NOTE: If you are a current employee, you MUST apply via the Career worklet in Workday and not through this site. If you submit an application on this site, it cannot be processed.
Senior Information Security & Compliance AnalystOpen Date: 04/20/26Close Date: 05/04/26Salary: $140,129.00 per yearJob Type: RegularLocation: Molasky Corporate Center, 100 City Parkway, Las VegasFor any questions regarding this announcement, please contact LVVWD Recruitment at recruitment@lvvwd.com.FILING DEADLINE: The first 100 applications submitted ON or BEFORE 11:59pm, Sunday, May 3rd, 2026, WHICHEVER COMES FIRST.GENERAL PURPOSE
Under general supervision, performs complex and highly responsible duties in developing, implementing, administering, evaluating and enhancing the District/SNWA cyber security protection framework including security architectures, policies, standards and systems to safeguard the integrity and confidentiality of information assets and the availability and reliability of systems operations; leads and participates in programs and activities to ensure that compliance with PCI security standards is met or exceeded; and performs related duties as assigned.
DISTINGUISHING CHARACTERISTICS Senior Information Security & Compliance Analyst is the advanced professional class in the Information Security and Compliance class series. An incumbent leads and participates in program components and activities applicable to developing and administering the cyber security protection framework and assists in coordinating and integrating the work of other IT and District staff and outside consultants and contractors involved in the program. The incumbent also oversees and participates in assessments and processes to ensure compliance with Payment Card Industry (PCI) Standards as mandated by the Nevada Revised Statutes. Work requires a thorough knowledge of state-of-the-art cyber security and information protection environments, systems and methodologies together with demonstrated skills in working collaboratively with managers, peers and customers to achieve targeted results.
Senior Information Security & Compliance Analyst is distinguished from Information Security & Compliance Coordinator in that an incumbent in the latter class is responsible for planning and managing the overall cyber security protection program.
Senior Information Security & Compliance Analyst is further distinguished from other Information Technology professionals by the incumbent's focus on administering the cyber security protection framework.
ESSENTIAL DUTIES AND RESPONSIBILITIES
The duties listed below are intended only as illustrations of the various types of work that may be performed. The omission of specific statements of duties does not exclude them from the position if the work is similar, related or a logical assignment to this class.
Provides leadership and works with staff to ensure a high performance, customer service-oriented work environment that supports achieving department and District/SNWA mission, objectives and values regarding team building and employee empowerment; applies process improvement and quality management principles to assigned areas of responsibility; leads and promotes stewardship of organization and environmental resources.
Plays a key role in facilitating development and implementation of the cyber security management governance structure; develops, recommends and coordinates implementation of a strategic, comprehensive enterprise information technology cyber security framework; participates in researching, developing, recommending, maintaining and updating security policies, standards, procedures and applications; prepares periodic reports on the status of cyber security and information assurance programs and security risk and compliance issues to be addressed; participates in ensuring that District/SNWA information security programs are in compliance with all applicable federal and state law and regulations.
Designs, coordinates and participates in security audits, evaluations and risk assessments of technology operations, systems and infrastructure utilizing the National Institute of Standards and Technology (NIST) Risk Management Framework, SANS Twenty Critical Security Controls and other standards; takes action, presents recommendations and works with other IT staff and department business units to remediate any identified sources of potential risk and non-compliance; ensures best security practices are in place in software development and integration projects; defines security tests, certifications and evaluations of applications and general support systems involved in processing sensitive and/or confidential information in accordance with established standards; audits the firewall rule base and monitors all firewall activities; monitors remote systems access; manages encryption security standards for hosts and corporate SSL certificates.
Coordinates, configures and uses a variety of monitoring systems, tools and processes, such as vulnerability management, data loss prevention (DLP) and network visibility for malware and security event detection, to monitor day-to-day internal and external security events, staying alert for any early indicators of potential security threats; analyzes network, computer and applications performance, looking for events and trends that signal intrusions, denial-of-service, unauthorized access and an ever increasing number of cyber-attacks from threat vectors and threat actors; conducts monthly vulnerability assessment and mitigation efforts in the network DMZ; interacts on a daily basis with Managed Security Service Providers (MSSPs) and staff to ensure proper operation of security appliances and services.
Leads and participates in the work of the Cyber Incident Response Team (CIRT) in assessing and taking rapid action to resolve security and network event escalations following a cyber-security incident, through disaster recovery or other processes; gathers evidence regarding cybercrimes and submits malware sample to appropriate law enforcement and other agencies for analysis and correlation.
Analyzes and assesses security vulnerabilities in the infrastructure (software, hardware, networks, etc.); investigates available tools and countermeasures to remedy detected vulnerabilities and recommends solutions and best practices; audits systems administration processes to ensure sound control systems are in place for the granting of user access and privileges and to ensure the timely removal of access for employees leaving District/SNWA employment; analyzes and assesses potential damage to data/ infrastructure as a result of a cyber-security incident, examines available recovery tools and processes and recommends solutions; researches, evaluates, recommends and implements cyber security-related devices and software.
Designs and participates in annual and periodic delivery of information security awareness training for IT managers and employees and employees in department business units; educates system users on their roles in maintaining information and cyber security; creates security documentation for system users; participates in advocating for effective information management security processes and practices on an enterprise-wide basis.
Leads, coordinates and participates in District assessments and initiatives to meet or exceed standards established by the Payment Card Industry (PCI); works with Legal and other departments to evaluate and implement compliance strategies to meet or exceed requirements; meets with business units and vendors to modify procedures and processes as needed to comply with requirements; coordinates and participates in development of documentation of the compliance program and actions taken.
Drafts Request for Proposals, evaluates responses and recommends vendor selection; drafts language and negotiates and administers vendor contracts; monitors and prepares status reports on project progress; reviews and makes recommendations on contract change requests; makes recommendations on deliverables developed by vendors/consultants; conducts project team meetings; meets with project technical and management steering committees on project issues and progress; coordinates project completion to ensure accountability for results.
Coordinates and integrates cyber security program activities with other IT units and divisions; organizes and coordinates activities across multiple customer business units.
Monitors emerging trends, new developments and best practices in cyber security and related disciplines to bring technology and business intelligence and advice to District and department managers.
Maintains up-to-date technical knowledge by attending educational workshops, reviewing professional publications, establishing personal networks and participating in professional associations.
OTHER DUTIES
Represents the department on committees and teams for major District-wide projects and prepares analyses, reports and recommendations on such projects; acts as project manager for analytical studies performed by outside consultants.
Performs special analyses and projects as assigned; writes technical and non-technical reports and correspondence.
DESIRED MINIMUM QUALIFICATIONS
Knowledge of:
Principles, practices and methods of cyber-security infrastructure and vulnerability management; Cyber Security and Information Protection and Privacy principles and practices; evolving sources of security threats and vulnerabilities; on-line systems security products and methodologies, applicable to both the enterprise infrastructure and its applications and data management systems; preventative security controls in general industry use including firewalls, IDS/IPS, VPN and others; common security management frameworks such as NIST, SANS Twenty Critical Security Controls and other cyber security standards; PCI compliance requirements and standards; principles, practices and techniques of information technology management; the software development life cycle; operating system architectures, characteristics, components, uses and limitations applicable to the District information technology environment; network architectures and theory and principles of secure network design, integration, configuration and management; principles and methods of enterprise level data management and data storage solutions; project management methods, tools and techniques; troubleshooting principles and practices applicable to areas of responsibility; customer relationship management and internal consulting concepts and practices; systems integration and optimization design concepts and techniques particularly as applicable to areas of assigned responsibility; principles and practices of effective team leadership and mentoring.
Ability to:
Contribute to the development, integration and administration of a comprehensive cyber security protection framework including policies, standards and guidelines; effectively carry out assigned project responsibilities; apply professional knowledge of scientific and engineering concepts, principles, phenomena and relationships to: assess specific requirements, delineate appropriately engineered system designs, and recommend preliminary and final design plans, engineering specifications, cost estimates and procurement packages in support of the cyber security management, preventive maintenance and mission critical systems and equipment; analyze policy, trends, and intelligence to better understand how cyber security threat adversaries may think or act, using deductive reasoning and problem solving skills to develop appropriate counter measures; apply critical thinking skills to isolate problem causes, perform root cause analysis and formulate solutions and workarounds; identify cyber security management issues and opportunities, analyze problems and alternatives, formulate complex technical solutions and develop sound conclusions and recommendations; build teamwork and collaboration with other IT units and departments to optimize effectiveness of the District/SNWA cyber security program; set priorities and allocate resources to most effectively meet needs in a timely manner; prepare clear, concise and accurate reports and other materials; communicate clearly and effectively to diverse audiences of technical and non-technical personnel, orally and in writing; exercise sound expert independent judgment within general guidelines; use tact and diplomacy when dealing with sensitive, complex and/or confidential issues; establish and maintain highly effective customer-focused working relationships with all levels of management, employees, consultants, contractors, vendors and others encountered in the course of work.
Training and Experience:
A typical way of obtaining the knowledges, skills and abilities outlined above is graduation from a four-year college or university with major coursework in computer science, information systems or a closely related field; and seven years of progressively responsible professional information technology experience involving network/systems infrastructure administration and security; or an equivalent combination of training and experience. Experience in a government or public utility setting is highly desirable.
Licenses; Certificates; Special Requirements:
A valid Nevada driver's license and ability to maintain insurability under the District's Vehicle Insurance Policy may be required for certain assignments.
Current CompTIA Security+ certification and certification as a Certified Information Systems Security Professional (CISSP), or comparable certifications, are required.
PHYSICAL AND MENTAL DEMANDS
The physical and mental demands described here are representative of those that must be met by employees to successfully perform the essential functions of this class. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
Physical Demands
While performing the duties of this class, employees are regularly required to sit; talk or hear, in person and by telephone; use hands to finger, handle, feel or operate computers and other standard office equipment; and reach with hands and arms. Employees are frequently required to walk and stand.
Specific vision abilities required by this job include close vision and the ability to adjust focus.
Mental Demands
While performing the duties of this class, employees are regularly required to use written and oral communication skills; read and interpret data, information and documents; analyze and solve highly complex and ambiguous problems; observe and interpret people, conditions and situations; learn and apply new information or skills; perform highly detailed work under changing, intensive deadlines on multiple concurrent tasks; and interact with all levels of District/SNWA managers and staff, IT staff, vendors, contractors, representatives of other governmental agencies including Homeland Security and the FBI and others encountered in the course of work.