Water Business Operations Security Analyst or Senior Analyst

JOB LOCATION

Aurora, Colorado 80016-2946

City of Aurora, Colorado

It is an exciting time to work for the City of Aurora, we're growing and looking for dedicated and collaborative individuals to join our team of talented and valued employees. Excellent organizations have a set of principles, or core values, that are used to implement their mission and vision. Those values represent the touchstone for the organization, guiding the decisions of the individuals and the organization. At the City of Aurora, we demonstrate our excellence by modeling the CORE 4 Values of: Integrity, Respect, Professionalism, and Customer Service, and we welcome all who share these values to apply.
 
Why Work for Aurora?

• Make a difference in the lives of real people every day
• Diverse community
• Competitive total compensation package
• Well-Funded General Employees Retirement Plan
• Light rail station minutes away
• On-site fitness center and overall employee well-being programs Internal educational programs to assist with career advancement
• Access to innovation workspaces

PRIMARY DUTIES & RESPONSIBILITIES

Hiring Salary:

Analyst: $86,772 - $108,466/year

Senior Analyst: $99,788 - $124,736/year

The deadline to apply to this position is December 28, 2025. However, it is subject to close at any time once a qualified pool of applications is obtained.

OVERVIEW OF JOB
Aurora Water is seeking an experienced cybersecurity professional to oversee and enhance the security posture of our critical infrastructure in compliance with the latest industry standards. The successful Business Operations Security Analyst or Senior Analyst (BOSA) candidate will lead cybersecurity initiatives to protect the water utilities' Operational Technology (OT) and Information Technology (IT) environments ensuring resilient and secure water services. They will balance the needs of cybersecurity against the production needs of a water utility. They will engage all levels of the business to identify risk and work with both business leadership and the Chief Information Security Officer (CISO) to design and execute on risk assessment, remediation, and the maturation of information protection processes that will support AW's compliance with industry, federal, and legal requirements as well as city security and privacy requirements. This includes adhering to guidance from the American Water Works Association (AWWA).

The role will report through the Aurora Water organization, with a line of responsibility to the CISO. The role will serve as a communicator, ensuring alignment and understanding between all parties to achieve optimal security outcomes. This role will closely coordinate with the Information Security Office's (ISO) Engagement team to evaluate and consult around information security and privacy risk.
 

Common Primary Duties & Responsibilities

• Drive adoption of good information and system protection practices by building strong business relationships, understanding the business risk and needs, and collaborating with the business as a trusted subject matter expert (SME) to support inquiries and adopt innovative technologies
• Coordinate with AW leadership and the CISO to develop metrics and reporting, as well as quarterly Customer Business Reviews (CBRs) to inform the business and ISO on program efficacy and effectiveness, as well as identify risks and solutions
• Offer business strategies and processes to ensure security-by-design, regulatory compliance and requirements for confidentiality, availability and integrity are met
• Research, compile, and consistently present information on the cost and benefits of different risk mitigation approaches to enable management to make informed decisions
• Partner with Risk & Compliance to assess new IT or OT software products, applications, and platforms for potential security risk and vulnerabilities
• Ensure that new software purchases have Master Service Agreements {MSA) appropriate for the risk presented
• Build a culture of cybersecurity through developing and delivery of cybersecurity training to staff
• Support the development of comprehensive cybersecurity strategy aligned with AWWA guidelines, Water Infrastructure Act and NIST Standards
• Review Incident Response plans for the OT network and conduct regular exercises to ensure readiness.
• Create and prioritize plans to restore SaaS systems quickly after an incident and ensure proper testing
• Coordinate risk assessments and penetration testing of AW OT infrastructure and the AW IT technology portfolio, and report findings and recommendations for resolution Track risk findings and coordinate with the appropriate parties on remediation efforts for identified vulnerabilities, especially those that could impact critical operations
• Inform the Security Operations and Risk & Compliance divisions on how best to deploy security tooling based around the production needs of the utility
• Partner with the Security Operations and Risk & Compliance divisions of the ISO, OT Networking staff, and IT Networking staff to ensure security tooling is deployed, tuned, and effective in meeting governance requirements and adhering to regulatory requirements
• Coordinate the resolution of confidentiality, availability, and data integrity issues with stakeholders and partners
• Respond to emergencies and other incidents as required and participate in investigations and remediation efforts
• Serve as the cybersecurity coordinator between ISO and AW during internal and external audits, working with the CISO, Risk and Compliance, and AW leadership to ensure audit requests are fulfilled and progress to address findings is measured
• Stay up to date with relevant legislation, industry standards, and best practices to ensure the ISO is prepared to secure against emerging threats
• Participate in Water Information Sharing & Analysis Center (WaterlSAC)
• Performs other related duties and special projects as assigned

Senior Analyst Additional Duties:

• Lead the assessment of security controls to safeguard control system OT networks
• Develop and present formalized risk assessments and mitigation strategies at the direction of the CISO
• Maintain performance metrics and participate in Customer Business Reviews (CBRs)
• Create and lead tabletop and functional exercises for incident response planning
• Provide leadership in aligning security tools and policy with operational needs
• Serve as lead SME for cybersecurity initiatives specific to Enterprise IT and OT  for Aurora Water.. This includes collaborating with Security Operations and OT in the design and implementation of layered security controls to prevent disruption of critical water operations
• Support and assist the ISO in the performance of forensic investigations following cybersecurity events and incidents , synthesizing technical findings into executive-level reports and recommendations for preventive action
• Support and assist the ISO in the performance of vendor security evaluations for third-party technology solutions, act as a SME in the negotiation of security terms in Master Service Agreements (MSAs), Statements of Work (SOWs), and Data Sharing Agreements (DSAs), and oversee treatment and resolution. 
• Represent Aurora Water on interagency working groups, cybersecurity task forces, and emergency preparedness committees focused on infrastructure resilience and threat intelligence sharing
• Develop and maintain a multi-year cybersecurity roadmap, incorporating regulatory compliance milestones (e.g., America’s Water Infrastructure Act), evolving threat landscapes, and emerging technologies in coordination with the CISO and OT.
• May mentor Analyst-level team members, review their work, and act as technical escalation point
• Performs other related duties and special projects as assigned

This job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee. Duties, responsibilities, and activities may change, or new ones may be assigned at any time with or without notice.

MINIMUM QUALIFICATIONS & WORKING CONDITIONS

An equivalent combination of education, certifications, training, and experience that demonstrates required knowledge, skills, and abilities may be considered.

Education: 

• Bachelor’s degree in computer science, Information Technology, engineering, or a related field.

Experience: 

• Minimum of 4 years of experience in cybersecurity that includes information security, audit, technology risk assessment, or operations of OT, SCADA, or ICS environments
• Senior Analyst: Minimum of 6 years of experience in cybersecurity that includes information security, audit, technology risk assessment, or operations of OT, SCADA, or ICS environments
• Experience in the application of NIST Cybersecurity Framework
• Progressively responsible experience in risk management, incident response, and threat analysis

Licenses and Certifications Required:

• Valid Colorado Driver's License
• An applicable security certification such as CISSP, CISA, Security+, or comparable or the ability to obtain approved certification within 6 months
• Senior Analyst: An applicable security certification such as CISSP, CISA, Security+, GIAC GICSP, Certified SCADA Security Architect (CSSA), or equivalent or the ability to obtain approved certification within 6 months 

Preferred Qualifications:

• Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or a related field
• Experience designing and performing risk assessments of information governance and technology
• Experience implementing security controls within water/wastewater OT environments strongly preferred
• Experience with a focus on critical infrastructure or utilities
• Experience in the application of AWWA cybersecurity guidance
• Implementing or designing controls to meet regulatory requirements
• Experience with securing cloud-based technology
• Experience in technical writing and/or report writing
• Experience with loT cybersecurity best practices

Knowledge:

• All city staff performing cybersecurity functions are expected to maintain currency in security practices, technology, and trends. AW provides continuing education assistance to its staff to maintain licensure and learning
• Strong knowledge of cybersecurity standards and frameworks, including NIST 800 series and ISO 27001
• Proficiency in using security tools, vulnerability assessment and control testing tools, and endpoint security solutions
• Understanding how to investigate security incidents, gather evidence, and analyze digital artifacts

Skills:

• Well-developed interpersonal and communication skills
• Ability to work independently and as part of a team
• Working knowledge of Agile project management principals
• Excellent analytical, problem-solving, and decision-making skills

Abilities:

• Capable of translating technical risk into business language
• Ability to collaborate across multiple departments and present technical issues clearly to non-technical stakeholders
• Ability to establish and maintain effective working relationships with other employees, contractors, and citizens and to communicate effectively both verbally and in writing
• Ability to analyze, compile, and present technical information and reports including making presentations, developing standard operating procedures, and designing user guides.
• Ability to resolve conflicts when priorities differ between departments or divisions
• Coordinate closely with CISO, the Information Security Office, Water Technical Operations, Emergency Management, Business Systems Technology, and IT Infrastructure teams
• Manage and utilize external vendors and contractors to achieve program goals

WORKING CONDITIONS

Essential Personnel:

• When a local announcement of emergency or disaster is declared by the city, all City of Aurora employees may be required to work as essential personnel.

Physical Demands:

• Light work lifting no more than 20 pounds at a time with frequent lifting or carrying of objects weighing up to 10 pounds
• Occasional carrying, walking and standing
• Vision to analyze data and read and interpret reports, documents and other written information
• A current driver’s license and be capable of driving between Aurora Water facilities throughout Colorado

Work Environment:

• This role is based at our Southeast Area Maintenance facility, with occasional field visits to Aurora Water treatment and distribution facilities throughout Colorado
• This role allows for a hybrid schedule with a minimum of two days a week in the office
• This role will have in-person meetings that could occur outside their on-site schedule
• The role may require after-hours availability in response to cybersecurity incidents or operational emergencies

Equipment Used:

• Uses standard office equipment including personal computers
• Uses common office software, advanced software, and on-premises and cloud databases.
• This role may require the incumbent to use personal equipment (e.g. vehicle, cell phone, tools, etc.) in the course of their employment

For Veterans preference:  Please show all of your employment history, including military service and related documentation (DD214) on the application.
           
The City of Aurora is an equal opportunity employer.  We are required by state and federal agencies to keep certain statistical records on applicants.  It will not be used in any way to discriminate against you because of your sex, race, age, sexual orientation, creed, national origin, disability or military status, gender identity, unless related to a bona fide occupational qualification as defined by the Colorado Civil Rights Commission and the Equal Opportunity Commission.
                                         
Despite the changes in Colorado law, the City of Aurora maintains a drug-free workplace.  A positive test of marijuana is grounds for disqualification and ineligibility for employment with the city for one year or termination once hired.
 

Drug Testing, Thorough Criminal Background Check, and Employment References:
As a condition of employment, all applicants selected for employment with the City of Aurora must undergo a thorough criminal background check. 

Applicants selected for safety-sensitive positions are required to complete and pass a drug screening as a condition of employment. Safety sensitive positions include Civil Service positions within Police and Fire Departments and positions where their job responsibilities have direct and substantial responsibility that would impact the health and safety of others.  

Employment references will be conducted on finalists for City of Aurora vacancies.