Position Summary

We're seeking a highly experienced Information Security Analyst to support a municipal-level cybersecurity program. This role reports to executive cybersecurity leadership and is responsible for strengthening enterprise security posture, ensuring regulatory compliance, and protecting critical systems and sensitive data.

Key Responsibilities

• Develop and maintain information security policies, standards, and procedures
• Maintain IT risk taxonomy, risk register, and control inventory
• Align security program with NIST, FISMA, FedRAMP, ISO 27001, CIS Controls
• Lead Technology Risk and RCSA processes
• Conduct risk assessments, vulnerability scans, SOC testing, and audits
• Support audits, compliance reviews, POA&M tracking
• Monitor and respond to security events; lead incident containment/remediation
• Maintain SIEM, IDS/IPS, DLP, and endpoint protection tools
• Manage threat intelligence processes
• Advise leadership on cybersecurity risks and trends
• Provide security awareness training and executive-ready communications
  
  

Required Deliverables

• IT Risk Taxonomy (NIST RMF aligned)
• Enterprise IT Risk Register
• Risk Assessment Methodologies
• SOC Testing Framework & RCSA Model
• Threat Intelligence Process Documentation
• Compliance & remediation tracking
  
  

Minimum Qualifications

• 810 years in Information Security, Risk Management, or IT Security Operations
• Experience developing enterprise security programs in regulated environments
• Expertise with: SIEM, IDS/IPS, Firewalls, Endpoint tools, Vulnerability platforms
• Knowledge of Zero Trust architecture
• Understanding of NIST CSF 2.0, NIST RMF, ISO 27001, CIS Controls
• Cloud security experience (AWS, Azure, GovCloud)
• Strong analytical, investigative, and communication skills
  
  

Preferred Qualifications

• Experience in municipal, state, or federal environments
• Certifications: CISSP, CISM, CRISC, CEH, GIAC
• Experience with POA&M remediation and compliance reporting
  
  

Core Competencies

• Enterprise Risk Management
• Security Governance & Compliance
• SOC & Control Testing
• Incident Response
• Threat Intelligence
• Zero Trust Architecture
• Cross-Functional Collaboration