Information Security Analyst

TYPICAL WORK ACTIVITIES:

• Provides for the security of the computer systems and network for the Information Technology Department at the Erie County Water Authority; 
• Monitors enterprise compliance with information technology security policies and procedures for Erie County Water Authority systems and infrastructure;
• Deploys information technology security controls and processes for Erie County Water Authority systems and infrastructure;
• Monitors information technology systems, network and processes for security events;
• Performs risk assessments to identify vulnerabilities or security exposures;
• Responds to systems and network security-related malicious events and potential computer attacks;
• Coordinates vulnerability management including virus protection and version/patch management;
• Establishes intrusion detection and data loss prevention programs;
• Collaborates in planning for infrastructure design and review of software acquisitions/ upgrades;
• Reviews to ensure appropriate level of systems and network security;
• Reviews applications and services supplied by information technology service providers for appropriate level of security controls;
• Instructs the work force on best procedures for information technology security;
• Monitors information technology logs and reports;
• Documents and monitors security controls, reports and processes.

FULL PERFORMANCE KNOWLEDGES, SKILLS, ABILITIES AND PERSONAL CHARACTERISTICS: Thorough knowledge of information security concepts, protocols and practices; thorough information technology security management tools and products; thorough knowledge of enterprise-wide integrated application systems; thorough knowledge of computer security threats and solutions; ability to perform information technology risk assessments and respond to security incidents; thorough knowledge of ECWA policies and procedures for operation and support of secure data networks, systems and applications; thorough knowledge of ECWA information technology security domains; ability to supervise lower-level staff; ability to communicate effectively, both orally and in writing; ability to establish and maintain effective working relationships with a diverse constituency; ability to utilize a variety of electronic software applications; sound professional judgment; capable of performing the essential functions of the position with or without reasonable accommodation.

MINIMUM QUALIFICATIONS

A) Graduation from a regionally accredited or New York State registered college or university with a Bachelor’s Degree in Information Technology, Computer Science, Cybersecurity or closely related field and three (3) years of experience in systems software, systems analysis or application programming, and included experience in information security*; or:

B) Graduation from a regionally accredited or New York State registered college or university with an Associate’s Degree in Information Technology, Computer Science, Cybersecurity or closely related field and five (5) years of experience in systems software, systems analysis or application programming, of which three (3) years was experience in information security*; or:

C) An equivalent combination of training and experience as defined by the limits of (A) and (B).

Notes:

1. *Information security, for the purpose of qualifying applications, is defined as the processes designed and implemented to protect information, systems and networks against unauthorized access, use or disruption utilizing various forms of technology.

2. Verifiable part-time and/or volunteer experience will be pro-rated toward meeting full-time experience requirements.