Oregon Metro Jobs Hiring Now
Oregon Metro is hiring for 14 open roles on Migrate Mate as of July 16, 2026, concentrated in business operations and compliance & risk, with listed salaries up to about $156,000. Migrate Mate updates Oregon Metro's live openings daily. Oregon Metro is a regional government agency serving the Portland metropolitan area, overseeing public lands, parks, transportation planning, waste management, and cultural facilities including the Oregon Zoo.
Find Oregon Metro JobsOverview
Oregon Metro hiring data on Migrate Mate, as of July 16, 2026.
- Open jobs
- 14
- Top team
- Business Operations
- Seniority
- Across all levels
- Work type
- 57% remote or hybrid
- Top location
- Oregon
- Salary range
- $94,000–$156,000
Listed salaries for Oregon Metro roles on Migrate Mate range from about $94,000 to $156,000 per year across 14 open roles, as of July 16, 2026. Some roles list hourly contract rates.
Open Roles at Oregon Metro
Showing 14 of 14+ Oregon Metro jobs





























Position Summary
Hello, we’re Metro! Metro is dedicated to shaping a better future for the greater Portland region. The work the people of Metro do every day benefits the lives of the people who live here, today, and tomorrow.
The Information Security Team is looking for an Information Security Compliance Analyst. This role serves as the primary support role to the CISO for Metro's information security governance, risk, and compliance (GRC) function, operationalizing and maturing the program on the CISO's behalf while ensuring alignment with applicable federal, state, and local regulations, including privacy, data protection, breach notification, and public records requirements. Acting as control owner delegate, this role ensures controls are properly defined, enforced, auditable, and aligned to business and regulatory requirements, with a clearly bounded (~30%) operational support component focused on control validation, audit readiness, and compliance alignment rather than primary ownership of security operations.
As the Information Security Compliance Analyst, you will
- Serve as the CISO's operational extension for compliance and governance, translating security strategy into actionable policies, controls, and procedures, and preparing materials for executive reporting, audits, and regulatory reviews.
- Develop, maintain, and manage the full lifecycle of information security policies and standards, mapping them to applicable frameworks and coordinating periodic reviews with stakeholders across IT and business units.
- Act as control owner delegate for NIST CSF, CIS Controls, and PCI DSS, leading framework alignment, gap analysis, and PCI compliance activities including CDE scoping, evidence collection, and QSA coordination.
- Lead governance of the vulnerability management program, including policy definition, SLA tracking, compliance reporting, and risk acceptance decisions, partnering with the Cybersecurity Analyst as execution lead.
- Conduct compliance reviews of software and technology assets, maintain accurate asset inventories, and support third-party/vendor security reviews to ensure audit readiness.
- Maintain and administer the enterprise risk register, support internal and external audits, and develop compliance metrics and dashboards to communicate risk and control effectiveness to leadership.
- Support incident response through documentation, evidence collection, and regulatory notification requirements, including secondary, after-hours backup support for high-severity security alerts in coordination with the Cybersecurity Analyst and SOC/MSSP providers.
- Collaborate with IT Operations, Infrastructure, and Application Teams to integrate security controls into operational processes, and assist in administering security tools (EDR, SIEM, email security, identity platforms) in support of compliance objectives.
- Contribute to system hardening and secure configuration baselines aligned with CIS Benchmarks, assist with IAM best practices, and coordinate security awareness and training initiatives.
- Develop and mature data classification, handling, and protection standards (including DLP and retention policies), support privacy impact assessments, and help mature Metro's cybersecurity program through process improvement and continuous alignment with evolving threats and best practices.
Attributes for success
- Strong working knowledge of security and compliance frameworks (NIST CSF, CIS Controls, PCI DSS) with the ability to translate framework requirements into practical, auditable controls.
- Detail-oriented and highly organized, with the discipline to manage policy lifecycles, evidence packages, and audit documentation accurately and on schedule.
- Comfortable operating independently while working under general direction from the CISO, exercising sound judgment on when to escalate versus resolve.
- Strong written communication skills, able to translate technical security concepts into clear policies, procedures, and executive-ready reporting.
- Collaborative mindset with the ability to build effective working relationships across IT Operations, Infrastructure, Applications, and business stakeholders who don't report to this role.
- Analytical and risk-aware, able to assess control gaps, prioritize remediation efforts, and support risk acceptance discussions with sound reasoning.
- Comfortable with ambiguity and program-building, given that governance structures, processes, and tooling are still actively being developed and refined.
- Basic technical fluency with security tools (SIEM, EDR, identity platforms) sufficient to support compliance monitoring without requiring deep engineering expertise.
- Reliable and responsive when serving as secondary, after-hours backup for high-severity alerts, with good judgment about when situations require escalation versus documentation.
- Genuine interest in continuous learning and staying current on evolving regulatory requirements, threats, and industry best practices in a public-sector context.
DIVERSITY AND INCLUSION
At Metro, we strive to cultivate diversity, advance equity, and practice inclusion in all of its work. This means attracting and empowering a workforce that is inclusive of a broad range of human qualities. Workplace diversity is both a moral imperative and a business strength, essential to providing quality support and services to our region. Metro’s goal is to hire, develop and retain highly skilled and talented individuals across all departments and programs who best reflect the diversity of our community.
Learn more about how Metro is advancing diversity
TO QUALIFY
We will consider any combination of relevant work experience, volunteering, education, and transferable skills as qualifying unless an item or section is labeled required. Please be clear and specific in your application materials on how your background is relevant.
Minimum qualifications
- 4–6 years of progressive experience in information technology, including at least 3–5 years of experience in information security, IT security, or compliance-focused role, and
- A bachelor’s degree in Cybersecurity, Information Technology, or related field, or
- Any combination of education, professional, volunteer and lived experience that provides the necessary knowledge, skills, and abilities to perform the classification duties and responsibilities.
If this statement is true for you, then you may be ineligible to apply
If you were terminated for cause during any employment with Metro, or resigned in lieu of termination, you may be ineligible for rehire for a minimum of 3 years.
Hybrid Telework
This position is designated as “hybrid telework.” You will be required to work onsite and at times have the option to work away from your assigned work location. The specific schedule and balance of onsite and telework will be discussed with the hiring manager at the time of offer. Employees must reside in Oregon or Washington to work at Metro. Please note, the designation of hybrid telework may be subject to change at a future time.
Like to have qualifications
You do not need to have the following preferred qualifications/transferable skills to qualify. However, keep in mind we may consider them when identifying the most qualified candidates. Your transferable skills are any skills you have gained through education, work experience, including the military, or life experience that are relevant for this position.
- Experience in public sector or government environments.
-
Relevant certifications such as:
- CISA, CRISC (preferred for governance and risk)
- PCIP or equivalent PCI-related certification (strongly preferred)
- Security+, SSCP, or GSEC (foundational, optional)
- Direct experience with PCI DSS compliance programs, including CDE scoping, SAQ, or ROC processes.
- Experience supporting cloud security compliance and governance activities in Azure, AWS, or similar environments (e.g., control mapping, configuration review, audit support).
- Familiarity with privacy considerations, data protection principles, and applicable Oregon state requirements.
- Experience with vendor risk management, third-party assessments, or software asset compliance reviews.
- Familiarity with GRC tools or platforms used for risk management, control tracking, and audit management (e.g., ServiceNow GRC, Archer, or similar).
- Experience working with or overseeing third-party security providers (e.g., MSSP/SOC) in a compliance or audit capacity.
SCREENING AND EVALUATION
The application packet: The application packet consists of the following required documents. Please ensure that you upload these documents in your online application. Make sure your application is complete, missing any part of these items could result in an incomplete application and will not be moved forward in the recruitment.
- A completed online application
-
A cover letter addressing the following (please limit your response to 2 pages):
- Compliance & Governance Experience — Describe your experience developing, maintaining, or operationalizing information security policies, controls, or GRC functions, including the frameworks you've worked with (e.g., NIST CSF, CIS Controls, PCI DSS) and any experience supporting regulatory requirements such as privacy, data protection, breach notification, or public records obligations.
- Independent Execution & Cross-Functional Influence — This role operates under the general direction of the CISO but requires independent judgment on day-to-day execution, along with the ability to drive compliance outcomes through collaboration with IT and business teams that don't report to this position. Share an example that demonstrates both.
- Building Structure from Ambiguity — Metro's information security program is still maturing. Describe a time you built or improved a process, policy, or program from an early or undefined state, and how you approached bringing structure to that ambiguity.
The selection process: We expect to evaluate candidates for this recruitment as follows. The selection process is subject to change.
- Initial review of minimum qualifications
- In-depth evaluation of application materials to identify the most qualified candidates
- Consideration of top candidates/interviews
- Testing/assessments
- Reference check
- Background records check for finalist candidate
COMPENSATION, BENEFITS AND REPRESENTATON
The full-salary range for this position is step 1: $94,106.41 to step 7: $126,142.16. However, unless a candidate’s qualifications justify, based on the Oregon Pay Equity Act requirements and Metro’s internal equity review process, the appointment will likely be made between step 1: $94,106.41 to the equity range step 4: $108,947.96.
This position is not eligible for overtime and is represented by AFSCME 3580. It is classified as a Systems Analyst III position. Classification descriptions are typically written broadly and do not include the specific duties and responsibilities of the positions. View the classification description.
Questions?
Recruiter: Carrie Gundermann
Email: carrie.gundermann@oregonmetro.gov
Additional Information
Equal employment opportunity
All qualified persons will be considered for employment without regard to race, color, religion, sex, national origin, age, marital status, familial status, gender identity and expression, sexual orientation, disability for which a reasonable accommodation can be made, or any other status protected by law.
Non-discrimination in hiring decisions
Metro is committed to equal employment opportunity and complies with all applicable federal, state, and local civil rights laws. Metro employment decisions – including recruitment, screening, interviewing, selection, promotion, compensation, and separation – must not discriminate based on race, color, national origin, ethnicity, religion, sex, sexual orientation, gender identity, disability, age, veteran status, or any other protected class.
Accommodation
Metro will gladly provide a reasonable accommodation to anyone whose specific disability prevents them from completing this application or participating in this recruitment process. Please contact the recruiter outlined in the job announcement in advance to request assistance.
Veterans' preference
Under Oregon Law, qualified veterans may be eligible for veterans' preference when applying for Metro positions. If you are a veteran and would like to be considered for a veterans' preference for this job, please provide qualifying documents as instructed during the application process.
Hybrid Telework
This position is designated as “hybrid telework.” You will be required to work onsite and at times have the option to work away from your assigned work location. The specific schedule and balance of onsite and telework will be discussed with the hiring manager at the time of offer. Employees must reside in Oregon or Washington to work at Metro. Please note, the designation of hybrid telework may be subject to change at a future time.
Pay equity at Metro
No matter who you are or where you work at Metro, you deserve to be paid fairly for the work you do. Every worker must get equal pay for equal work regardless of your gender, race, age, or other protected characteristics. Metro has established processes and conducts routine pay equity reviews as part of the hiring process to ensure compliance with the 2017 Oregon Pay Equity Act.
Online applications
Metro accepts job applications online. If you need assistance or accommodation with your application, or access to a computer, please contact the recruiter outlined in the job announcement in advance to request assistance.
How to Apply
For tips on how to apply and more information on what the application process looks like, visit Metro’s “How to apply” page.
Government Jobs
For assistance with your account or to reset your password please visit GovernmentJobs "Help and Support" page.
Metro
Led by an elected council, this unique government gives all residents of greater Portland a voice in shaping the future and provides parks, venues, services, and tools at a regional scale. We find solutions for our area’s garbage and recycling that protect clean air and water; help plan land use and development to provide jobs and safe transportation; manage local venues that provide a connection to arts and culture and help keep the economy growing; protect 17,000 acres of parks and natural areas, and run the Oregon Zoo, to keep nature close to home.
As part of the Metro family, you play a vital role in serving the people of the greater Portland region.
Family members, including eligible spouses, domestic partners, and children, are covered under most of our benefits programs. Benefits vary depending on position and full-time, part-time, and variable hour status.
This is a budgeted, regular status position with a full-time schedule. The position is eligible for these benefits:
- Medical, dental and vision health insurance
- Paid sick leave
- Paid vacation, holiday, and other leave
- Paid parental leave
- Full contribution to Oregon PERS retirement
- No-cost TriMet Hop Pass
- Employee Assistance Program
- Training opportunities
- Flexible schedules depending on position and department
- Hybrid/Telework living in Oregon /Washington depending on position and department
Metro also offers a variety of perks for all employees, including free admission to the Oregon Zoo (including ZooLights!), Oxbow and Blue Lake Regional Parks, membership discount at Lloyd Athletic Club, credit union eligibility and more. Employees also receive access to financial wellness and legal consultation services, as well as first-time home buying and ownership counseling.
Learn more about employee benefits.
Some positions are represented by a union and have additional benefits.
View union contracts here.
Job Roles at Oregon Metro
Working at Oregon Metro
Oregon Metro's 14 open roles are across all levels, and about 57% are remote or hybrid. The most active teams are business operations, compliance & risk, and account management. Oregon Metro is a regional government agency that serves the greater Portland area across a broad range of public services, including environmental and waste management programs, transportation planning, parks and natural areas, and cultural venues such as the Oregon Zoo. Roles span skilled trades, environmental programs, engineering, administration, and seasonal event work. Most Oregon Metro roles are based in Oregon, with some in Portland and Oregon Zoo.
Explore more roles by function
Browse thousands of live openings across engineering, sales, product, and more, and apply in just a few clicks.
Browse jobs by roleOregon Metro Jobs: Frequently Asked Questions
How many jobs is Oregon Metro hiring for right now?
Oregon Metro is hiring for 14 open roles on Migrate Mate as of July 16, 2026, updated daily, concentrated in business operations and compliance & risk. Openings span environmental programs, skilled trades, transportation planning, administration, and seasonal positions, reflecting the agency's wide range of public services across the greater Portland metropolitan region.
What kinds of roles does Oregon Metro hire for?
The most active teams are business operations, compliance & risk, and account management. Oregon Metro hires across a wide range of public-sector functions, including environmental and waste management, skilled trades such as HVAC and operating engineering, transportation and infrastructure planning, zoo and animal care, horticulture, risk management, and seasonal event staffing. Most postings are across all levels, and the agency recruits for both permanent and limited-duration positions.
Are Oregon Metro jobs remote or in-person?
Mostly remote. About 57% of Oregon Metro's open roles on Migrate Mate are remote or hybrid as of July 16, 2026, with the rest based in Oregon. Each Oregon Metro listing shows its work location so you can filter before applying.
How do I apply to a job at Oregon Metro?
Find an open role at Oregon Metro on Migrate Mate, then follow the listing through to Oregon Metro's own careers portal to submit your application directly. Oregon Metro manages its own hiring process, including any required materials, screening steps, and interviews. Migrate Mate keeps Oregon Metro's listings current so you can find active postings in one place.
What do Oregon Metro jobs pay?
Listed salaries for Oregon Metro roles on Migrate Mate range from about $94,000 to $156,000 per year as of July 16, 2026, with most postings at across all levels. Some roles list hourly contract rates. Exact pay is set by Oregon Metro and shown on each listing.
Does Oregon Metro hire entry-level?
Most of Oregon Metro's open roles on Migrate Mate are across all levels as of July 16, 2026. Check individual Oregon Metro listings for stated experience requirements.
Where is Oregon Metro hiring?
Most Oregon Metro roles are based in Oregon, with some in Portland and Oregon Zoo, and about 57% offer remote or hybrid work as of July 16, 2026. Migrate Mate shows the location on each listing.