City of New York
Overview
Agency Chief Information Security Officer (CISO) for the New York City Deferred Compensation Plan (the Plan). The CISO is responsible for maintaining an information risk management and cybersecurity program for the Plan and will work with all areas of the Plan’s business to develop a "best in class" information security and compliance program to assess technology platform risks and protect Plan information assets. The CISO acts as an advisor to the Plan’s CIO regarding the Plan’s compliance with the Citywide Information Security Policies. Responsibilities
It & Cyber Security Risk Management: Continuously identifying, updating and maintaining information regarding potential security vulnerabilities, risk and threats to the enterprise information technology infrastructure, and distributing technology security information to appropriate staff; provide instructions and coordination regarding software configuration standards for servers and desktop systems that are or may be attached to the enterprise network; support corporate risk leadership to review enterprise IT and cyber risks, assess capabilities, prioritize security and risk strategies and communicate risk intelligence to drive business decision-making. Ciso Program Governance & Management: Develop policies, procedures, standards and partner with agency employees and consultants to ensure understanding of and adherence to the Citywide Information Security Policies; coordinate work activities and program functions with other NYC agencies and external partners related to cyber/information security; work with the Plan’s external IT auditors during the annual Cyber Security Assessment; support the development, implementation and monitoring of a comprehensive enterprise information security, compliance and risk management program; oversee security awareness strategy and programs including annual employee training and ongoing awareness campaigns; ensure compliance with City of New York, Citywide Information Security Policies. Cyber Security Operations / Activities: Track cyber security incidents and vulnerability reports, direct teams for remediation; ensure identity and access management is properly documented in the ticketing system; produce documentation when/where needed; ensure all systems are equipped and updated with necessary cyber protection tools; continuously check for security gaps, document findings and take necessary measures; verify patches and updates are properly applied; analyze vulnerability reports and provide guidance to IT Support teams; assess endpoint system health and suggest remediation; monitor security tools dashboards, identify anomalies and communicate with internal and external partners. Minimum Qualifications
Professional/vendor certification(s) in local area network administration as required for the position; in addition, candidates must have the following: A baccalaureate degree from an accredited college, and two years of satisfactory full-time (not classroom based) experience in LAN/WAN planning, design, configuration, installation, implementation, troubleshooting, integration, performance monitoring, maintenance, enhancement, and security management; or A four-year high school diploma or its educational equivalent and six years of satisfactory full-time (not classroom based) information technology experience with at least 2 years described above; or A satisfactory equivalent of education and/or experience; education may be substituted for experience with 30 undergraduate credits equaling 6 months of experience. A master’s degree may substitute for one year of experience. All candidates must have at least one year of satisfactory full-time information technology experience as described above. Note: Incumbents may be required to update or obtain additional professional industry-standard certifications for current and future technical environments as determined by the employing agency. Preferred Skills
Minimum of 6 years’ experience managing information security programs in government or similar environments; designing and implementing IT security solutions; deep understanding of security threats and preventative measures. Familiarity with cyber-security frameworks such as NIST, CIS Controls, PCI-DSS, CCM, etc.; strong knowledge of LAN/WAN, systems administration, Active Directory, PowerShell, group policy, virtualization, cloud and IT security technologies. Experience with systems access management, change management, security monitoring and intrusion detection, vulnerability management, endpoint security management, cloud security, data loss prevention, encryption, disaster recovery, data management, physical security, vendor management. Experience with tools such as CrowdStrike, McAfee, Pulse Secure, Cisco; familiarity with Windows Server, Rapid7, MS Office 365, Endpoint Security and Enterprise Mobility in the cloud; holding IT security certifications (e.g., Security+, CISSP, CISA, CISM, CySA+, CRISC, C-CISO, SSCP, CASP, CEH, GIAC) or equivalent. Additional Information
55a Program: This position is also open to qualified persons with a disability who are eligible for the 55-a Program. Please indicate at the top of your resume and cover letter that you would like to be considered for the position through the 55-a Program. Public Service Loan Forgiveness: You may be eligible for federal loan forgiveness programs and state repayment assistance programs. For more information, visit studentaid.gov/pslf/. Residency Requirement: New York City Residency is not required for this position. EEO: The City of New York is an inclusive equal opportunity employer committed to recruiting and retaining a diverse workforce and providing a work environment free from discrimination and harassment based on protected status or characteristic. Compensation: $114,930.00 – $173,473.00 Job Details
Seniority level: Executive Employment type: Full-time Job function: Information Technology Industries: Government Administration
#J-18808-Ljbffr
Agency Chief Information Security Officer (CISO) for the New York City Deferred Compensation Plan (the Plan). The CISO is responsible for maintaining an information risk management and cybersecurity program for the Plan and will work with all areas of the Plan’s business to develop a "best in class" information security and compliance program to assess technology platform risks and protect Plan information assets. The CISO acts as an advisor to the Plan’s CIO regarding the Plan’s compliance with the Citywide Information Security Policies. Responsibilities
It & Cyber Security Risk Management: Continuously identifying, updating and maintaining information regarding potential security vulnerabilities, risk and threats to the enterprise information technology infrastructure, and distributing technology security information to appropriate staff; provide instructions and coordination regarding software configuration standards for servers and desktop systems that are or may be attached to the enterprise network; support corporate risk leadership to review enterprise IT and cyber risks, assess capabilities, prioritize security and risk strategies and communicate risk intelligence to drive business decision-making. Ciso Program Governance & Management: Develop policies, procedures, standards and partner with agency employees and consultants to ensure understanding of and adherence to the Citywide Information Security Policies; coordinate work activities and program functions with other NYC agencies and external partners related to cyber/information security; work with the Plan’s external IT auditors during the annual Cyber Security Assessment; support the development, implementation and monitoring of a comprehensive enterprise information security, compliance and risk management program; oversee security awareness strategy and programs including annual employee training and ongoing awareness campaigns; ensure compliance with City of New York, Citywide Information Security Policies. Cyber Security Operations / Activities: Track cyber security incidents and vulnerability reports, direct teams for remediation; ensure identity and access management is properly documented in the ticketing system; produce documentation when/where needed; ensure all systems are equipped and updated with necessary cyber protection tools; continuously check for security gaps, document findings and take necessary measures; verify patches and updates are properly applied; analyze vulnerability reports and provide guidance to IT Support teams; assess endpoint system health and suggest remediation; monitor security tools dashboards, identify anomalies and communicate with internal and external partners. Minimum Qualifications
Professional/vendor certification(s) in local area network administration as required for the position; in addition, candidates must have the following: A baccalaureate degree from an accredited college, and two years of satisfactory full-time (not classroom based) experience in LAN/WAN planning, design, configuration, installation, implementation, troubleshooting, integration, performance monitoring, maintenance, enhancement, and security management; or A four-year high school diploma or its educational equivalent and six years of satisfactory full-time (not classroom based) information technology experience with at least 2 years described above; or A satisfactory equivalent of education and/or experience; education may be substituted for experience with 30 undergraduate credits equaling 6 months of experience. A master’s degree may substitute for one year of experience. All candidates must have at least one year of satisfactory full-time information technology experience as described above. Note: Incumbents may be required to update or obtain additional professional industry-standard certifications for current and future technical environments as determined by the employing agency. Preferred Skills
Minimum of 6 years’ experience managing information security programs in government or similar environments; designing and implementing IT security solutions; deep understanding of security threats and preventative measures. Familiarity with cyber-security frameworks such as NIST, CIS Controls, PCI-DSS, CCM, etc.; strong knowledge of LAN/WAN, systems administration, Active Directory, PowerShell, group policy, virtualization, cloud and IT security technologies. Experience with systems access management, change management, security monitoring and intrusion detection, vulnerability management, endpoint security management, cloud security, data loss prevention, encryption, disaster recovery, data management, physical security, vendor management. Experience with tools such as CrowdStrike, McAfee, Pulse Secure, Cisco; familiarity with Windows Server, Rapid7, MS Office 365, Endpoint Security and Enterprise Mobility in the cloud; holding IT security certifications (e.g., Security+, CISSP, CISA, CISM, CySA+, CRISC, C-CISO, SSCP, CASP, CEH, GIAC) or equivalent. Additional Information
55a Program: This position is also open to qualified persons with a disability who are eligible for the 55-a Program. Please indicate at the top of your resume and cover letter that you would like to be considered for the position through the 55-a Program. Public Service Loan Forgiveness: You may be eligible for federal loan forgiveness programs and state repayment assistance programs. For more information, visit studentaid.gov/pslf/. Residency Requirement: New York City Residency is not required for this position. EEO: The City of New York is an inclusive equal opportunity employer committed to recruiting and retaining a diverse workforce and providing a work environment free from discrimination and harassment based on protected status or characteristic. Compensation: $114,930.00 – $173,473.00 Job Details
Seniority level: Executive Employment type: Full-time Job function: Information Technology Industries: Government Administration
#J-18808-Ljbffr