Deputy Ciso Governance, Risk & Compliance

The Office of Technology and Innovation (OTI) oversees all Citywide technology, privacy, cybersecurity, infrastructure, and telecommunications to ensure the security of, and enhance, City operations and service delivery to New York City's residents, businesses, employees, and visitors. As the City's technology and innovation leader, OTI is responsible for operating, maintaining, and securing IT infrastructure and systems that touch every aspect of City life from public safety to human services, from education to economic development crossing the full spectrum of governmental operations.

Reporting to the Citywide Chief Information Security Officer (CISO), the Deputy CISO for Governance, Risk & Compliance (GRC) provides leadership, executive support, strategic and tactical guidance, and complete execution for the GRC program for Cyber Command. The Deputy CISO will lead an adaptable and secure business-supporting cybersecurity team of audit, compliance, risk and policy analysts. The Deputy CISO will be responsible for identifying, evaluating and reporting on information security risks, in addition to influencing and implementing tools and practices to enhance processes related to third-party risk management, agency compliance, and audit engagement. The position requires a diverse background to understand a variety of systems, including new technologies and legacy systems considered business critical.

The Deputy CISO for Governance, Risk & Compliance will:

• Oversee the implementation and maintenance of policies, as well as a comprehensive controls framework to ensure technical systems and information assets are protected;

• Direct and conduct ongoing risk analysis organization-wide to uphold the GRC program;

• Lead a team dedicated to an ongoing security maturation program, where areas of strength are amplified and areas needing improvement are documented;

• Partner with business units when onboarding solutions to ensure adequate controls are available and enabled in production;

• Oversee audit and compliance mechanisms to measure and enforce alignment with citywide cybersecurity requirements;

• Oversee governance and tracking of remediation requirements from agency assessments;

• Oversee findings brought forward through the risk mitigation and acceptance program and report to security leadership where gaps exist;

• Engage in continuous professional development with team management, honing direction as well as strategic plans;

• Maintain a high degree of knowledge with current and proposed security changes impacting regulatory, privacy and security industry best practice guidance;

• Manage special projects and initiatives as assigned.

Minimum Qualifications

1.A baccalaureate degree from an accredited college including or supplemented by 24 credits in the field of voice and/or data telecommunications or in a pertinent scientific, technical, electronic or related area, and four years of satisfactory fulltime experience in the performance of analytical, planning, operational, technical, or administrative duties in a voice and/or data telecommunications or closely related electronics planning, management, and/or service organization, one year of which must have been in a highly specialized capacity and 18 months must have been in an executive, managerial, or administrative capacity or in the supervision of staff performing work in the voice and/or data telecommunications field; or

2.An associate degree from an accredited college including or supplemented by 12 credits in the field of voice and/or data telecommunications or in a pertinent, scientific, technical, electronic or related area and five years of experience as described in "1" above; or

3.Education and/or experience equivalent to "1" above. However, all candidates must have at least a four-year high school diploma or its educational equivalent and one year of the specialized experience as described in "1" above and must possess the 18 months of executive, managerial, administrative or supervisory experience as described in "1" above.

Preferred Skills

The preferred candidate should possess the following: - 10+ years' experience in cybersecurity or information security

• Demonstrated leadership experience and thorough understanding of various regulatory requirements and laws

• Proven project leadership with both legacy and emerging technologies to assess and manage business risk and enforce security controls

• Proven understanding of business focus and processes, and ability to inject cybersecurity into the business through teamwork and influence

• Strong team and organizational management skills, and track record of delivering projects under tight deadlines

• High level of integrity and trustworthiness, as well as confidence to represent the company and security leadership with the highest level of professionalism

• Knowledge of security frameworks such as NIST CSF, NIST SP 800-53, PCI, and CJIS. CISSP, CISM, CISA, CRISC, GSLC preferable

• Outstanding written and verbal communication skills

• Self-motivated with a commitment to learning and continuous improvement.

55a Program

This position is also open to qualified persons with a disability who are eligible for the 55-a Program. Please indicate at the top of your resume and cover letter that you would like to be considered for the position through the 55-a Program.

Residency Requirement

New York City residency is generally required within 90 days of appointment. However, City Employees in certain titles who have worked for the City for 2 continuous years may also be eligible to reside in Nassau, Suffolk, Putnam, Westchester, Rockland, or Orange County. To determine if the residency requirement applies to you, please discuss with the agency representative at the time of interview.

Additional Information

The City of New York is an inclusive equal opportunity employer committed to recruiting and retaining a diverse workforce and providing a work environment that is free from discrimination and harassment based upon any legally protected status or protected characteristic, including but not limited to an individual's sex, race, color, ethnicity, national origin, age, religion, disability, sexual orientation, veteran status, gender identity, or pregnancy.