Title
Addition of an Applications Security Analyst Position to the Occupational Index (B)
A new job description is needed to delineate a particular role within the Information Technology (IT) function of GRU. Software systems are becoming more complex causing the need for a separation of duties for security and auditing concerns from other IT positions.
Explanation
The needs for IT and solutions for GRU continue to increase in complexity such that a specialist is needed to administer the security of these applications. Many of these applications are used by numerous people, each of which has a particular role and usage of the applications which requires a specific security profile. Applications such as Ellipse (GRU's financial system) and the new SAP CIS (billing system) have very complex application security and proper definition and maintenance of user security profiles is essential to proper operations, security and auditing of these systems. Auditors recommend that applications with financial implications be kept up to date with respect to users' security profiles such that they have access only to what their job functions require and that persons no longer working for GRU no longer have access to the applications. Auditors also recommend that a proper separation of duties from other IT employees be maintained. For example, the Applications Security Analyst should be a different person from someone who can change the software code. This provides an IT control to mitigate against abuses.
Fiscal Note
With the deletion of a Computer Programmer Analyst position and the addition of an Applications Security Analyst position, both at Pay Grade M5, there is no fiscal impact.
Recommendation
The City Commission approve deleting a vacant Computer Programmer Analyst position (Pay Grade M5); and adding the Applications Security Analyst position (Pay Grade M5) to the Occupational Index.