NEWPosted 4 hours ago

Job ID: JOB_ID_3065

Job Summary

The City of Stamford is seeking a qualified Information Security Analyst to develop and implement a comprehensive program to protect its information systems, sensitive data, and technology infrastructure. This role, operating under the direction of the Technology Department’s Cybersecurity Officer, is crucial for ensuring the confidentiality, integrity, and availability of critical systems. The analyst will conduct security risk assessments, implement and monitor security controls, ensure compliance with relevant frameworks, and advise leadership on emerging cybersecurity threats. Experience working in government environments is preferred.

Key Responsibilities

  • Develop, implement, and maintain Information Security policies, standards, and procedures.
  • Conduct targeted and ad hoc risk assessments and vulnerability scans across city systems, applications, and networks; recommend and implement mitigations.
  • Establish and maintain the City’s risk taxonomy, risk register, and control inventory.
  • Conduct System and Organizational Controls (SOC) testing and SOC audits to assess internal controls, focusing on data security and operational integrity.
  • Establish a framework for an annual technology Risk and Control Self-Assessment (RCSA) to identify, assess, and mitigate technology risks.
  • Monitor, analyze, and respond to security events and incidents across enterprise systems.
  • Investigate cybersecurity breaches and lead incident response activities, including remediation and containment.
  • Support and maintain security tools including SIEM, IDS/IPS, DLP, and endpoint protection.
  • Participate in audits and compliance assessments, including POA&M development and remediation tracking.
  • Provide security awareness training to employees and stakeholders.
  • Serve as the primary point of contact for threat intelligence, cybersecurity trends, information security risks, and risk mitigation strategies.
  • Develop and maintain information security policies, procedures, and standards in compliance with federal regulations (e.g., FISMA, NIST, FedRAMP).

Qualifications

  • 8-10 years of progressive experience in information security, risk management, or IT security operations.
  • Experience with security tools and technologies such as SIEMs, IDS/IPS, firewalls, endpoint protection, and vulnerability management tools.
  • Understanding of Zero Trust architecture principles.
  • Knowledge of information security frameworks such as NIST Cybersecurity Framework 2.0, ISO 27001, and CIS Controls.
  • Familiarity with cloud security (AWS, Azure, GovCloud).
  • Strong analytical, problem-solving, and written communication skills.
  • Experience working in government environments is preferred.

Deliverables

  • IT risk taxonomy leveraging risk domains sourced from NIST RMF frameworks.
  • Risk register for the City’s departments.
  • Application and Infrastructure risk assessment methodologies, including SOC testing and the Risk and Control Self-Assessment (RCSA).
  • Process for threat intelligence and collaboration.

Employment Type

Onsite W2

About Aditi LLC

Aditi LLC is a leading IT staffing and consulting firm dedicated to providing exceptional talent and solutions to our clients. We specialize in connecting skilled professionals with challenging opportunities across various industries.

Special Requirements

Candidate must be local to CT

Compensation & Location

Salary: $90,000 – $130,000 per year (Estimated)

Location: Stamford, CT

Recruiter / Company – Contact Information

Recruiter / Employer: City of Stamford

Email: nikhilm@aditi-llc.co

Interested in this position?
Apply via Email

Recruiter Notice:
To remove this job posting, please send an email from
nikhilm@aditi-llc.co with the subject:

DELETE_JOB_ID_3065

to delete@join-this.com.