Senior Director Of Governance, Risk & Compliance (Grc)

The Office of Technology and Innovation (OTI) leverages technology to drive opportunity, improve public safety, and help government run better across New York City. From delivering affordable broadband to protecting against cybersecurity threats and building digital government services, OTI is at the forefront of how the City delivers for New Yorkers in the 21st century. Watch our welcome video to see our work in action, follow us on social media @NYCOfficeofTech, and visit oti.nyc.gov to learn more.

At OTI, we offer great benefits, and the chance to work on projects that have a meaningful impact on millions of people. You'll have the opportunity to work with cutting-edge technology, and collaborate with other passionate professionals who share your drive and commitment to making a difference through technology.

The Cyber Senior Director of Governance, Risk & Compliance (GRC) will be working closely with Cyber Command's leadership team. The Cyber Senior Director will provide leadership, executive support, strategic and tactical guidance to help shape the cyber governance, risk and compliance program citywide. The Senior Director will be responsible for identifying, evaluating and reporting on information security risks, in addition to influencing and implementing tools and practices to enhance processes related to third-party risk management, and agency compliance. The position requires a diverse background to understand a variety of systems, including new technologies and legacy systems considered business critical.

Responsibilities will include but are not limited to:

• Assist in managing and supervising the planning and execution of citywide cybersecurity risk and compliance programs;

• Direct and conduct ongoing risk analysis organization-wide to uphold the GRC program and risk register;

• Partner with business units to drive ongoing security maturation programs and ensure areas needing improvement are documented;

• Oversee mechanisms to measure and enforce alignment with citywide cybersecurity requirements;

• Oversee governance and tracking of remediation requirements from agency assessments;

• Oversee findings brought forward through security assessments and report to security leadership where gaps or issues exist and recommend corrective actions;

• Collaborate with Cyber Operations to recommend security program improvements and roadmaps for agencies;

• Lead the continuous review of cybersecurity programs and processes to determine compliance with Citywide and NYC3 published cybersecurity policies and standards;

• Review IT contracts and ensure Citywide cybersecurity requirements are properly included in contract language;

• Engage in communications to assist Agencies in complying with the policies and standards;

• Maintain a high degree of knowledge with current and proposed security changes impacting regulatory, privacy and security industry best practice guidance;

• Manage special projects and initiatives as assigned.

HOURS/SHIFT: Day

• Due to the necessary technical duties of this position in a 24/7 operation, candidate may be required to be on call and/or work various shifts such as weekends and/or nights/evenings.

WORK LOCATION: BROOKLYN, NY

TO APPLY

Special Note: Taking and passing civil service exams are necessary to maintain employment with the City of New York. Please check the Department of Citywide Administrative Services (DCAS) website (http://www.nyc.gov/html/dcas/html/work/exam_monthly.shtml) for important exam filing information. Please ensure that you are either a permanent employee in the civil service title listed on this posting, or, that you file for the examination when there is an open filing period. For more information regarding the civil service process, please visit the DCAS website at: http://www.nyc.gov/html/dcas/html/work/work.shtml

• Interested applicants with other civil service titles who meet the preferred requirements should also submit a resume for consideration.

Please go to www.cityjobs.nyc.gov and search for Job ID #637066

SUBMISSION OF A RESUME IS NOT A GUARANTEE THAT YOU WILL RECEIVE AN INTERVIEW

APPOINTMENTS ARE SUBJECT TO OVERSIGHT APPROVAL

This position is open to qualified persons with a disability who are eligible for the 55-a Program.

Please indicate in your cover letter that you would like to be considered for the position under the 55-a program.

OTI participates in E-Verify

Minimum Qualifications

1.A baccalaureate degree from an accredited college including or supplemented by 24 credits in the field of voice and/or data telecommunications or in a pertinent scientific, technical, electronic or related area, and four years of satisfactory fulltime experience in the performance of analytical, planning, operational, technical, or administrative duties in a voice and/or data telecommunications or closely related electronics planning, management, and/or service organization, one year of which must have been in a highly specialized capacity and 18 months must have been in an executive, managerial, or administrative capacity or in the supervision of staff performing work in the voice and/or data telecommunications field; or

2.An associate degree from an accredited college including or supplemented by 12 credits in the field of voice and/or data telecommunications or in a pertinent, scientific, technical, electronic or related area and five years of experience as described in "1" above; or

3.Education and/or experience equivalent to "1" above. However, all candidates must have at least a four-year high school diploma or its educational equivalent and one year of the specialized experience as described in "1" above and must possess the 18 months of executive, managerial, administrative or supervisory experience as described in "1" above.

Preferred Skills

The successful candidate should possess the following: - Bachelor's degree in information systems, Computer Science, Risk Management, Business, Law or a related field

• A minimum of 7 years of experience in IT/cybersecurity, risk management or IT auditing and compliance

• Demonstrated leadership experience and thorough understanding of various regulatory requirements and laws

• Proven project leadership with both legacy and emerging technologies to assess and manage business risk and enforce security controls

• Proven understanding of business focus and processes, and ability to inject cybersecurity into the business through teamwork and influence

• Strong team and organizational management skills, and track record of delivering projects under tight deadlines

• High level of integrity and trustworthiness, as well as confidence to represent the organization and security leadership with the highest level of professionalism

• Knowledge of security frameworks such as NIST CSF, NIST SP 800-53, PCI, and CJIS. CISSP, CISM, CISA, CRISC, GSLC preferable

• Outstanding written and verbal communication skills, including the ability to explain complex technical and non-technical issues in plain language

• Self-motivated with a commitment to learning and continuous improvement.

Residency Requirement

New York City residency is generally required within 90 days of appointment. However, City Employees in certain titles who have worked for the City for 2 continuous years may also be eligible to reside in Nassau, Suffolk, Putnam, Westchester, Rockland, or Orange County. To determine if the residency requirement applies to you, please discuss with the agency representative at the time of interview.

Additional Information

The City of New York is an inclusive equal opportunity employer committed to recruiting and retaining a diverse workforce and providing a work environment that is free from discrimination and harassment based upon any legally protected status or protected characteristic, including but not limited to an individual's sex, race, color, ethnicity, national origin, age, religion, disability, sexual orientation, veteran status, gender identity, or pregnancy.