Title: IT Security Analyst Salary $116,105.60 - $157,081.60 Annually Location George DiCiero City & County Building, CO Job Type FT Exempt Remote Employment Flexible/Hybrid Job Number 2026-00111 Department Information Technology Division Security FLSA Non-Exempt Description CCOB Mission Statement: “As dedicated stewards of Broomfield, our community-focused team delivers meaningful and impactful services and support.” This role assists the IT Senior Security Analyst and performs routine to complex support and technical work in information technology security systems. The IT Security Analyst is responsible for cybersecurity system implementation, and computer system policies related to the City and County’s IT Security program, and providing information and assistance to City and County staff and the public. About Us The IT department is made up of 42 staff in 6 divisions (GIS, DevOps, Customer Success, Project Management, Cybersecurity, and Administration) and is responsible for guiding and governing City and County technology focused on business solutions, reliability, innovations, and customer satisfaction. The department is responsible for providing: - Strong leadership and vision to support the technology goals and objectives of a diverse, growing community based on solid partnerships with departments - Reliable and secure infrastructure - Responsive and knowledgeable support for business and enterprise technology systems, network services, and desktop support services - Protection of the confidentiality and preservation of the integrity of the City’s data - Robust and scalable telecommunications systems - Robust GIS environment that allows users to organize, visualize, and analyze different layers of data The IT leadership team fosters and encourages employee development and growth; offers a flexible, hybrid work schedule; provides a cooperative, collaborative, and FUN team environment; and appreciates and celebrates the team’s accomplishments. Total Compensation Package Salary Range: $116,105 - $157,081/ annuallyFree Recreation Center Pass (Gym & Pool) 19 days paid vacation + 10 sick days + 12 holidays per yearMedical, dental, & vision insurance 6% employer retirement matchWellness discount on insurance premiums available Essential Required Tasks/Examples of Duties - Evaluate, upgrade, implement and maintain hardware and software applications from a security perspective. - Develop and implement policies and procedures that ensure end-user functionality while maintaining a secure posture. - Investigate known and unknown threats to the City and County operating environment. - Stay current on relevant industry threat intelligence and determine risk, exposure, and plans to remediate. - Maintain specific knowledge, skills, and abilities to current industry standards. - Collaborate with teams to ensure confidentiality, integrity, and availability of new services or those already in the Information Technology service catalog. - Manage IT tickets and workload to achieve departmental goals. - Assure that responsibilities are performed in compliance with federal and state regulations, Broomfield policies and procedures, and the Broomfield Municipal Code. - Advise applicable administrators or departments of potential problems or concerns. - Compile, interpret, and prepare data for studies, reports and recommendations. - Coordinate departmental activities with other departments and agencies as needed. - Assist in the development of short and long-range goals including annual efforts to advance the City and County’s mission, goals, and objectives and ensure alignment of the Information Security Program. - Attend meetings, workshops, and conventions as necessary. - Identify and recommend improvements in departmental operations to ensure functions are efficient and cost effective. - Take proper safety precautions, use all required safety equipment. - Perform related duties as required. Working Hours/Location This position offers a flexible, hybrid work environment that supports both in-office and remote work. While the schedule can be adjusted to meet individual productivity needs, the IT Security Analyst is expected to maintain reliable availability during core business hours to effectively support customers, stakeholders, and project activities. Minimum Qualifications Education - Bachelor’s degree from an accredited college or university in computer science, computer information systems, management information systems, information security, or a closely related field- required - ITIL Foundation certification - preferred Experience - 2 years Experience with Microsoft Windows client and server technologies including Microsoft Active Directory. Experience with TCP/IP network administration. Experience with firewall administration. Prefer experience in at least one of the following scripting languages for automating tasks: PowerShell, Bash, Python, Perl, or PHP. - 1 year Information technology security experience. Years of related experience may be substituted for required education, however education cannot be substituted for the necessary work experience. Candidates must meet the minimum required years of work experience. NECESSARY SPECIAL REQUIREMENTS (in addition to above requirements): Must possess and maintain a valid Colorado Driver's License and safe driving record for continued employment. New hires must, as a condition of employment, pass the following pre-offer and post-offer/hire processes: in-person or virtual interviews, reference checks, and background checks, which may include local police check and sex-offender registry. - Must possess and maintain a valid driver’s license and safe driving record for continued employment. - Fingerprint checks through CBI/FBI required Working Conditions - Hybrid work schedule: work may be performed in City/County work locations and/or, from at-home or other approved remote work location. - Work is generally scheduled Monday through Friday with some weekend and holiday work required. - Work involves on-call duty which requires working weekends on a rotating basis and working all hours during emergency repairs as needed. - Physical demands are described as sedentary (exert up to 10 lbs. of force occasionally and/or a negligible amount of force frequently or constantly to lift, carry, push, pull, or otherwise move objects, including the human body. Involves sitting most of the time but may involve walking or standing for brief periods of time).

• Develop and execute a comprehensive security roadmap aligned with Zero-Trust principles, organizational goals, and regulatory frameworks. • Maintain the enterprise risk register, conduct periodic risk assessments, and oversee remediation of identified vulnerabilities. • Harden and manage Microsoft 365 tenant security and perform ongoing security reviews of third-party SaaS vendors. • Ensure secure device configurations, patch management, and endpoint compliance across a fully remote workforce. • Monitor, investigate, and respond to security alerts using Microsoft Sentinel and Defender; conduct root-cause analyses and coordinate incident response. • Lead proactive testing and maintain continuous threat-intelligence monitoring. • Support data-protection, backup, and recovery strategies; participate in business-continuity and disaster-recovery planning and exercises. • Maintain audit-ready security documentation; generate dashboards and KPIs that measure security posture, compliance, and incident trends. • Develop and deliver cybersecurity training programs to promote a security-first culture. • Partner with IT, Programs, and Operations to embed security in project design and technology adoption.

• Monitor security information and event management (SIEM) systems and other security tools for suspicious activity. • Triage and prioritize security alerts and events based on their potential risk and impact. • Analyze network traffic, log data, and system alerts to identify potential security incidents. • Follow established incident response playbooks to investigate and contain security incidents. • Assist senior analysts in the root cause analysis of security breaches and vulnerabilities. • Help implement remediation steps to address detected security flaws. • Assist in performing routine vulnerability scans on internal and external systems. • Analyze scan results, identify false positives, and help prioritize vulnerabilities for remediation. • Work with IT and development teams to ensure timely patching and security updates. • Document all security incidents, investigations, and mitigation actions in a timely and accurate manner. • Help create and update standard operating procedures (SOPs) for security tasks. • Generate basic security reports on key metrics, such as the number of alerts, incidents, and resolved vulnerabilities. • Contribute to the development of training materials and participate in security awareness campaigns for employees. • Help educate colleagues on security best practices, such as phishing prevention and password hygiene.

Role Description The McKesson Technology (MT) Enterprise SOX Technology Services team is seeking a leader in SOX Governance to support investment activities for fiscal year 2027 and beyond. The leader in MT Compliance will be tasked with supporting Enterprise MT compliance leadership in planning, delivering and communicating high-priority strategic efforts that advance MT goals. This is especially important given the anticipated technological changes and growth within MT. This role will work closely with SOX, SOC, automation, architecture, finance leaders and partners to develop and execute strategies aligned to the enterprise priorities across service areas and business units at McKesson. This individual will lead ongoing operations and one-time projects that impact the MT control landscape by: - Facilitating conversations - Sequencing and prioritizing initiatives - Initiating budget, resources, and schedules - Managing partner relationships This leader will enable enterprise mindset across MT SOX functions. The role reports directly to the Senior Director, SOX Governance. Key responsibilities - Manage multiple ongoing SOX operations and initiatives - Manage and support key SOX-impacting projects by MT and business units - Manage resources supporting SOX initiatives while maintaining operating procedures, developing work plans, budget, and ensuring end-to-end execution of initiatives and projects - Develop and maintain partnerships with business and technology leaders and teams - Develop and manage high-quality deliverables, plans, and strategies - Create analytical frameworks and conduct complex business analyses - Develop robust, actionable insights to inform strategies, priorities, and key decisions - Build expertise and insights about industry trends and potential implications for McKesson especially around automation and use of A.I - Lead, influence, and reach consensus with or without formal authority or people management responsibilities - Maintain thorough knowledge of company's business lines, products, and services - Apply strategic and analytical thinking to synthesize market data and deliver business insights - Partner with SOX, SOC, architecture, automation, and business leaders to drive the strategic planning process and support other strategic updates to leadership - Leverage presentations to develop a storyline and point-of-view, while influencing and driving conviction that a given strategy makes sense among key McKesson leaders - Work within established framework to facilitate business problem solving and present hypotheses and recommendations to senior management - Work through ambiguity and put structure around problems/tasks with limited guidance Qualifications - 10+ years of Business and technology experience with minimum 5 years in SOX and SOC - Bachelor's degree required - MBA or other relevant master’s degree preferred - 10+ years of business and technology experience - 5+ years of SOX and SOC experience - 5+ years of leading and managing teams - Prior experience in healthcare preferred Requirements - Strategic thinking: evaluating industry trends, developing long-term implications, and recommending pragmatic strategies for new business opportunities - Analytical rigor: ability to bring structure to ill-defined problems and intellectual leadership to problem solving; synthesize insights from analysis and ensure credible, actionable recommendations - Financial acumen: competency in financial analysis - Communications skills: ability to develop rapport and credibility across the organization, promote ideas and present complex information in an easy-to-understand, persuasive manner Benefits - Competitive compensation package - Annual bonus or long-term incentive opportunities may be offered - Pay range: $144,400 - $240,600