Position Description This position will support the IT Security Services team operations as a GRC analyst. Work Location This position may be eligible for flexible work arrangements, including hybrid work with some days working remotely and some days working in the office. The City of Minneapolis does not sponsor applicants for work visas. Job Duties and Responsibilities Track and triage security alerts from end-user reports and security monitoring systems. Make decisions about priority and initiate investigation or incident response activities as appropriate. When breach incidents are detected, initiate and coordinate the Incident Response Plan, making sure the appropriate Security Incident Response Team members are assigned and all stakeholders are kept informed through all phases of the response. Capture root-cause findings and author incident reports. Coordinate compliance management with line-of-business staff responsible for regulatory requirements that impact IT services. Write policies, procedures, and standards. Work with end-users who have been victims of malware or social-engineering attacks to help them understand what happened and how to avoid such incidents in the future. Train and mentor IT staff in information technology security industry standards and best practice. Assist in monitoring and designing metrics and audits to measure the effectiveness and compliance with security controls, policies, and procedures. Coordinate identity and access management program, working with City supervisors and data owners to establish access request and approval procedures as well as to develop and maintain re-usable job-role-based access profiles. Review and triage results of routine and ad hoc vulnerability scans, assigning priority and appropriate IT remediation team. Assist in managing System Security Plan lifecycle for major applications as assigned. Perform or otherwise ensure all scheduled security monitoring practices are completed as needed, review findings for potential incidents, recommend and implement solutions, and escalate as needed. Assists in the development and automation of Cyber Security standards, specifications, procedures & practices. Required Qualifications Minimum Education Associate Degree in Computer Technology or equivalent (two years of post-high-school training) which includes computing technology or related coursework with relevant coursework in areas such as network security or cyber security. Minimum Experience Five years of experience in Governance, Risk and Compliance (GRC) or closely related experience. Equivalency An equivalent combination of education and experience closely related to the duties of the position MAY be considered. Selection Process The selection process will consist of one or more of the following steps: a rating of relevant education and experience and/or an oral examination (100%). It is important that your application show all the relevant education and experience you possess. This information will be used to determine which candidates will proceed in the selection process. A submitted application is also used to verify the answers to any supplemental questions. Only those candidates who attain a passing score(70%)on each step in the selection process will be placed on the eligible list. The City of Minneapolis Human Resources Department reserves the right to limit the number in any phase of the selection process. Background Check The City has determined that a criminal background check and/or qualifications check may be necessary for certain positions with this job title. Applicants may be required to sign an informed consent form allowing the City to obtain their criminal history and/or verify their qualifications in connection with the position sought. Applicants who do not sign the informed consent form will not be further considered for the position. Union Representation This position is represented by a collective bargaining agreement between the City of Minneapo is and the Minneapolis Professional Employees Association (MPEA). Eligible List Statement The names of applicants who meet minimum qualification and who pass the screening process shall be placed on the eligible list for employment consideration. This list will be certified to the hiring manager who may use the list to fill a vacancy of the same job title. This eligible list will expire in two months after it has been established. Interview Selection The hiring authority reserves the right to determine the maximum number of candidates to interview from the established eligible list. If the hiring authority decides to interview other than by exam score order, they may select additional people to interview based on a candidate's education or experience related to the field, work history, or skills uniquely related to the operational needs of the position. Knowledge, Skills and Abilities Good knowledge of basic computing and IT security. Quick learner, ability to apply new knowledge appropriately. Proactive, self-starter able to balance competing priorities to meet promised deadlines. Ability to write information security policies, procedures and standards. Team player who can apply right balance of assertiveness and acceptance in professional interactions. Good research and analytical skills. Good written, oral and visual communication skills. Cyber security certifications highly desirable. Write policies, procedures, and standards. Understand compliance requirements with CJIS, HIPAA and PCI-DSS. As the largest and most vibrant city in the state, Minneapolis depends on purposeful, dedicated and innovative employees. Minneapolis has a large variety of careers for people of all experiences and backgrounds who come together for a singular purpose-serving the residents, businesses and visitors of Minneapolis. The City of Minneapolis is proud to be an Equal Employment Opportunity and Affirmative Action employer.