The New York Public Library
Associate Director, Cybersecurity
The New York Public Library, New York, New York, United States, 10001
Associate Director, Cybersecurity
NYPL Technology supports the Library's mission through robust IT services, including business applications, desktop support, networking, systems, and cybersecurity. The Cybersecurity team safeguards personally identifiable information (PII) and critical systems across the Library. The Associate Director, Cybersecurity is a hands-on technical leader responsible for NYPL's cybersecurity operations and team. This role requires both strategic oversight and direct execution
from managing security tools and incident response to communicating risks and building cross-functional alignment. The role also partners closely with the IT Policy and Strategy team to embed cybersecurity awareness and operational practices across the organization. We are looking for someone we can count on to: Leadership of NYPL's cybersecurity team and daily operations Technical architecture and administration of the cybersecurity ecosystem Relationships with business partners, vendors, and government entities Communication of cybersecurity posture to senior leadership Cybersecurity KPIs, OKRs, and roadmap planning Teach: Mentor cybersecurity staff and build organization-wide awareness Guide teams in understanding and balancing risk Partner with IT and business units to promote security-by-design Learn: The Library's unique public-sector responsibilities and dynamics Evolving regulatory and community expectations How to right-size tools and processes for transparency, scale, and resilience Improve: Operational efficiency and incident response maturity Cross-functional collaboration and communication Public trust in NYPL's cybersecurity leadership Some expectations for this role are that within: One month, this person will: Directly review current network topology, configurations, and circuit health across 90+ sites Log into and inspect FortiManager, FortiAnalyzer, and FortiGate firewall policies Validate AWS networking setup including VPN tunnels, security groups, and routing tables Shadow the team during real-time incident response and review escalated network tickets Assess monitoring and alerting workflows (SolarWinds, Cacti, etc.) for gaps or noise Three months, this person will: Personally lead a review and cleanup of legacy switch/router configs and firewall rules Optimize alert thresholds and performance dashboards across network monitoring tools Audit AWS VPC structure and VPN connectivity for resiliency and best practices Introduce configuration or automation improvements based on early observations Report on baseline network health, ticket trends, and team responsiveness with recommendations Six months and beyond, this person will: Architect and implement targeted improvements (e.g., circuit upgrades, core switch refresh, AWS route tuning) Lead technical planning for capital projects, wiring closet rebuilds, and site expansions Serve as Tier-3 hands-on escalation for complex or recurring network incidents Validate network security controls (segmentation, NAC, remote access) across all layers Deliver measurable gains in uptime, response time, and documentation maturity Responsibilities Core Responsibilities Develop and enforce cybersecurity policies, procedures, and standards Lead threat detection, investigation, and response efforts across the organization Administer and optimize NYPL's cybersecurity tools, including EDR, NDR, and phishing defense platforms Analyze security alerts and threat intel to drive real-time response and containment Conduct hands-on technical reviews of security events, response workflows, and emerging risks Coordinate audits, tabletop exercises, and maturity assessments Report on cybersecurity posture, risk trends, and incidents to senior leadership Collaboration & Communication Build alignment with stakeholders to balance security and operations Liaise with NYC Cyber Command, Physical Security, and law enforcement Advance cybersecurity awareness across the organization Partner with IT and business leads to close security gaps Lead complex, cross-functional cybersecurity initiatives Maintain trust through clear, timely communication during incidents Required Education, Experience & Skills
Required Education & Certifications Bachelor's degree or combination of education and work experience Required Experience 8+ years administering technology in widely distributed or decentralized organizations 5+ years in a cybersecurity leadership role with direct stakeholder engagement responsibilities 5+ years managing teams in complex, cross-functional environments Demonstrated experience operating in public sector, non-profit, or highly regulated settings Proven ability to lead and influence implementation of new cybersecurity policies and procedures across diverse teams Strong hands-on experience with vulnerability management, network security, and systems security Familiarity with building and scaling cybersecurity programs from both strategic and operational perspectives Deep knowledge of NIST, ISO, or similar cybersecurity frameworks and how to apply them in real-world business contexts Experience navigating regulatory compliance, public sector governance, and politically sensitive environments Track record of leading cross-functional initiatives with multiple stakeholders, including boards, government agencies, and community partners Required Skills Exceptional written and verbal communication skills; able to tailor complex security topics for technical teams, business stakeholders, and executive leadership Strong critical thinking and problem-solving abilities, with a track record of delivering solutions under tight budget and resource constraints Deep understanding of risk management with pragmatic, business-aligned remediation strategies Demonstrated ability to influence without authority across complex organizational structures High emotional intelligence and the ability to navigate organizational dynamics and manage change Skilled at building consensus among diverse stakeholder groups with competing priorities Experience translating technical risk into business impact for non-technical audiences, including executives and board members Familiarity with public sector environments, including political and community considerations Broad hands-on expertise across core Information Security domains, including: Incident Response BCP/DR Endpoint protection (AV/MDR) Security monitoring and SIEM Log aggregation WAF and firewall management Patch and vulnerability management Penetration testing and incident response coordination Managerial/Supervisory Responsibilities Direct management of a team with focus on developing both technical and soft skills. This position reports to the Senior Director, ITIO & Cybersecurity and coordinates executive communications through established IT leadership and communication channels.
NYPL Technology supports the Library's mission through robust IT services, including business applications, desktop support, networking, systems, and cybersecurity. The Cybersecurity team safeguards personally identifiable information (PII) and critical systems across the Library. The Associate Director, Cybersecurity is a hands-on technical leader responsible for NYPL's cybersecurity operations and team. This role requires both strategic oversight and direct execution
from managing security tools and incident response to communicating risks and building cross-functional alignment. The role also partners closely with the IT Policy and Strategy team to embed cybersecurity awareness and operational practices across the organization. We are looking for someone we can count on to: Leadership of NYPL's cybersecurity team and daily operations Technical architecture and administration of the cybersecurity ecosystem Relationships with business partners, vendors, and government entities Communication of cybersecurity posture to senior leadership Cybersecurity KPIs, OKRs, and roadmap planning Teach: Mentor cybersecurity staff and build organization-wide awareness Guide teams in understanding and balancing risk Partner with IT and business units to promote security-by-design Learn: The Library's unique public-sector responsibilities and dynamics Evolving regulatory and community expectations How to right-size tools and processes for transparency, scale, and resilience Improve: Operational efficiency and incident response maturity Cross-functional collaboration and communication Public trust in NYPL's cybersecurity leadership Some expectations for this role are that within: One month, this person will: Directly review current network topology, configurations, and circuit health across 90+ sites Log into and inspect FortiManager, FortiAnalyzer, and FortiGate firewall policies Validate AWS networking setup including VPN tunnels, security groups, and routing tables Shadow the team during real-time incident response and review escalated network tickets Assess monitoring and alerting workflows (SolarWinds, Cacti, etc.) for gaps or noise Three months, this person will: Personally lead a review and cleanup of legacy switch/router configs and firewall rules Optimize alert thresholds and performance dashboards across network monitoring tools Audit AWS VPC structure and VPN connectivity for resiliency and best practices Introduce configuration or automation improvements based on early observations Report on baseline network health, ticket trends, and team responsiveness with recommendations Six months and beyond, this person will: Architect and implement targeted improvements (e.g., circuit upgrades, core switch refresh, AWS route tuning) Lead technical planning for capital projects, wiring closet rebuilds, and site expansions Serve as Tier-3 hands-on escalation for complex or recurring network incidents Validate network security controls (segmentation, NAC, remote access) across all layers Deliver measurable gains in uptime, response time, and documentation maturity Responsibilities Core Responsibilities Develop and enforce cybersecurity policies, procedures, and standards Lead threat detection, investigation, and response efforts across the organization Administer and optimize NYPL's cybersecurity tools, including EDR, NDR, and phishing defense platforms Analyze security alerts and threat intel to drive real-time response and containment Conduct hands-on technical reviews of security events, response workflows, and emerging risks Coordinate audits, tabletop exercises, and maturity assessments Report on cybersecurity posture, risk trends, and incidents to senior leadership Collaboration & Communication Build alignment with stakeholders to balance security and operations Liaise with NYC Cyber Command, Physical Security, and law enforcement Advance cybersecurity awareness across the organization Partner with IT and business leads to close security gaps Lead complex, cross-functional cybersecurity initiatives Maintain trust through clear, timely communication during incidents Required Education, Experience & Skills
Required Education & Certifications Bachelor's degree or combination of education and work experience Required Experience 8+ years administering technology in widely distributed or decentralized organizations 5+ years in a cybersecurity leadership role with direct stakeholder engagement responsibilities 5+ years managing teams in complex, cross-functional environments Demonstrated experience operating in public sector, non-profit, or highly regulated settings Proven ability to lead and influence implementation of new cybersecurity policies and procedures across diverse teams Strong hands-on experience with vulnerability management, network security, and systems security Familiarity with building and scaling cybersecurity programs from both strategic and operational perspectives Deep knowledge of NIST, ISO, or similar cybersecurity frameworks and how to apply them in real-world business contexts Experience navigating regulatory compliance, public sector governance, and politically sensitive environments Track record of leading cross-functional initiatives with multiple stakeholders, including boards, government agencies, and community partners Required Skills Exceptional written and verbal communication skills; able to tailor complex security topics for technical teams, business stakeholders, and executive leadership Strong critical thinking and problem-solving abilities, with a track record of delivering solutions under tight budget and resource constraints Deep understanding of risk management with pragmatic, business-aligned remediation strategies Demonstrated ability to influence without authority across complex organizational structures High emotional intelligence and the ability to navigate organizational dynamics and manage change Skilled at building consensus among diverse stakeholder groups with competing priorities Experience translating technical risk into business impact for non-technical audiences, including executives and board members Familiarity with public sector environments, including political and community considerations Broad hands-on expertise across core Information Security domains, including: Incident Response BCP/DR Endpoint protection (AV/MDR) Security monitoring and SIEM Log aggregation WAF and firewall management Patch and vulnerability management Penetration testing and incident response coordination Managerial/Supervisory Responsibilities Direct management of a team with focus on developing both technical and soft skills. This position reports to the Senior Director, ITIO & Cybersecurity and coordinates executive communications through established IT leadership and communication channels.