Job Description

IT Compliance Analyst

=========================



The City of Richmond is committed to be the most appealing, livable, well-managed community in Canada, a vision that is only made possible by developing our most valuable asset - our people. This is a great opportunity to join our team and shape our community. The City of Richmond offers competitive pay programs, comprehensive benefits and attractive incentives. If you are looking to make a difference, and to share our vision, then please apply.

Overview

------------


This position supports the activities required for Information Technology governance and cybersecurity on behalf of the City. The IT Compliance Analyst is responsible for researching and recommending sound practices as well as proposing enhancements to existing processes that strengthen the confidentiality, integrity and availability of IT systems and data; while fostering a culture of security awareness via promoting consistent practices related to IT compliance and cyber risk management for the city.

Examples of key responsibilities include, but are not limited to:

---------------------------------------------------------------------

Researches and recommends sound IT compliance models or practices related to cybersecurity and IT governance Develops documents related to IT security policies, procedures and standards adhering to the relevant legislation and industry sound practices Supports the maintenance or enhancement of existing IT security policies, procedures and standards Assists the planning and execution of assessments and reviews to identify improvement opportunities related to IT governance and cybersecurity for the City Directs and evaluates the work of external consultants in performing IT risk or security audits/assessments as defined by statement of work Prepares status reports on relevant audits/assessments for review by IT Management as needed Liaises with City staff, senior management staff and occasionally external organizations related to cybersecurity and IT governance Promotes a culture of security awareness which include conducting cybersecurity awareness training and phishing simulation exercises for City staff Coordinates IT Security Steering Committee meetings and supports relevant action items Supports the maintenance of the City's IT security incident response plan, playbooks and relevant procedures Coordinates security incident response and recovery activities with stakeholders on IT security breaches and cyber attacks Assists with security event log monitoring, analyzing and reporting tasks

Knowledge, Skills & Abilities:

-----------------------------------

Understanding of IT governance and cybersecurity principles, frameworks and methodologies (e.g. NIST CSF, CIS Critical Security Controls, ISO27001, PCI-DSS and MITRE ATT&CK). Ability to draft, customize, appraise and present written IT security policies, procedures and standards. Strong organizational, team-building and people skills Ability to work and navigate within a matrixed organization Strong communication and leadership skills Ability to understand the impact on new technologies on processes and adapt and apply changes to working environment Knowledge of industry sound practices/procedures, regulations, and laws related to IT governance and cybersecurity Demonstrated understanding of municipal environments Strong computer skills, including word processing, spreadsheet, systems documentation, and other business software to prepare reports, memos, summaries, and analysis

Qualifications and Experience:

----------------------------------

Bachelor's degree in computer science, information technology, information security or related field or an equivalent combination of education, training and experience A minimum of 2 years of relevant work experience related to information technology governance and cybersecurity Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA) or other relevant industry certifications preferred

Working Conditions:

-----------------------


This job is generally performed in an office environment.

Additional Information:

---------------------------


Employee Group: CUPE Local 718


Position Status: Regular Full-Time


Duration of Appointment: n/a


Salary Range: $47.12 - $55.71/hr


Hours of Work: 8:15am - 5:00pm Monday to Friday, compressed work week schedule


Application Posted: 9/5/25


External Closing Date: 10/2/25


PCC#: 1161