Apply on Employer Site

NYC Department of Health and Mental Hygiene · 2 weeks ago

Cybersecurity Senior Data Analyst

All, MO

Full-time

Hybrid

Mid, Senior Level

$92K/yr - $110K/yr

4+ years exp

NYC Department of Health and Mental Hygiene is dedicated to protecting and improving the health of New Yorkers. The Cybersecurity Senior Data Analyst will execute advisory and audit projects while assessing cybersecurity risks, compliance, and operational efficiencies within the department.

Health Care

Responsibilities

Plan and execute advisory, assessment and audit projects using information technology (IT) Governance, Risk and Compliance (GRC) best practices, methodologies and tools

Conduct research and analysis of the agency’ systems, IT hardware and network infrastructure, programs, IT contracts and procurement, IT professional services, and compliance with the City’s and Agency’s policies and procedures and in comparison, to federal and industry recommended standards, frameworks and controls

Assist in the development of cybersecurity audit plans, test plans, system analyses and IT system controls

Document and present IT advisory, assessment and audit reports – including test results – to all levels of management

Perform cybersecurity IT audits, security risk assessments, IT system integrity testing, IT controls reviews and integrated audits with fiscal auditors

Research, analyze and evaluate risks and controls relevant to cybersecurity and provide risk assessment and risk mitigation recommendations

Document project lessons learned and help identify risk management and performance improvement opportunities

Support Audit Management in conducting internal reviews of the Department’s general IT system controls (e.g., access control, audit and accountability, configuration management, contingency planning, incident response and disaster recovery, physical and environmental protection, data center operations, supply chain risk management, etc.), and recommend controls to mitigate risks

Support the assessment of Department’s compliance with federal requirements such as HIPAA Security and Privacy rules

Maintain ongoing and open communication with the Department’s programs – including the Division of Information Technology Office of Cybersecurity on general and application control issues and implementation of corrective actions

Prepare and maintain complete work paper documentation, memos, and letters

Act as the agency’s representative during external audits/ reviews, and as a liaison between the Comptroller’s Office, third party auditors/reviews and the division/bureau being audited

Seek self-improvement through education, certification, training, and staying abreast of current and emerging technologies; and

Research and stay up-to-date on IT risk management and relevant audit concepts and methods

Qualification

Cybersecurity auditRisk assessmentIT GovernanceISO 2700XCISSPSQLCommunicationInterpersonal skillsProject managementAdaptability

Required

A baccalaureate degree, from an accredited college including or supplemented by twenty-four (24) semester credits in cyber security, network security, computer science, computer programming, computer engineering, information technology, information science, information systems management, network administration, or a pertinent scientific, technical or related area

A four-year high school diploma or its equivalent approved by a State's department of education or a recognized accrediting organization and three years of satisfactory experience in any of the areas described in '1' above

Education and/or experience equivalent to '1' or '2', above. College education may be substituted for up to two years of the required experience in '2' above on the basis that sixty (60) semester credits from an accredited college is equated to one year of experience. In addition, twenty-four (24) credits from an accredited college or graduate school in cyber security, network security, computer science, computer programming, computer engineering, information technology, information science, information systems management, network administration, or a pertinent scientific, technical or related area; or a certificate of at least 625 hours in computer programming from an accredited technical school (post high school), may be substituted for one year of experience

Preferred

A baccalaureate (BA/BS) degree from an accredited college or university in information technology, computer science, systems engineering, cybersecurity, accounting, business or a related area, including or supplemented by (i) 24 semester credits in computer science, or 24 semester credits in accounting and auditing or a closely related field and one (1) or more years of experience in information technology in information systems and cybersecurity audit, or cybersecurity risk, governance or compliance management, cybersecurity incident management, or cybersecurity operations

Highly motivated, self-directed and organized professional with the ability to plan and execute a project

Business analysis with a curious mindset and interest to learn new information

Excellent oral and written – including word-based and graphic – communication skills

Ability to work independently when given specific instructions

Excellent interpersonal and relationship building skills

Ability to adapt to change quickly and follow directions, and capable of handling multiple projects at the same time and meet deadlines

Understanding of the CIA Triad and cyber security frameworks such as ISO 2700X, COBIT 5, and NIST CSF and 800-53

Related industry certifications or actively pursuing certifications such as Security+, CISSP, CISA, and/or CISM

Advanced knowledge of Microsoft Office Suite: Word, Excel, PowerPoint, Access, and Visio

ACL (Audit Command Language) or SQL (Structured Query Language) experience is a plus

Basic understanding of commonly used operation systems, databases, network structures

Ability to create and maintain project plans with Gannt charts and other audit project plan records

Benefits

A premium-free health insurance plan that saves employees over $10K annually, per a 2024 assessment.

Additional health, fitness, and financial benefits may be available based on the position’s associated union/benefit fund.

A public sector defined benefit pension plan with steady monthly payments in retirement.

A tax-deferred savings program

A robust Worksite Wellness Program that offers resources and opportunities to keep you healthy while serving New Yorkers.

Work From Home Policy: Depending on your position, you may be able to work up to two days during the week from home.

Job Security - you could enjoy more job security compared to private sector employment and be able to contribute to making NYC a healthy place to live and work.