Senior Data Protection Governance, Risk, and Compliance Analyst

About Our Job

Who We Are

With competitive pay, great benefits, and endless opportunities, working for the City and County of Denver means seeing yourself working with purpose — for you, and those who benefit from your passion, skills and expertise. Join our diverse, inclusive and talented workforce of more than 11,000 team members who are at the heart of what makes Denver, Denver.

We value diversity of ethnicity, race, socioeconomic status, sexual identity, gender, religion, language, ability, and experience and exemplify this through the makeup of our team at all levels. You'll be right at home here if you cultivate strong relationships and push yourself, your work, the people around you and Denver to the next level.

The Technology Services Department (TS) of the City and County of Denver use state-of-the-art technologies and methodologies to deliver and improve the systems, applications, and operations to our customers. Technology Services supports the people, agencies, and ideas that make the City and County of Denver a world-class city. The city offers a unique opportunity to work with a diverse business and technology environment on a large scale as we employ more than 13,000 people, of which 9,000+ are daily technology consumers in support of a diverse population over 700,000 Denverites.

What We Offer

The City and County of Denver offers a competitive salary commensurate with education and experience. The salary range for this position is $84,604.00 - $139,597.00/year, based on education and experience. We also offer generous benefits for full-time employees which includes but is not limited to:

• A guaranteed life-long monthly pension, once vested after 5 years of service
• 457B Retirement plan
• 132 hours of PTO earned within first year + 11 paid holidays, 1 personal holiday and 1 volunteer day per year
• Competitive medical, dental and vision plans effective within 1 month of start date

Location

The City and County of Denver supports a hybrid workplace model. Employees work where needed, at a job site several days a week and off-site as needed. Employees must work within the state of Colorado on their off-site days.

What You’ll Do

The City and County of Denver (CCD) is seeking a Senior Data Protection Governance, Risk, Compliance, (GRC) Analyst holistically, ensuring risk and vulnerabilities are viewed not only from a system security standpoint, although from the lens of the end user and application You will also be a key stakeholder in the CCD GRC Team.

Specifically, you will focus on managing Payment Card Industry (PCI) compliance within Technology Services. You will work to prevent and mitigate any identified data loss activities as well as manage the CCD PCI Compliance Program reviewing and mitigating identified monthly vulnerabilities, ensuring PCI regulatory compliance, and managing the annual PCI ROC engagement. You will also support other GRC activities such as third-party file share utilization, compliance with other regulated data sets, Data loss Prevention, and user access review’s along with role-based access control activities.

Responsibilities

• Ensure PCI compliance with ongoing vulnerability identification and mitigation.
• Collaborate with CCD Department of Finance and various CCD agencies to ensure PCI compliance.
• Manage the annual PCI audit, setting up and managing all aspects of the PCI audit, including but not limited to arranging onsite auditor visits, scheduling interviews, compiling applicable documentation, managing annual PEN tests, and involving key stakeholders throughout the CCD.
• Create and present PCI training to applicable CCD agencies and stakeholders.
• Assist with Data Protection ServiceNow requests including CCD employee third party file share permission requests.
• Identify and classify protected, regulated, and sensitive data sets.
• Review access roles and permissions, ensuring proper safeguards and user business need for access. 
• Collaborate with technology services teams and various CCD Agency’s to mitigate identified risk.
•  Act as an ongoing liaison and G,R,C subject matter expert for other CCD Agency’s and advise on best practices to reduce risk and promote regulatory compliance.
• Utilize Proofpoint software to conduct data loss prevention oversight to minimize risk and increase compliance and confidentiality of protected information across applications and systems utilized by the City and County of Denver Users.
• Perform other duties as assigned or requested.

What You’ll Bring

• At least 2 years of experience managing PCI compliance including identification and mitigation of PCI risk vulnerabilities.
• US Department of Commerce, National Institute of Standards and Technology (NIST), Cybersecurity and Privacy Frameworks
• Payment Card Industry Data Security Standard (PCI-DSS)
• US Department of Health and Human Services, Health Insurance Portability and Accountability Act (HIPAA)
• US Department of Justice, Federal Bureau of Investigation, Criminal Justice Information Services Security (CJIS) Policy
• Penetration testing experience
• Qualys Network Scoping experience
• CrowdStrike experience
• ServiceNow experience

Minimum Qualifications

• Education Requirement: Bachelor's Degree in Information Technology or a related field based on a specific position(s).
• Experience Requirement: Three years of experience with data protection, governance, risk assessment, and compliance with information technology systems.
• Education and Experience Equivalency: One (1) year of the appropriate type and level of experience may be substituted for each required year of post-high school education.
• Additional appropriate education may be substituted for the minimum experience requirements.
• License/Certifications: Must obtain Criminal Justice Information Services (CJIS) clearance within the probationary period.

Application Deadline

This position is expected to stay open until February 16th. Please submit your application as soon as possible and no later than February 16th at 11:59 p.m. MST.

About Everything Else

Job Profile

CI3433 IT Data Protection Analyst Senior

To view the full job profile including position specifications, physical demands, and probationary period, click here.

Position Type

Unlimited

Position Salary Range

$84,604.00 - $139,597.00

Starting Pay

Based on education and experience

Agency

Technology Services

The City and County of Denver provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, national origin, sex, sexual orientation, gender identity, national origin, disability, genetic information, age, or any other status protected under federal, state, and/or local law. 

It is your right to access oral or written language assistance, sign language interpretation, real-time captioning via CART, or disability-related accommodations. To request any of these services at no cost to you, please contact Jobs@Denvergov.org with three business days’ notice.

Applicants for employment with the City and County of Denver must have valid work authorization that does not require sponsorship of a visa for employment authorization in the U.S.

For information about right to work, click here for English or here for Spanish.