IT Enterprise Risk Analyst

About The Position

Requirements

• Bachelor's Degree
• Three (3) years of relevant experience
• Any combination of relevant education and experience may be substituted on a year-for-year basis.
• A valid and unrestricted driver’s license with two (2) years of licensed driving is required.
• Applicants must submit their completed application by 02-16-2026 at 11:59 p.m. MST
• all applicants are required to submit a chronological resume and cover letter at the time of the application.
• Candidates must be legally authorized to work in the United States at the time of application and throughout the duration of employment.

Nice To Haves

• Three years of experience as an Enterprise Risk Analyst, IT GRC Analyst or in a related role.
• experience in IT governance, risk management, and a basic understanding of IT controls and security.
• understand core IT concepts including fundamental knowledge of operating systems, networking basics, knowledge of cloud computing, and a basic understanding of scripting.
• knowledge of industry-standard data and privacy protection regulations, be familiar with risk assessment methodologies, and have an understanding of IT audit processes and security controls.
• Adept documentation skills are essential, demonstrated through experience in documenting IT policies, controls and creating compliance reports.
• An understanding of change management and the use of metrics would also be beneficial.

Responsibilities

• Analyzes and supports the development of IT Governance, Identify and Mitigate risks (GRC) frameworks, policies, standards, procedures, and governance controls in collaboration with teams and subject matter experts (SMEs).
• Provides guidance on understanding and adhering to established policies and procedures with IT teams embedded in partner departments.
• Recommends and implements improvements documenting identified risks, risk score, mitigation strategies, contingency plans, and monitoring activities.
• Supports the development and maintenance of a comprehensive risk register, tracking identified risks, risk scores, mitigation strategies, contingency plans, and monitoring activities.
• Contributes to the definition and continuous improvement of key risk indicators (KRIs) and performance metrics to assess program effectiveness.
• Conducts and facilitates IT risk assessments to identify and evaluate potential threats, vulnerabilities, and impacts on tech-enabled business operations.
• Assesses risks associated with third-party vendors and service providers.
• Supports internal and external audits by gathering evidence, preparing documentation, and addressing audit findings.
• Performs gap analyses and compliance assessments to identify areas for improvement and ensure adherence to IT GRC standards.
• Maintains an up-to-date knowledge base for IT GRC-related information to support ongoing compliance and risk management efforts.
• Monitors organization-wide compliance with administrative directives and policies, external regulations (e.g. PCI, HIPAA, CJIS, etc.), and other IT governance requirements for corrective measures.
• Identifies opportunities for process improvements by working with SMEs to enhance risk management and compliance practices.
• Educates employees on IT standards, policies and compliance obligations
• Assists in IT incident response, documenting findings, supporting remediation and root cause analysis efforts, and assessing security and compliance impacts.
• Assists in the development and implementation of risk mitigation strategies and controls to enhance IT security and compliance.
• Performs all other duties and tasks as assigned.

Benefits

• The City of Tucson offers a generous benefits package for benefit-eligible positions.
• The comprehensive, flexible, and affordable coverage is designed to optimize health and well-being, security and future, and peace of mind.
• Benefits begin with medical, dental, vision, life, disability, and FSA coverage, surpassing your standard 401(k) program by offering a rich pension plan plus optional Roth and pretax deferred compensation savings.
• With your well-being in mind, our paid time off program provides new hires with 38 paid days off in the first year of employment, with time off increasing steadily in subsequent years.
• We offer twelve weeks of paid parental leave, paid tuition reimbursement, student loan repayment, off- and on-the-job training, and opportunities to forge connections with peers and the community through employee resource groups and paid volunteer hours.
• You can learn more about our benefits at https://www.tucsonaz.gov/Departments/Human-Resources/Employee-Benefit-Snapshot.