IT COMPLIANCE ANALYST

The City of Richmond is committed to be the most appealing, livable, well-managed community in Canada, a vision that is only made possible by developing our most valuable asset – our people. This is a great opportunity to join our team and shape our community. The City of Richmond offers competitive pay programs, comprehensive benefits and attractive incentives. If you are looking to make a difference, and to share our vision, then please apply.

KNOWLEDGE, SKILLS & ABILITIES:

• Understanding of IT governance and cybersecurity principles, frameworks and methodologies (e.g. NIST CSF, CIS Critical Security Controls, ISO27001, PCI-DSS and MITRE ATT&CK).
• Ability to draft, customize, appraise and present written IT security policies, procedures and standards.
• Strong organizational, team-building and people skills
• Ability to work and navigate within a matrixed organization
• Strong communication and leadership skills
• Ability to understand the impact on new technologies on processes and adapt and apply changes to working environment
• Knowledge of industry sound practices/procedures, regulations, and laws related to IT governance and cybersecurity
• Demonstrated understanding of municipal environments
• Strong computer skills, including word processing, spreadsheet, systems documentation, and other business software to prepare reports, memos, summaries, and analysis

QUALIFICATIONS AND EXPERIENCE:

• Bachelor’s degree in computer science, information technology, information security or related field or an equivalent combination of education, training and experience
• A minimum of 2 years of relevant work experience related to information technology governance and cybersecurity
• Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA) or other relevant industry certifications preferred

• Researches and recommends sound IT compliance models or practices related to cybersecurity and IT governance
• Develops documents related to IT security policies, procedures and standards adhering to the relevant legislation and industry sound practices
• Supports the maintenance or enhancement of existing IT security policies, procedures and standards
• Assists the planning and execution of assessments and reviews to identify improvement opportunities related to IT governance and cybersecurity for the City
• Directs and evaluates the work of external consultants in performing IT risk or security audits/assessments as defined by statement of work
• Prepares status reports on relevant audits/assessments for review by IT Management as needed
• Liaises with City staff, senior management staff and occasionally external organizations related to cybersecurity and IT governance
• Promotes a culture of security awareness which include conducting cybersecurity awareness training and phishing simulation exercises for City staff
• Coordinates IT Security Steering Committee meetings and supports relevant action items
• Supports the maintenance of the City’s IT security incident response plan, playbooks and relevant procedures
• Coordinates security incident response and recovery activities with stakeholders on IT security breaches and cyber attacks
• Assists with security event log monitoring, analyzing and reporting tasks