Information Security Senior Governance Risk & Compliance Analyst

New York City DEPT OF INFO TECH & TELECOMM – Brooklyn, NY

$75,000 - $110,000 a yearThe NYC Department of Information Technology & Telecommunication (DoITT) is New York City government s technology leader. Our mission is to modernize IT infrastructure and service delivery in government; implement state-of-the-art information technology solutions to improve public services; make government more transparent and accountable; and employ cutting-edge tools, methods, and partnerships to empower New Yorkers. Our services touch every aspect of City life: from public safety to human services, from education to economic development, our services cross the full spectrum of governmental operations. To fulfill our mission, we develop and support applications, maintain efficient and reliable computing and network platforms, develop sophisticated security tools and policies, and ensure the reliability of IT infrastructure and enterprise systems through redundancy and disaster recovery planning. We also negotiate service agreements with telecommunications providers doing business with City agencies, and administer franchise agreements with telecommunications and cable television providers that serve NYC residents.

The successful candidate will serve as an Information Security Senior Governance Risk & Compliance Analyst reporting to the Information Security division. Responsibilities will include:

  • Lead the effort to support the identification, analysis, and governance of information security risks across DoITT;
  • Understand information security risks and assessing mitigation strategies to confirm alignment with risk appetite;
  • Assist management with defining DoITTs risk appetite, and leading the efforts to implement risk mitigation efforts, with business & technical stakeholders to reduce risk to an acceptable level - and enforce it making it relevant to the business on a day-to-day basis;
  • Maintain an inventory of key information security risks and threats applicable to the business, using the enterprise risk management tool;
  • Continue the advancement of the risk management efforts, including the framework and associated processes;
  • Collaborate with various partners within DoITT as well other Agencies to gather relevant threat intelligence, effectively analyze, and communicate the state of the threat landscape, to include emerging threats;
  • Build and executing risk assessments;
  • Research and interpreting industry insights and best practices, along with interpreting impact of requirements from governing authorities;
  • Maintain strong working relationships with individuals and groups involved in managing information security risks across the organization to continue the advancement of the information security risk framework, processes, and technology;
  • Build trust and effectively facilitating risk identification/analysis discussions;
  • Break down work into manageable sub-tasks and effectively assessing the priority and time required to complete each sub-task;
  • Identify false positives, risk acceptance candidates, perform root cause analysis, confirm vulnerabilities with tools, e.g., Kali Linux, Metasploit Pro, etc;
  • Design and presenting executive level presentations and reports;
  • And perforn special projects as assigned.


  • Minimum Qual Requirements
    1. A baccalaureate degree from an accredited college and four years of satisfactory full-time experience related to projects and policies required by the particular position; or
    2. Education and/or experience which is equivalent to 1 above.

    Preferred Skills
    The preferred candidate should possess the following:
  • 3-6 years of broad risk management experience, esp. applied to Information Security (Cybersecurity);
  • Familiarity with or demonstrated knowledge of Information Security industry standards and frameworks, including: NIST 800-53, , ISO 27000 series, ITIL, COBIT, or COSO, HIPAA, PCI;
  • CISSP, CISM, CRISC, CISA, GSEC, Security+, ITIL certified or equivalent experience;
  • Familiarity with or demonstrated knowledge of third-party risk management strategies;
  • Strong knowledge of information security, technology and associated risks, including an understanding of existing and upcoming regulations and the potential impact on DoITT and the city agencies;
  • Solid Project Management skills, including strength in managing and organizing multiple projects with variable timeliness;
  • Customer-facing attitude and skillset;
  • Excellent oral and written communications skills;
  • Strong analytical capabilities;
  • Strong interpersonal and leadership skills;
  • Ability to work in a work in a fast-paced environment including translation of complex concepts and issues into insights for Senior Management and non-technical audiences.
  • Ability to adapt messaging to the appropriate level for the audience, with the appropriate depth and breadth both verbally and visually;
  • Ability to effectively translate technical language into business terms;
  • Excellent communication skills, both oral and in written.
  • Ability to be agile and work with ambiguity;
  • Ability to work on several tasks simultaneously;
  • Ambitious and motivated individual.


  • To Apply
  • Interested applicants with similar civil service titles who meet the preferred requirements should also submit a resume for consideration

  • For City employees, please go to Employee Self Service (ESS), click on Recruiting Activities > Careers, and search for Job ID #389824
    For all other applicants, please go to www.nyc.gov/jobs/search and search for Job ID #389824

    SUBMISSION OF A RESUME IS NOT A GUARANTEE THAT YOU WILL RECEIVE AN INTERVIEW
    APPOINTMENTS ARE SUBJECT TO OVERSIGHT APPROVAL

    Department of Information Technology & Telecommunications and the City of New York are equal opportunity employers.

    DoITT participates in E-Verify

    Hours/Shift
    Day - Due to the necessary technical support duties of this position in a 24/7 operation, candidate may be required to work various shifts such as weekends and/or nights/evenings.

    Work Location
    Brooklyn, NY

    Residency Requirement
    New York City Residency is not required for this position

    All Jobs in Brooklyn, NY

    • AMER Markets Sales Business Manager (Sr Specialist,BusPlanAnalysis)

      BNY Mellon New York, NY

      View Job
    • Senior Vice President - Communications

      Moody's Shared Services New York, NY

      View Job
    • Global Regulatory Relations – Program Management Associate

      Morgan Stanley New York, NY

      View Job
    • INFORMATION SECURITY MANAGER - 2342

      Montefiore Medical Center Yonkers, NY

      View Job
    • Senior Security Engineer

      Tanium New York, NY

      View Job
    • Systems Security Business Analyst

      Brown Brothers Harriman Jersey City, NJ

      View Job
    • IAM Solution Engineer, Vice President

      MUFG Jersey City, NJ

      View Job
    • IAM Solution Engineer, Vice President

      MUFG Jersey City, NJ

      View Job
    • Sr Data Quality Analyst, Vice President

      MUFG Jersey City, NJ

      View Job
    • Sr Data Quality Analyst, Vice President

      MUFG Jersey City, NJ

      View Job
    • Identity Access - Team Manager

      Trinet New York, NY

      View Job

    Featured Articles

    Description Of Quality Analyst Training In USA

    02 September 2015

    The fresher’s or the recent college graduate seeking success and high future prospect should choose the software testing training course. For those who have degree but want to have some additional skills should also appear for the Quality Analyst training and testin

    read more..

    Donald Trump view on Immigration Policy: Impact of Trump on H1B Visa Jobs

    06 September 2018

    Donald Trump's View on Immigration and Immigration Policy Summary Donald Trump Immigration policy specifically focused on illegal immigration to the United States, and was used as a signature issue of U.S. President Donald Trump's presid

    read more..

    Criteria For Consulting Companies who Sponsor H1B visa

    25 September 2015

    The international students who are currently working on the OPT, have to face a great deal of worry when their OPT work permit is near to the expiry date. The students in this time period s

    read more..

    Who are H-1B Visa Dependent Employers and what you need to know?

    17 March 2017

    The status of the employer changes to “Dependent-employer” when the employer hires too many foreign employees. Similarly “H-1B Dependent Employers” has majority H-1B visa workers as compared to all workers in the company. T

    read more..

    Thanks For Your Feedback

    Attach A Resume First