$75,000 - $110,000 a yearThe NYC Department of Information Technology & Telecommunication (DoITT) is New York City government s technology leader. Our mission is to modernize IT infrastructure and service delivery in government; implement state-of-the-art information technology solutions to improve public services; make government more transparent and accountable; and employ cutting-edge tools, methods, and partnerships to empower New Yorkers. Our services touch every aspect of City life: from public safety to human services, from education to economic development, our services cross the full spectrum of governmental operations. To fulfill our mission, we develop and support applications, maintain efficient and reliable computing and network platforms, develop sophisticated security tools and policies, and ensure the reliability of IT infrastructure and enterprise systems through redundancy and disaster recovery planning. We also negotiate service agreements with telecommunications providers doing business with City agencies, and administer franchise agreements with telecommunications and cable television providers that serve NYC residents.Lead the effort to support the identification, analysis, and governance of information security risks across DoITT;Understand information security risks and assessing mitigation strategies to confirm alignment with risk appetite;Assist management with defining DoITTs risk appetite, and leading the efforts to implement risk mitigation efforts, with business & technical stakeholders to reduce risk to an acceptable level - and enforce it making it relevant to the business on a day-to-day basis;Maintain an inventory of key information security risks and threats applicable to the business, using the enterprise risk management tool;Continue the advancement of the risk management efforts, including the framework and associated processes;Collaborate with various partners within DoITT as well other Agencies to gather relevant threat intelligence, effectively analyze, and communicate the state of the threat landscape, to include emerging threats;Build and executing risk assessments;Research and interpreting industry insights and best practices, along with interpreting impact of requirements from governing authorities;Maintain strong working relationships with individuals and groups involved in managing information security risks across the organization to continue the advancement of the information security risk framework, processes, and technology;Build trust and effectively facilitating risk identification/analysis discussions;Break down work into manageable sub-tasks and effectively assessing the priority and time required to complete each sub-task;Identify false positives, risk acceptance candidates, perform root cause analysis, confirm vulnerabilities with tools, e.g., Kali Linux, Metasploit Pro, etc;Design and presenting executive level presentations and reports;And perforn special projects as assigned.
The successful candidate will serve as an Information Security Senior Governance Risk & Compliance Analyst reporting to the Information Security division. Responsibilities will include:
Minimum Qual Requirements
1. A baccalaureate degree from an accredited college and four years of satisfactory full-time experience related to projects and policies required by the particular position; or
2. Education and/or experience which is equivalent to 1 above.
The preferred candidate should possess the following:3-6 years of broad risk management experience, esp. applied to Information Security (Cybersecurity);Familiarity with or demonstrated knowledge of Information Security industry standards and frameworks, including: NIST 800-53, , ISO 27000 series, ITIL, COBIT, or COSO, HIPAA, PCI;CISSP, CISM, CRISC, CISA, GSEC, Security+, ITIL certified or equivalent experience;Familiarity with or demonstrated knowledge of third-party risk management strategies;Strong knowledge of information security, technology and associated risks, including an understanding of existing and upcoming regulations and the potential impact on DoITT and the city agencies;Solid Project Management skills, including strength in managing and organizing multiple projects with variable timeliness;Customer-facing attitude and skillset;Excellent oral and written communications skills;Strong analytical capabilities;Strong interpersonal and leadership skills;Ability to work in a work in a fast-paced environment including translation of complex concepts and issues into insights for Senior Management and non-technical audiences.Ability to adapt messaging to the appropriate level for the audience, with the appropriate depth and breadth both verbally and visually;Ability to effectively translate technical language into business terms;Excellent communication skills, both oral and in written.Ability to be agile and work with ambiguity;Ability to work on several tasks simultaneously;Ambitious and motivated individual.
To ApplyInterested applicants with similar civil service titles who meet the preferred requirements should also submit a resume for consideration
For City employees, please go to Employee Self Service (ESS), click on Recruiting Activities > Careers, and search for Job ID #389824
For all other applicants, please go to www.nyc.gov/jobs/search and search for Job ID #389824
SUBMISSION OF A RESUME IS NOT A GUARANTEE THAT YOU WILL RECEIVE AN INTERVIEW
APPOINTMENTS ARE SUBJECT TO OVERSIGHT APPROVAL
Department of Information Technology & Telecommunications and the City of New York are equal opportunity employers.
DoITT participates in E-Verify
Day - Due to the necessary technical support duties of this position in a 24/7 operation, candidate may be required to work various shifts such as weekends and/or nights/evenings.
New York City Residency is not required for this position