Apply on Employer Site

City of New York · 1 month ago

Agency Chief Information Security Officer

New York, NY

Full-time

Onsite

Lead/Staff, Director/Executive

2+ years exp

City of New York is seeking an Agency Chief Information Security Officer (CISO) to maintain an information risk management and cybersecurity program for the New York City Deferred Compensation Plan. The CISO will develop a comprehensive information security program, ensure compliance with policies, and manage strategic relationships within IT.

GovernmentLegalPublic Relations

Responsibilities

Continuously identifying, updating and maintaining information regarding potential security vulnerabilities, risk and threats to the enterprise information technology infrastructure, and distributing technology security information to appropriate staff

Provide instructions and coordination regarding software configuration standards for servers and desktop systems that are or may be attached to the enterprise network where necessary to ensure information technology security

Support corporate risk leadership to review enterprise IT and cyber risks, assess capabilities, prioritize security and risk strategies and communicate risk intelligence in a way that drives business decision- making

Develop policies, procedures, standards and partner with agency employees and consultants to ensure understanding of and adherence to the Citywide Information Security Policies

Coordinates work activities, program functions with other NYC agencies, external business partners related to cyber/information security

Work with the Plan’s external IT auditors during the annual Cyber Security Assessment

Support the development, implementation and monitoring of a comprehensive enterprise information security, compliance and risk management program

Oversee security awareness strategy and programs, including annual employee training and ongoing awareness campaigns to ensure all department employees understand and adhere to information technology policies and standards

Responsible for ensuring compliance with City of New York, Citywide Information Security Policies

Track cyber security incidents and vulnerability reports, direct teams for remediation of issues

Ensure identity and access management is properly documented in the ticketing system

Produce documentation when/where needed

Ensure all systems are equipped and updated with necessary cyber protection tools

Continuously check for security gaps, document findings and take necessary measures to rectify issues discovered

Verify patches, software updates are properly done. Missing patches and inconsistencies should be resolved

Analyze vulnerability reports and operationalize them by providing specific guidance to IT Support teams for remediation

Assess endpoint system health and suggest improvement or remediation steps

Monitor various security tools dashboard, scrutinize numbers, identify anomalies and communicate with appropriate internal and external partners

Qualification

Information Security ManagementCybersecurity Risk AssessmentNetwork AdministrationCompliance ManagementIncident ResponseTeam CoordinationLeadershipCommunication SkillsProblem Solving

Required

Professional/vendor certification(s) in local area network administration that is required for the position to be filled

A baccalaureate degree from an accredited college, and two years of satisfactory full-time (not classroom based) experience in local area network and/or wide area network planning, design, configuration, installation, implementation, troubleshooting, integration, performance monitoring, maintenance, enhancement, and security management

A four-year high school diploma or its educational equivalent and six years of satisfactory full-time (not classroom based) information technology experience of which at least 2 years must have been as described in '1'

A satisfactory equivalent of education and/or experience equivalent to '1' or '2' above. Education may be substituted for experience on the basis that 30 undergraduate semester credits from an accredited college is equivalent to 6 months of experience

A master's degree in computer science or a related field from an accredited college may be substituted for one year of experience

All candidates must have at least one year of satisfactory (not classroom based) full-time information technology experience as described in '1' above

Incumbents may be required to update existing and/or obtain additional professional industry-standard certification(s) for current and future technical environments(s) in which they may be assigned to work, as determined by the employing agency