordinate, enforce Information Security & Disaster Recovery efforts, protocols for the Crane School District.  The job requirements will be accomplished by meeting following expectations: installing, configuring, monitoring security systems and alerts; and participates in the analysis, evaluation of enterprise information security, as well as ensures the district’s compliance with the Arizona Auditor General and other various compliance regulations. Takes on security-oriented responsibilities by implementing formal methodologies, educating, promoting, enforcing approved security policies, procedures, guidelines, standards and provides technical leadership of security and governance following the Crane Schools Leadership Mission.

ESSENTIAL FUNCTIONS __ Essential functions, as defined under the Americans with Disabilities Act, may include any of the following representative duties, knowledge, and skills.  This list is ILLUSTRATIVE ONLY, and is not a comprehensive listing of all functions and duties performed by incumbents of this class. Employees are required to be in attendance and prepared to begin work at their assigned work location on the specified days and hours. Factors such as regular attendance at the job are not routinely listed in job descriptions, but are an essential function. Essential duties and responsibilities may include, but are not limited to, the following:

1. Protects information technology's assets (i.e., hardware, software, data, etc.) by establishing and enforcing system access controls.

2. Monitor and audit to ensure authorized access by investigating improper access; based on severity of issues immediately revoking access; reporting violations; recommending improvements.

3. Monitor and analyze IT systems for unusual behavior or breaches; Respond to security incidents and audits and report status to management.

4. Ensure network security devices and measures exist and function correctly. Performs periodic information security audits and risk assessments.

5. Performs security monitoring, testing, prevention, and remediation activities across the network taking a proactive approach to mitigate district risks.

6. Manage, develop, and coordinate security awareness program with updates, provide all management, end-user security training, and on-going communication.

7. Provide reports, audit and monitors internet usage compliance and reports violations of The Crane Elementary School District #13 policy.

8. Work with Information Services personnel and vendors to analyze, audit, mitigate any risks and compile regular network and security reports to present to the Director of Information Services and Executive Leadership.

9. Ensure compliance with various IT Compliance Standards - NIST, HIPPA, PCI-DSS, COPPA, FERPA etc.

10. Creates compliance policies & procedures, cyber incident response plan & procedure documentation, and education for Cyber Security Standards.

11. Maintains accurate and current compliance documentation mandated by the Arizona Auditor General regulatory standard(s) as directed by the Director of Information Services, the Director of Finance, and Executive Leadership.

12. Develops, implement, evaluates, documents, evaluates, and modifies Information Technology (IT) Compliance controls (i.e., DLP, MDM, Encryption, etc.) for all Information Technology Resources.

13. Works with Information Services Staff, Human Resources Staff, Finance Staff to ensure IT Security Compliance deliverables are met.

14. Coordinates, schedules, and documents IT Disaster Recovery Exercises with Information Services, schools, and operations support departments.

15. Works with Information Services, schools, and operations support departments on keeping their business continuity plans and work arounds up to date.

16. Works with Information Services on creating, evaluating, and maintaining their IT Disaster Recovery Plan and recovery procedures up to date.

17. Works with Information Services on creating, evaluating, and maintaining server data backups.

18. Evaluates new technology, and assists in the selection of new technologies that affect district-wide technology security and compliance; assists with Request for Proposals (RFP) development, proposal evaluations, vendor negotiations and contract management.

19. Assist in the short and long-term planning and implementation of information technology security technologies and applicable expansion solutions by providing the most efficient and cost-effective technology.

20. Supports the relationship between the school district and the general public by demonstrating courteous and cooperative behavior when interacting with citizens, visitors, and district staff; promotes the district goals and priorities and complies with all district policies and procedures.

21. Maintains absolute confidentiality of work-related issues and district information.

22. Follows industry/company standards regarding safety policies and procedures.

23. Maintains work areas, tools, and PPE in a clean, orderly, and safe manner.

24. Professional-upbeat attitude, assist and work harmoniously with vendors and Crane Schools employees.

25. Uses information technology management tools to manage work orders and task requests.

26. Performs other duties as required or assigned by Information Services Director.

27. Troubleshoot, communicate, and resolve IT security problems in a timely manner.

28. Assist and perform routine scheduled and emergency nonscheduled software, firmware, and hardware updates and upgrades.

29. Support Information Services on-call staff afterhours with IT security incident management during the week, weekend, and holidays.

MINIMUM QUALIFICATIONS

1. Education, Training and Experience Guidelines:

Bachelor's degree in Computer Science or equivalent IT security certifications (i.e., CISSP, CISA), and 1 of 2 entry level certifications (Security+, MTA Security Fundamentals); AND three + years' experience in an IT technical role; OR an equivalent combination of education, training and experience.  10 years’  experience in an IT security or a related technical role may be substituted for no Bachelor's degree in Computer Science or equivalent IT security certifications (i.e., CISSP, CISA),

Knowledge of:

1. IT best practices for IT policies, procedures, standards, and guidelines.

2. IT Security and IT Compliance Standards to include Arizona Criminal Justice Information Systems, Health Insurance Portability and Accountability (HIPPA), Payment Card Industry (PCI-DSS), Internal Revenue Services - Safe Guards (IRS 1074), Personally Identifiable Information (PII), Federal Information Processing Standards (FIPS), and the Nation Institution of Standards and Technology (NIST).

3. Software enterprise applications, various operating systems used within a large IT environment, including ERP System, Public Safety Systems, Asset / Fleet Management Systems, Legal – CMS, video, and proximity systems, etc.

4. Information security standards, logging (SIEM, etc.), and methodologies with excellent knowledge of change management processes, patch management, security methods, security tools and current mobile technologies.

5. Enterprise data backups and best practices.

6. Business continuity planning and best practices.

7. IT disaster recovery planning and best practices.

8. Cyber incident planning and best practices.

SKILLS:

1. System hardening (i.e., firewall, security systems web, application, workstations, mobile devices, etc.), vulnerability assessments, security audits, intrusion detection / prevention and incident response.

2. Researching problems that are difficult to identify or where facts may be insufficient and misleading.

3. Handling sensitive or confidential information.

4. Assessing customer support needs, and implementing effective solutions mitigating risks.

5. Leadership, teamwork, presentation, and people management skills.

6. Using initiative and independent judgment within established procedural guidelines with a focus on mitigating risks and protecting system data.

7. Working in a group or independent in a technical environment with interlinked and changing priorities.

8. Establishing and maintaining positive and cooperative working relationships with coworkers.

9. Communicating effectively verbally and in writing.

10. Ability to comprehend and execute complex written and oral instructions.

11. Ability to communicate technical information to non-technical individuals.

PHYSICAL DEMANDS AND WORKING ENVIRONMENT

1. Work is performed in a standard office environment; is required to lift objects up to 50 pounds, bend, stoop, crawl, and navigate tight spaces; requires use of hands; requires vision capacity at close range and ability to differentiate between colors.

2. Good driving record.

REPORTS TO:

Information Technology Director 

TERMS OF EMPLOYMENT:

Twelve-month work year.  Salary and benefits as established by the Board.

EVALUATION:

Performance of this job will be evaluated in accordance with the Governing Board policy on evaluation.

Range 26