With a workforce of over 25,000 people, and opportunities in more than 1,000 different job categories, the City of Philadelphia is the fifth largest city in the United States and one of the largest employers in Southeastern Pennsylvania. As an employer, the City of Philadelphia operates through the guiding principles of service, integrity, respect, accountability, collaboration, diversity and inclusion. Through these principles, we strive to effectively deliver services, to resolve the challenges facing our city, and to make Philadelphia a place where all of our residents have the opportunity to reach their potential.  

The Office of Innovation & Technology (OIT) is the central IT agency for the City of Philadelphia headed by the Chief Information Officer (CIO).  The Information Security Group’s (ISG) primary goal is to protect the City's information assets through the development and implementation of policies, procedures, and standards that are aligned with City priorities, industry best practices, and government regulations. The ISG functions as a center of excellence that provides technical expertise and guidance for the City to ensure the protection of information assets.  

The Information Security Group is looking for a mid-career Information Security Analyst with experience in Governance, Risk and Compliance to join the Information Security Group.   The Information Security Analyst will specialize in identifying, tracking and managing risks and vulnerabilities affecting the City of Philadelphia’s IT environment.  The analyst will also contribute to the development of the OIT’s information security program and provide analytical support for the ISG.  The preferred candidate will be able to work effectively in a collaborative environment and will have a strong interest in the current security landscape, resources and threats affecting large municipal government networks.
Responsibilities: 

• Test effectiveness of IT and business process controls and provide remediation recommendations
• Perform application, vulnerability and penetration testing and communicate findings to business unit leaders and technical subject matter experts
• Document, track and report on, and effectively communicate risks to the City of Philadelphia 
• Create controls, standards and guidance documentation
• Track and report on the effectiveness of information security technology, processes and polices
• Support and participate in Information Security projects and initiatives as needed, including development of security monitoring procedures, incident response planning, etc.
• Other duties as assigned

Competencies, Knowledge, Skills and Abilities
Ability to:

• Use and manage GRC and/or IRM tools 
• Perform application, vulnerability and penetration testing using standard industry tools
• Perform internal risk assessments
• Solve practical problems and in situations where only limited standardization exists
• Effectively communicate with both Business Unit leaders and technical professionals
• Understand regulatory requirements and their application to a variety of business units
• Stay informed of Industry trends and emerging threat landscape.

Knowledge of:

• Information Security principals and best practices
• Working knowledge of Information Security Technology: GRC or IRM Tools, Vulnerability Management tools, SIEM, A/V tools, etc
• In depth knowledge of Information Security regulations, compliance requirements and frameworks that apply to city governmental agencies: HIPAA, HITECH, CJIS, PCI, FTI, NIST Cybersecurity Framework, NIST 800-53, CIS Controls 
• Industry trends affecting government (especially state and local governments), campus, and large enterprise networks.

• 3 or more years’ experience in an Information Security, IT Risk Management or IT Audit role, with experience working in government, large campus or large enterprise environments preferred
• Completion of a Bachelor’s or Master’s Degree program at an accredited college or university, which has included major course work in computer science, information science or information security. 
• Maintain or are working towards relevant industry certifications such as CISA, CGEIT, CISM, CISSP, CEH

Or a partial combination of the above acceptable to OIT.

Ability to pass a CJIS background check

Please submit a resume and cover letter with your application.

The successful candidate must reside in the City of Philadelphia or establish primary residence in the City of Philadelphia within 6 months of employment

The City of Philadelphia is an Equal Opportunity employer and does not permit discrimination based on race, ethnicity, color, sex, sexual orientation, gender identity, religion, national origin, ancestry, age, disability, marital status, source of income, familial status, genetic information or domestic or sexual violence victim status. If you believe you were discriminated against, call the Philadelphia Commission on Human Relations at 215-686-4670

 For more information, go to: Human Relations Website: http://www.phila.gov/humanrelations/Pages/default.aspx