The Vendor is required to provide to engage a technology firm that can provide an information security analyst to develop a program to protect the city’s information systems, sensitive data and technology infrastructure.
- This position is responsible for ensuring the confidentiality, integrity, and availability of critical systems and information by conducting security risk assessments, implementing and monitoring security controls, ensuring compliance with relevant frameworks and advising leadership on emerging cybersecurity threats.
- The analyst, preferably with experience in working within government environments, will be working with the City’s IT, Legal and departmental stakeholders to strengthen the City's security posture.
- Services:
• Develop, implement and maintain information security policies, standards and procedures
• Conduct targeted and ad hoc risk assessments and vulnerability scans across the city systems, applications and networks; recommend and implement mitigations.
• Set up and maintain the city’s risk taxonomy, risk register and control inventory.
• Conduct SOC (system and organizational controls) testing and SOC audits to assess the city’s internal controls, focusing on data security and operational integrity.
• Set up a framework for conducting an annual technology risk and control self-assessment (RCSA) to systematically identify, assess, and mitigate technology risks within the city’s operations
• Monitor, analyze, and respond to security events and incidents across enterprise systems
• Investigate cybersecurity breaches and lead incident response activities, including remediation and containment.
• Support and maintain security tools including SIEM, ids/IPS, DLP, and endpoint protection.
• Participate in audits and compliance assessments, including poa&m development and remediation tracking.
• Provide security awareness training to employees and stakeholders to promote a culture of security.
• Serve as the primary point of contact for threat intelligence, cybersecurity trends, information security risks, and risk mitigation strategies.
• Develop and maintain information security policies, procedures, and standards in compliance with federal regulations.
Set up free email alerts and get notified when new government bids, tenders and procurement opportunities match your industry and location. Choose daily or weekly delivery.
