The New York Public Library
Join to apply for the
Associate Director, Cybersecurity
role at
The New York Public Library
Compensation:
$145,000 - $175,000 / year
Department:
Information Technology
Location:
Crystal Building 40 W 20th St
Overview NYPL Technology supports the Library’s mission through robust IT services, including business applications, desktop support, networking, systems, and cybersecurity. The Cybersecurity team safeguards personally identifiable information (PII) and critical systems across the Library.
The
Associate Director, Cybersecurity
is a hands-on technical leader responsible for NYPL’s cybersecurity operations and team. This role requires both strategic oversight and direct execution — from managing security tools and incident response to communicating risks and building cross-functional alignment. The role also partners closely with the IT Policy and Strategy team to embed cybersecurity awareness and operational practices across the organization.
Responsibilities Own :
Leadership of NYPL’s cybersecurity team and daily operations
Technical architecture and administration of the cybersecurity ecosystem
Relationships with business partners, vendors, and government entities
Communication of cybersecurity posture to senior leadership
Cybersecurity KPIs, OKRs, and roadmap planning
Teach :
Mentor cybersecurity staff and build organization-wide awareness
Guide teams in understanding and balancing risk
Partner with IT and business units to promote security-by-design
Learn :
The Library’s unique public-sector responsibilities and dynamics
Evolving regulatory and community expectations
How to right-size tools and processes for transparency, scale, and resilience
Improve :
Operational efficiency and incident response maturity
Cross-functional collaboration and communication
Public trust in NYPL’s cybersecurity leadership
Expectations within the first months :
1 month : Directly review current network topology, configurations, and circuit health across 90+ sites
Log into and inspect FortiManager, FortiAnalyzer, and FortiGate firewall policies
Validate AWS networking setup including VPN tunnels, security groups, and routing tables
Shadow the team during real-time incident response and review escalated network tickets
Assess monitoring and alerting workflows (SolarWinds, Cacti, etc.) for gaps or noise
3 months : Personally lead a review and cleanup of legacy switch/router configs and firewall rules
Optimize alert thresholds and performance dashboards across network monitoring tools
Audit AWS VPC structure and VPN connectivity for resiliency and best practices
Introduce configuration or automation improvements based on early observations
Report on baseline network health, ticket trends, and team responsiveness with recommendations
6 months and beyond : Architect and implement targeted improvements (e.g., circuit upgrades, core switch refresh, AWS route tuning)
Lead technical planning for capital projects, wiring closet rebuilds, and site expansions
Serve as Tier-3 hands-on escalation for complex or recurring network incidents
Validate network security controls (segmentation, NAC, remote access) across all layers
Deliver measurable gains in uptime, response time, and documentation maturity
Core Responsibilities
Develop and enforce cybersecurity policies, procedures, and standards
Lead threat detection, investigation, and response efforts across the organization
Administer and optimize NYPL’s cybersecurity tools, including EDR, NDR, and phishing defense platforms
Analyze security alerts and threat intel to drive real-time response and containment
Conduct hands-on technical reviews of security events, response workflows, and emerging risks
Coordinate audits, tabletop exercises, and maturity assessments
Report on cybersecurity posture, risk trends, and incidents to senior leadership
Collaboration & Communication
Build alignment with stakeholders to balance security and operations
Liaise with NYC Cyber Command, Physical Security, and law enforcement
Advance cybersecurity awareness across the organization
Partner with IT and business leads to close security gaps
Lead complex, cross-functional cybersecurity initiatives
Maintain trust through clear, timely communication during incidents
Required Education, Experience & Skills Required Education & Certifications
Bachelor's degree or combination of education and work experience
Required Experience
8+ years administering technology in widely distributed or decentralized organizations
5+ years in a cybersecurity leadership role with direct stakeholder engagement responsibilities
5+ years managing teams in complex, cross-functional environments
Demonstrated experience operating in public sector, non-profit, or highly regulated settings
Proven ability to lead and influence implementation of new cybersecurity policies and procedures across diverse teams
Strong hands-on experience with vulnerability management, network security, and systems security
Familiarity with building and scaling cybersecurity programs from both strategic and operational perspectives
Deep knowledge of NIST, ISO, or similar cybersecurity frameworks and how to apply them in real-world business contexts
Experience navigating regulatory compliance, public sector governance, and politically sensitive environments
Track record of leading cross-functional initiatives with multiple stakeholders, including boards, government agencies, and community partners
Required Skills
Exceptional written and verbal communication skills; able to tailor complex security topics for technical teams, business stakeholders, and executive leadership
Strong critical thinking and problem-solving abilities, with a track record of delivering solutions under tight budget and resource constraints
Deep understanding of risk management with pragmatic, business-aligned remediation strategies
Demonstrated ability to influence without authority across complex organizational structures
High emotional intelligence and the ability to navigate organizational dynamics and manage change
Skilled at building consensus among diverse stakeholder groups with competing priorities
Experience translating technical risk into business impact for non-technical audiences, including executives and board members
Familiarity with public sector environments, including political and community considerations
Broad hands-on expertise across core Information Security domains, including:
Incident Response
BCP/DR
Endpoint protection (AV/MDR)
Security monitoring and SIEM
Log aggregation
WAF and firewall management
Patch and vulnerability management
Penetration testing and incident response coordination
Managerial/Supervisory Responsibilities
Direct management of a team with focus on developing both technical and soft skills. This position reports to the Senior Director, ITIO & Cybersecurity and coordinates executive communications through established IT leadership and communication channels.
Core Values
Be
Helpful
to patrons and colleagues
Be
Resourceful
in solving problems
Be
Curious
in all aspects of your work
Be
Welcoming
and
Inclusive
Work Environment
Office setting with significant stakeholder interaction
Hybrid 3-on / 2-off as workload permits
Physical Duties
Lift equipment up to 25 lbs
Pre-Placement Physical Required? No
Union/Non Union Non-Union
FLSA Status Exempt
Schedule
Available on-call after hours and weekends
Hybrid 3-on / 2-off as workload permits
Travel to NYPL sites as needed
Availability for stakeholder meetings and community events as required
This job description represents the types and levels of responsibilities that will be required of the position and shall not be construed as a declaration of all of the specific duties and responsibilities for the role. Job duties may change if Library priorities change. Employees may be directed to perform job-related tasks other than those specifically presented in this description as needed.
The New York Public Library salary statement and pay transparency policy is included for informational purposes only. The Library reserves the right to alter pay and benefits at its discretion.
#J-18808-Ljbffr
Associate Director, Cybersecurity
role at
The New York Public Library
Compensation:
$145,000 - $175,000 / year
Department:
Information Technology
Location:
Crystal Building 40 W 20th St
Overview NYPL Technology supports the Library’s mission through robust IT services, including business applications, desktop support, networking, systems, and cybersecurity. The Cybersecurity team safeguards personally identifiable information (PII) and critical systems across the Library.
The
Associate Director, Cybersecurity
is a hands-on technical leader responsible for NYPL’s cybersecurity operations and team. This role requires both strategic oversight and direct execution — from managing security tools and incident response to communicating risks and building cross-functional alignment. The role also partners closely with the IT Policy and Strategy team to embed cybersecurity awareness and operational practices across the organization.
Responsibilities Own :
Leadership of NYPL’s cybersecurity team and daily operations
Technical architecture and administration of the cybersecurity ecosystem
Relationships with business partners, vendors, and government entities
Communication of cybersecurity posture to senior leadership
Cybersecurity KPIs, OKRs, and roadmap planning
Teach :
Mentor cybersecurity staff and build organization-wide awareness
Guide teams in understanding and balancing risk
Partner with IT and business units to promote security-by-design
Learn :
The Library’s unique public-sector responsibilities and dynamics
Evolving regulatory and community expectations
How to right-size tools and processes for transparency, scale, and resilience
Improve :
Operational efficiency and incident response maturity
Cross-functional collaboration and communication
Public trust in NYPL’s cybersecurity leadership
Expectations within the first months :
1 month : Directly review current network topology, configurations, and circuit health across 90+ sites
Log into and inspect FortiManager, FortiAnalyzer, and FortiGate firewall policies
Validate AWS networking setup including VPN tunnels, security groups, and routing tables
Shadow the team during real-time incident response and review escalated network tickets
Assess monitoring and alerting workflows (SolarWinds, Cacti, etc.) for gaps or noise
3 months : Personally lead a review and cleanup of legacy switch/router configs and firewall rules
Optimize alert thresholds and performance dashboards across network monitoring tools
Audit AWS VPC structure and VPN connectivity for resiliency and best practices
Introduce configuration or automation improvements based on early observations
Report on baseline network health, ticket trends, and team responsiveness with recommendations
6 months and beyond : Architect and implement targeted improvements (e.g., circuit upgrades, core switch refresh, AWS route tuning)
Lead technical planning for capital projects, wiring closet rebuilds, and site expansions
Serve as Tier-3 hands-on escalation for complex or recurring network incidents
Validate network security controls (segmentation, NAC, remote access) across all layers
Deliver measurable gains in uptime, response time, and documentation maturity
Core Responsibilities
Develop and enforce cybersecurity policies, procedures, and standards
Lead threat detection, investigation, and response efforts across the organization
Administer and optimize NYPL’s cybersecurity tools, including EDR, NDR, and phishing defense platforms
Analyze security alerts and threat intel to drive real-time response and containment
Conduct hands-on technical reviews of security events, response workflows, and emerging risks
Coordinate audits, tabletop exercises, and maturity assessments
Report on cybersecurity posture, risk trends, and incidents to senior leadership
Collaboration & Communication
Build alignment with stakeholders to balance security and operations
Liaise with NYC Cyber Command, Physical Security, and law enforcement
Advance cybersecurity awareness across the organization
Partner with IT and business leads to close security gaps
Lead complex, cross-functional cybersecurity initiatives
Maintain trust through clear, timely communication during incidents
Required Education, Experience & Skills Required Education & Certifications
Bachelor's degree or combination of education and work experience
Required Experience
8+ years administering technology in widely distributed or decentralized organizations
5+ years in a cybersecurity leadership role with direct stakeholder engagement responsibilities
5+ years managing teams in complex, cross-functional environments
Demonstrated experience operating in public sector, non-profit, or highly regulated settings
Proven ability to lead and influence implementation of new cybersecurity policies and procedures across diverse teams
Strong hands-on experience with vulnerability management, network security, and systems security
Familiarity with building and scaling cybersecurity programs from both strategic and operational perspectives
Deep knowledge of NIST, ISO, or similar cybersecurity frameworks and how to apply them in real-world business contexts
Experience navigating regulatory compliance, public sector governance, and politically sensitive environments
Track record of leading cross-functional initiatives with multiple stakeholders, including boards, government agencies, and community partners
Required Skills
Exceptional written and verbal communication skills; able to tailor complex security topics for technical teams, business stakeholders, and executive leadership
Strong critical thinking and problem-solving abilities, with a track record of delivering solutions under tight budget and resource constraints
Deep understanding of risk management with pragmatic, business-aligned remediation strategies
Demonstrated ability to influence without authority across complex organizational structures
High emotional intelligence and the ability to navigate organizational dynamics and manage change
Skilled at building consensus among diverse stakeholder groups with competing priorities
Experience translating technical risk into business impact for non-technical audiences, including executives and board members
Familiarity with public sector environments, including political and community considerations
Broad hands-on expertise across core Information Security domains, including:
Incident Response
BCP/DR
Endpoint protection (AV/MDR)
Security monitoring and SIEM
Log aggregation
WAF and firewall management
Patch and vulnerability management
Penetration testing and incident response coordination
Managerial/Supervisory Responsibilities
Direct management of a team with focus on developing both technical and soft skills. This position reports to the Senior Director, ITIO & Cybersecurity and coordinates executive communications through established IT leadership and communication channels.
Core Values
Be
Helpful
to patrons and colleagues
Be
Resourceful
in solving problems
Be
Curious
in all aspects of your work
Be
Welcoming
and
Inclusive
Work Environment
Office setting with significant stakeholder interaction
Hybrid 3-on / 2-off as workload permits
Physical Duties
Lift equipment up to 25 lbs
Pre-Placement Physical Required? No
Union/Non Union Non-Union
FLSA Status Exempt
Schedule
Available on-call after hours and weekends
Hybrid 3-on / 2-off as workload permits
Travel to NYPL sites as needed
Availability for stakeholder meetings and community events as required
This job description represents the types and levels of responsibilities that will be required of the position and shall not be construed as a declaration of all of the specific duties and responsibilities for the role. Job duties may change if Library priorities change. Employees may be directed to perform job-related tasks other than those specifically presented in this description as needed.
The New York Public Library salary statement and pay transparency policy is included for informational purposes only. The Library reserves the right to alter pay and benefits at its discretion.
#J-18808-Ljbffr