hero

AEG Job Board

Discover career opportunities in the AEG Sponsor network

Deputy Chief Information Security Officer (CISO)

City of New York

City of New York

IT
Brooklyn, NY, USA
Posted on Dec 25, 2024

Deputy Chief Information Security Officer (CISO)

  1. TECHNOLOGY & INNOVATION
Posted on: 12/24/2024
  1. Full-time

Location

BROOKLYN

  1. Exam may be required

Department

CYBER ADMIN & OPERATIONS

$100,102.00 – $247,494.00

Job Description

The Office of Technology and Innovation (OTI) leverages technology to drive opportunity, improve public safety, and help government run better across New York City. From delivering affordable broadband to protecting against cybersecurity threats and building digital government services, OTI is at the forefront of how the City delivers for New Yorkers in the 21st century. Watch our welcome video to see our work in action, follow us on social media @NYCOfficeofTech, and visit oti.nyc.gov to learn more.

At OTI, we offer great benefits, and the chance to work on projects that have a meaningful impact on millions of people. You'll have the opportunity to work with cutting-edge technology and collaborate with other passionate professionals who share your drive and commitment to making a difference through technology.

NYC Cyber Command is seeking a Deputy Chief Information Security Officer (CISO) who will lead in the implementation and management of information security controls that will increase the Agency s overall information security posture.

Under the direction of the CISO, the successful candidate will be responsible for the integration of information security controls and overall information security awareness across departments and units. The Deputy CISO directs the overall planning and execution of enterprise security systems, using operational and tactical expertise to direct security management reports, who oversee analysts, engineers and architects.

The Deputy CISO will be responsible for the compliance of IT systems, applications and networks with security policies and information protection strategies; develop, publish, and maintain Agency information security policies, standards, procedures, and guidelines; provide technical guidance and training to information "owners," agency IT teams, and design and implement programs for user awareness, and security compliance monitoring. The candidate will analyze potential security risks or breaches that have occurred and implement widely accepted and automated technologies to mitigate these risks/breaches and harden security systems for effective defense.

The Deputy CISO must have a strong technical background and fully understand threats, risk mitigation and technical controls to lead a team of security professionals through organizational objectives and defenses. The Deputy CISO assumes accountability for the daily tactical operations and overall strategic execution of the team under their leadership.

Responsibilities will include but are not limited to:
- Lead the design and development of protective and detective cybersecurity controls, configurations, and architectures with a strong focus on zero trust methodologies, cloud architectures,
IT/OT environments, and big data analytics;
- Implement robust, enterprise level security services across multiple city agencies in both OT and IT environments, such as identity and access management (IAM), email security, endpoint
detection and response (EDR), data loss prevention (DLP), etc;
- Oversee a team to perform security reviews, identify gaps in security architecture, and develop current and future state security architectures;
- Lead the telemetry onboarding program to ensure highly resilient and scalable data enablement for security operations, cyber threat intelligence, and incident response technologies and
teams;
- Manage the design, build, install, configure, and test dedicated cyber defense systems (hardware & software);
- Collaborate with both technical and non-technical teams to integrate security controls and procedures into workflows.
- Make recommendations to the Chief Information Officer on an information security roadmap based on risk analysis and assessments for current state and future state of information security
posture.
- Report regularly to senior management, keeping them abreast of the security landscape and the tactical controls and strategic plans to achieve success.
- Lead in developing communications for NYC Agency end users and stakeholders around cyber security issues.
- Ensure compliance with Citywide and agency security policies and standards;
- Design security solutions; conducts IT risk assessments and recommended mitigating solutions;
- Define, manage and monitor data security, confidentiality, integrity, and availability;
- Identify probable system exposures, compromises, problems, or design flaws and escalates issues to upper management to limit serious performance impact;

HOURS/SHIFT
Day - Due to the necessary technical management duties of this position in a 24/7 operation, candidate may be required to be on call and/or work various shifts such as weekends and/or evenings.

WORK LOCATION
Brooklyn, NY

TO APPLY
Please go to www.cityjobs/jobs/search and search for Job ID#695078

Only permanent employees in the title and those that are reachable on the civil service list are eligible to apply.

* Interested applicants with other civil service titles who meet the preferred requirements should also submit a resume for consideration

SUBMISSION OF A RESUME IS NOT A GUARANTEE THAT YOU WILL RECEIVE AN INTERVIEW
APPOINTMENTS ARE SUBJECT TO OVERSIGHT APPROVAL


Minimum Qualifications

1. A master's degree in computer science from an accredited college or university and three (3) years of progressively more responsible, full-time, satisfactory experience in Information Technology (IT) including applications development, systems development, data communications and networking, database administration, data processing, or user services. At least eighteen (18) months of this experience must have been in an administrative, managerial or executive capacity in the areas of applications development, systems development, data communications and networking, database administration, data processing or in the supervision of staff performing these duties; or

2. A baccalaureate degree from an accredited college or university and four (4) years of progressively more responsible, full-time, satisfactory experience as described in "1" above; or

3. A four-year high school diploma or its educational equivalent, and six (6) years of progressively more responsible, full-time, satisfactory experience as described in "1" above; or

4. A satisfactory combination of education and experience equivalent to "1", "2" or "3" above. However, all candidates must have at least a four-year high school diploma or its educational equivalent and must possess at least three (3) years of experience as described in "1" above, including the eighteen (18) months of administrative, managerial, executive or supervisory experience as described in "1" above.

In the absence of a baccalaureate degree, undergraduate credits may be substituted for a maximum of two (2) years of the required experience in IT on the basis of 30 semester credits for six (6) months of the required experience. Graduate credits in computer science may be substituted for a maximum of one (1) year of the required experience in IT on the basis of 30 graduate semester credits in computer science for one (1) year of the required IT experience. However, undergraduate and/or graduate credits may not be substituted for the eighteen (18) months of experience in an administrative, managerial, executive, or supervisory capacity as described in "1" above.


Preferred Skills

The preferred candidate should possess the following: - 7+ years of network or security operational experience, including at least 2 years in a senior management/Director level position in an IT enterprise environment, or cyber security focused organization - Significant and demonstrated capabilities to assess organizational cyber security hygiene, quantify cyber risk in a prioritized schema, and recommend tactical and strategic courses of action to executive leadership - Experience in execution cyber security uplift in government, financial services or professional services industry - Demonstrable knowledge of information security technologies, networking and network and systems architecture - Deep and hands-on understanding of the current cyber threat landscape, attack methodologies, and risk mitigation/ remediation methods experience in cyber forensics and highly complex threat analyses - Possess CISSP, CISM, and/or other information security and information security management certifications - Knowledge of common information security management frameworks, such as NIST or other data security standards or widely accepted information security recommended actions - In-depth knowledge of complex network architecture, internet connectivity and DMZ hosting strategies - Track record of applying innovation successfully in technology environments - Strong believer in enhancing employee skills and promoting training, use of cyber range skill improvement, and breach and attack simulation (BAS) solutions - Excellent written and verbal communication skills.
55a Program

This position is also open to qualified persons with a disability who are eligible for the 55-a Program. Please indicate at the top of your resume and cover letter that you would like to be considered for the position through the 55-a Program.
Public Service Loan Forgiveness

As a prospective employee of the City of New York, you may be eligible for federal loan forgiveness programs and state repayment assistance programs. For more information, please visit the U.S. Department of Education’s website at https://studentaid.gov/pslf/.
Residency Requirement

New York City Residency is not required for this position
Additional Information

The City of New York is an inclusive equal opportunity employer committed to recruiting and retaining a diverse workforce and providing a work environment that is free from discrimination and harassment based upon any legally protected status or protected characteristic, including but not limited to an individual's sex, race, color, ethnicity, national origin, age, religion, disability, sexual orientation, veteran status, gender identity, or pregnancy.

Job ID

695078

Title code

10050

Civil service title

COMPUTER SYSTEMS MANAGER

Title classification

Competitive-1

Business title

Deputy Chief Information Security Officer (CISO)

  1. Executive

Job level

M5

Number of positions

1

Work location

11 Metrotech Center

  1. Technology, Data & Innovation

Deputy Chief Information Security Officer (CISO)