IT Security Analyst III (Information Technology Services)

Shelby County

Memphis, TN

JOB DETAILS
SKILLS
Access Control, Analysis Skills, Applications Security, Best Practices, CCSP - Cisco Certified Security Professional, CISA - Certified Information Systems Auditor, CISM - Certified Information Security Manager, CISSP - Certified Information Systems Security Professional, Communication Skills, Computer Hacking, Computer Science, Computer Security, DevOps, Endpoint Security, Firefighting, Firewalls, Government, HIPAA (Health Insurance Portability and Accountability Act), Hunting, ISACA (Information Systems Audit and Control Association), IT Requirements, ITIL (IT Infrastructure Library), Incident Response, Industry Standards, Information Technology & Information Systems, Information Technology/Systems Audit, Information/Data Security (InfoSec), International Information Systems Security Certification Consortium (ISC)2, Internet Security, Interpersonal Skills, Intrusion Detection Systems, Intrusion Prevention Systems, Leadership, Legal, Mentoring, Network Administration/Management, PCI-DSS, Policy Development, Policy Implementation, Privacy Regulations, Problem Solving Skills, Procedure Development, Procedure Implementation, Product Lifecycle, Public Safety, Quality Assurance, Regulations, Regulatory Compliance, Regulatory Requirements, Risk Analysis, Risk Management, Secure Coding, Security Analysis, Security Architecture, Security Attacks, Security Information and Event Management (SIEM), Security Monitoring, Server Architecture, Software Administration, Status Reports, Strategic Planning, Systems Administration/Management, Systems Maintenance, Team Player, Technical Support, Testing, Threat Modeling, Time Management, Training Program, U.S. National Institute of Standards and Technology (NIST), Virtualization, Vulnerability Scanners
LOCATION
Memphis, TN
POSTED
30+ days ago

Position Summary

Works under the direction of the Systems Security Officer to execute, monitor, and assess the Shelby County Government (SCG) Information Security Program. Acts in a lead capacity to plan, research, specify, engineer, and implement highly complex security solutions. Administers and maintains systems critical to the function of the Information Security Program and develops procedures and policies for implemented solutions. Responsible for carrying out comprehensive security processes, risk assessments, and assessments of third-party vendors, and works with groups inside and outside of SCG to ensure the successful operation of the Information Security Program.

Pay Grade: 57 Salary: Commensurate with Experience and Education

Minimum Qualifications

Five (5) years of cybersecurity/compliance experience, including three years of cybersecurity experience within a medium to large organization; Bachelor's degree from an accredited college or university in cybersecurity, computer science, or a closely related field; OR An equivalent combination of related education, and/or experience.

Security credentials such as ISC2 CISSP, ISC2 CCSP, ISACA CISA, ISACA CISM, or closely related certifications are preferred.

Proof of education, training, and/or experience is required.

Duties and Responsibilities

Leads proactive threat-hunting initiatives using advanced security tools and methodologies, while overseeing daily monitoring of system audit log feeds.

Manages the generation and analysis of detailed incident reports, threat analysis reports, and compliance status reports to facilitate strategic decision-making and risk management.

Oversees the processing of security office requests, including user access requests, access control changes, and responses to security advisories, ensuring timely and efficient resolution of security concerns.

Develops and oversees the organizations cybersecurity training program, tailored to different roles and departments, ensuring its effectiveness, relevance, and compliance with industry standards.

Leads the management of security incidents using the approved IT incident response solution, coordinating remediation efforts across IT sections, and enhancing incident response plans through regular tabletop exercises and risk assessment updates.

Creates, updates, and maintains comprehensive cybersecurity incident response playbooks, outlining steps for identifying, analyzing, and responding to security incidents effectively.

Provides leadership in supporting IT Application Services by conducting security quality assurance reviews, vulnerability scans, and collaborating with DevOps and Applications Services to integrate secure coding practices into the development lifecycle.

Stays abreast of new security technology developments relevant to business and IT requirements, lead the evaluation and recommendation of security solutions, and oversee pilot tests to enhance the organizational security posture.

Leads the development, deployment, and regular update of IT security policies and procedures, ensuring alignment with current best practices, legal requirements, and compliance standards.

Demonstrates strong interpersonal and communication skills to foster collaboration with management, peers, customers, and non-IT departments, promoting a culture of security awareness and cooperation across the organization.

Exemplifies a strong passion for information technology and cybersecurity, driving continuous exploration, learning, and adoption of new technologies and security practices within the team and organization.

Upholds strict adherence to ethical guidelines and legal requirements in all cybersecurity activities, including compliance with privacy laws, data protection regulations, and ethical hacking standards.

Provides leadership and mentorship to junior security analysts, fostering their professional growth and development within the team and organization.

Performs other related duties as assigned or directed.

KSAs

Advanced knowledge of cybersecurity principles, including risk management, threat modeling, security architectures, and incident response strategies.

Proficiency knowledge in key legal and regulatory requirements such as HIPAA, PCI-DSS, and familiarity with frameworks such as ITIL, NIST CSF, CIS Controls, and zero trust, guiding the organization in compliance efforts.

Proficiency knowledge with a wide range of advanced security technologies and tools, including SIEM, firewalls, IDS/IPS, DLP, endpoint protection, privilege access management, and threat intelligence platforms.

Advanced knowledge of key IT infrastructure technologies including virtualization technologies, server architectures, containerization, and network infrastructure, providing strategic guidance for secure implementation.

Proficiency knowledge in secure coding practices, understanding common application security vulnerabilities (OWASP Top 10), and guiding development teams to mitigate risks.

Ability to identify, analyze, and resolve complex security threats and vulnerabilities, providing strategic direction for incident response.

Skilled in communicating complex security concepts to non-technical audiences, fostering collaboration across departments, and providing strategic guidance to senior management.

Ability to drive innovation and proactive approaches to emerging security challenges.

Ability to lead enterprise-sized cybersecurity projects from inception to completion.

Disclaimer

This position is subject to a background check for any convictions that have a substantial relationship to potential job duties. Only convictions that are substantially related to potential job duties will be considered and will not automatically disqualify the candidate.

Shelby County Resident Disclaimer

All employees hired after September 1, 1986, must be residents of Shelby County and shall continue to reside in the County as a condition of their employment. The residency requirement shall not apply to certain public safety/civil service employees. This means exemption from this policy is in effect for the following departments and positions:

(1) Sheriff Deputy Patrol Officers, Deputy Jailers and Dispatchers, employed by the Sheriff Department, (2) Correction Officers employed by the Division of Corrections, (3) Firefighters, Paramedics and Dispatchers employed by the Shelby County Fire Department.

The residency exemption for public safety/civil service employees does not include Appointed positions with Sheriff's Office, Division of Corrections or the Fire Department.

About the Company

S

Shelby County