The New York Public Library is hiring: Associate Director, Cybersecurity in New

Join to apply for the Associate Director, Cybersecurity role at The New York Public Library Compensation: $145,000 - $175,000 / year Department: Information Technology Location: Crystal Building 40 W 20th St Overview NYPL Technology supports the Library’s mission through robust IT services, including business applications, desktop support, networking, systems, and cybersecurity. The Cybersecurity team safeguards personally identifiable information (PII) and critical systems across the Library. The Associate Director, Cybersecurity is a hands-on technical leader responsible for NYPL’s cybersecurity operations and team. This role requires both strategic oversight and direct execution — from managing security tools and incident response to communicating risks and building cross-functional alignment. The role also partners closely with the IT Policy and Strategy team to embed cybersecurity awareness and operational practices across the organization. Responsibilities Own : Leadership of NYPL’s cybersecurity team and daily operations Technical architecture and administration of the cybersecurity ecosystem Relationships with business partners, vendors, and government entities Communication of cybersecurity posture to senior leadership Cybersecurity KPIs, OKRs, and roadmap planning Teach : Mentor cybersecurity staff and build organization-wide awareness Guide teams in understanding and balancing risk Partner with IT and business units to promote security-by-design Learn : The Library’s unique public-sector responsibilities and dynamics Evolving regulatory and community expectations How to right-size tools and processes for transparency, scale, and resilience Improve : Operational efficiency and incident response maturity Cross-functional collaboration and communication Public trust in NYPL’s cybersecurity leadership Expectations within the first months : 1 month : Directly review current network topology, configurations, and circuit health across 90+ sites Log into and inspect FortiManager, FortiAnalyzer, and FortiGate firewall policies Validate AWS networking setup including VPN tunnels, security groups, and routing tables Shadow the team during real-time incident response and review escalated network tickets Assess monitoring and alerting workflows (SolarWinds, Cacti, etc.) for gaps or noise 3 months : Personally lead a review and cleanup of legacy switch/router configs and firewall rules Optimize alert thresholds and performance dashboards across network monitoring tools Audit AWS VPC structure and VPN connectivity for resiliency and best practices Introduce configuration or automation improvements based on early observations Report on baseline network health, ticket trends, and team responsiveness with recommendations 6 months and beyond : Architect and implement targeted improvements (e.g., circuit upgrades, core switch refresh, AWS route tuning) Lead technical planning for capital projects, wiring closet rebuilds, and site expansions Serve as Tier-3 hands-on escalation for complex or recurring network incidents Validate network security controls (segmentation, NAC, remote access) across all layers Deliver measurable gains in uptime, response time, and documentation maturity Core Responsibilities Develop and enforce cybersecurity policies, procedures, and standards Lead threat detection, investigation, and response efforts across the organization Administer and optimize NYPL’s cybersecurity tools, including EDR, NDR, and phishing defense platforms Analyze security alerts and threat intel to drive real-time response and containment Conduct hands-on technical reviews of security events, response workflows, and emerging risks Coordinate audits, tabletop exercises, and maturity assessments Report on cybersecurity posture, risk trends, and incidents to senior leadership Collaboration & Communication Build alignment with stakeholders to balance security and operations Liaise with NYC Cyber Command, Physical Security, and law enforcement Advance cybersecurity awareness across the organization Partner with IT and business leads to close security gaps Lead complex, cross-functional cybersecurity initiatives Maintain trust through clear, timely communication during incidents Required Education, Experience & Skills Required Education & Certifications Bachelor's degree or combination of education and work experience Required Experience 8+ years administering technology in widely distributed or decentralized organizations 5+ years in a cybersecurity leadership role with direct stakeholder engagement responsibilities 5+ years managing teams in complex, cross-functional environments Demonstrated experience operating in public sector, non-profit, or highly regulated settings Proven ability to lead and influence implementation of new cybersecurity policies and procedures across diverse teams Strong hands-on experience with vulnerability management, network security, and systems security Familiarity with building and scaling cybersecurity programs from both strategic and operational perspectives Deep knowledge of NIST, ISO, or similar cybersecurity frameworks and how to apply them in real-world business contexts Experience navigating regulatory compliance, public sector governance, and politically sensitive environments Track record of leading cross-functional initiatives with multiple stakeholders, including boards, government agencies, and community partners Required Skills Exceptional written and verbal communication skills; able to tailor complex security topics for technical teams, business stakeholders, and executive leadership Strong critical thinking and problem-solving abilities, with a track record of delivering solutions under tight budget and resource constraints Deep understanding of risk management with pragmatic, business-aligned remediation strategies Demonstrated ability to influence without authority across complex organizational structures High emotional intelligence and the ability to navigate organizational dynamics and manage change Skilled at building consensus among diverse stakeholder groups with competing priorities Experience translating technical risk into business impact for non-technical audiences, including executives and board members Familiarity with public sector environments, including political and community considerations Broad hands-on expertise across core Information Security domains, including: Incident Response BCP/DR Endpoint protection (AV/MDR) Security monitoring and SIEM Log aggregation WAF and firewall management Patch and vulnerability management Penetration testing and incident response coordination Managerial/Supervisory Responsibilities Direct management of a team with focus on developing both technical and soft skills. This position reports to the Senior Director, ITIO & Cybersecurity and coordinates executive communications through established IT leadership and communication channels. Core Values Be Helpful to patrons and colleagues Be Resourceful in solving problems Be Curious in all aspects of your work Be Welcoming and Inclusive Work Environment Office setting with significant stakeholder interaction Hybrid 3-on / 2-off as workload permits Physical Duties Lift equipment up to 25 lbs Pre-Placement Physical Required? No Union/Non Union Non-Union FLSA Status Exempt Schedule Available on-call after hours and weekends Hybrid 3-on / 2-off as workload permits Travel to NYPL sites as needed Availability for stakeholder meetings and community events as required This job description represents the types and levels of responsibilities that will be required of the position and shall not be construed as a declaration of all of the specific duties and responsibilities for the role. Job duties may change if Library priorities change. Employees may be directed to perform job-related tasks other than those specifically presented in this description as needed. The New York Public Library salary statement and pay transparency policy is included for informational purposes only. The Library reserves the right to alter pay and benefits at its discretion. #J-18808-Ljbffr