Job ID: JOB_ID_2893
Job Description: Information Security Analyst
The City of Stamford is seeking a highly skilled Information Security Analyst to develop and implement a comprehensive program to protect the City’s information systems, sensitive data, and technology infrastructure. This role operates under the direction of the Technology Department’s Cybersecurity Officer and is responsible for ensuring the confidentiality, integrity, and availability of critical systems and information. The analyst will conduct security risk assessments, implement and monitor security controls, ensure compliance with relevant frameworks, and advise leadership on emerging cybersecurity threats. Experience working in government environments is preferred.
Purpose:
- Develop a program to protect the City’s information systems, sensitive data, and technology infrastructure.
- Ensure the confidentiality, integrity, and availability of critical systems and information.
- Conduct security risk assessments and implement/monitor security controls.
- Ensure compliance with relevant frameworks and advise leadership on emerging cybersecurity threats.
- Strengthen the City’s security posture by working with IT, Legal, and departmental stakeholders.
Qualifications:
- 8-10 years of progressive experience in information security, risk management, or IT security operations.
- Experience with security tools and technologies such as SIEMs, IDS/IPS, firewalls, endpoint protection, and vulnerability management tools.
- Understanding of Zero Trust architecture principles.
- Knowledge of information security frameworks such as NIST Cybersecurity Framework 2.0, ISO 27001, and CIS Controls.
- Familiarity with cloud security (AWS, Azure, GovCloud).
- Strong analytical, problem-solving, and written communication skills.
Scope of the Work:
- Develop, implement, and maintain Information Security policies, standards, and procedures.
- Conduct targeted and ad hoc risk assessments and vulnerability scans across city systems, applications, and networks; recommend and implement mitigations.
- Set up and maintain the City’s risk taxonomy, risk register, and control inventory.
- Conduct System and Organizational Controls (SOC) testing and SOC audits to assess the City’s internal controls, focusing on data security and operational integrity.
- Set up a framework to conduct an annual Technology Risk and Control Self-Assessment (RCSA) to systematically identify, assess, and mitigate technology risks within the City’s operations.
- Monitor, analyze, and respond to security events and incidents across enterprise systems.
- Investigate cybersecurity breaches and lead incident response activities, including remediation and containment.
- Support and maintain security tools including SIEM, IDS/IPS, DLP, and endpoint protection.
- Participate in audits and compliance assessments, including POA&M development and remediation tracking.
- Provide security awareness training to employees and stakeholders to promote a culture of security.
- Serve as the primary point of contact for threat intelligence, cybersecurity trends, information security risks, and risk mitigation strategies.
- Develop and maintain information security policies, procedures, and standards in compliance with federal regulations (e.g., FISMA, NIST, FedRAMP).
Deliverables:
- IT risk taxonomy leveraging risk domains sourced from NIST RMF frameworks.
- Risk register for the City’s departments.
- Application and Infrastructure risk assessment methodologies, including SOC testing and the Risk and Control Self-Assessment (RCSA).
- Process for threat intelligence and collaboration.
Compensation & Location
Salary: $110,000 – $150,000 per year (Estimated)
Location: Stamford, CT
Recruiter / Company – Contact Information
Email: nikhilm@aditi-llc.co
Recruiter Notice:
To remove this job posting, please send an email from
nikhilm@aditi-llc.co with the subject:
DELETE_JOB_ID_2893