Chief Information Security Officer

$168,000 - $179,200/Yr

City of New York - New York, NY

posted 5 months ago

Full-time - Senior
New York, NY
Executive, Legislative, and Other General Government Support

About the position

The Office of the Comptroller's Bureau of Information Systems is seeking a Chief Information Security Officer (CISO) to lead the implementation and management of information security controls that will enhance the Agency's overall information security posture. The CISO will work under the direction of the Chief Information Officer (CIO) and will be responsible for integrating information security controls and promoting overall information security awareness across all departments and units. This role is critical in ensuring compliance of IT systems, applications, and networks with established security policies and information protection strategies. The successful candidate will develop, publish, and maintain the Agency's information security policies, standards, procedures, and guidelines, while also providing technical guidance and training to information owners and agency IT teams. In addition to policy development, the CISO will design and implement programs aimed at increasing user awareness and ensuring security compliance monitoring. The candidate will analyze potential security risks or breaches and implement widely accepted and automated technologies to mitigate these risks and enhance security systems for effective defense. The responsibilities of the CISO will include overseeing Cyber Security Governance and Controls, leading the development of Cyber Security Policies, Procedures, and Standards, and making recommendations to the CIO based on risk analysis and assessments. The CISO will also manage the daily use and administration of strategic cyber risk and long-term threat intelligence products, develop communications for end users and stakeholders regarding cyber security issues, and oversee participation in relevant audits. The CISO will be expected to plan and execute regular incident response and postmortem exercises, manage relationships related to cyber security with public and federal entities, and evaluate budgets to justify the costs of cyber security upgrades. Staying current with new threats and advanced threat detection techniques is essential, as is performing other related assignments and special projects as required.

Responsibilities

  • Oversee Cyber Security Governance and Controls.
  • Lead the development of Comptroller's Office Cyber Security Policies, Procedures and Standards review and refresh.
  • Implement Controls and Compliance to enforce hardening of networks, endpoints and applications.
  • Make recommendations to the Chief Information Officer on an information security roadmap based on risk analysis and assessments for current state and future state of information security posture.
  • Manage the daily use and administration of strategic cyber risk and long-term threat intelligence products.
  • Lead in developing communications for Comptroller's Office end users and stakeholders around cyber security issues.
  • Develop and implement a user cybersecurity awareness and training program.
  • Oversee sustained and successful participation by IT security in any cyber security relevant audits; perform threat modeling and subsequent risk mitigation.
  • Plan and execute regular incident response and postmortem exercises.
  • Manage cyber security private/public and Federal/City relationships; and manage special cyber security projects, as assigned.
  • Evaluate budgets to determine and justify the cost of cyber security upgrades.
  • Stay current with and remain knowledgeable on new threats and advanced threat detection techniques.
  • Perform other related assignments and special projects as may be required.

Requirements

  • A master's degree in computer science from an accredited college or university and three (3) years of progressively more responsible, full-time, satisfactory experience in Information Technology (IT) including applications development, systems development, data communications and networking, database administration, data processing, or user services. At least eighteen (18) months of this experience must have been in an administrative, managerial or executive capacity in the areas of applications development, systems development, data communications and networking, database administration, data processing or in the supervision of staff performing these duties.
  • A baccalaureate degree from an accredited college or university and four (4) years of progressively more responsible, full-time, satisfactory experience as described in "1" above.
  • A four-year high school diploma or its educational equivalent, and six (6) years of progressively more responsible, full-time, satisfactory experience as described in "1" above.
  • A satisfactory combination of education and experience equivalent to "1", "2" or "3" above. However, all candidates must have at least a four-year high school diploma or its educational equivalent and must possess at least three (3) years of experience as described in "1" above, including the eighteen (18) months of administrative, managerial, executive or supervisory experience as described in "1" above.

Nice-to-haves

  • Seven+ years of network or security operational experience, including at least 2 years in a senior management/Director level position in an IT enterprise environment, or cyber security focused organization.
  • Significant and demonstrated capabilities to assess organizational cyber security hygiene, quantify cyber risk in a prioritized schema, and recommend tactical and strategic courses of action to executive leadership.
  • Experience in executing cyber security uplift in government, financial services or professional services industry.
  • Demonstrable knowledge of information security technologies, networking and network and systems architecture.
  • Deep and hands-on understanding of the current cyber threat landscape, attack methodologies, and risk mitigation/remediation methods experience in cyber forensics and highly complex threat analyses.
  • Possess CISSP, CISM, and/or other information security and information security management certifications.
  • Knowledge of common information security management frameworks, such as NIST or other data security standards or widely accepted information security recommended actions.
  • In-depth knowledge of complex network architecture, internet connectivity and DMZ hosting strategies.
  • Track record of applying innovation successfully in technology environments.
  • Excellent written and verbal communication skills.

Benefits

  • Public Service Loan Forgiveness eligibility for federal loan forgiveness programs and state repayment assistance programs.

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service