Cyber Risk Analyst, Office of Chief Information Officer

OPEN TO PERMANENT CYBER SECURITY ANALYST AND THE QUALIFIED CANDIDATES WHO FILES FOR THE EXAM MAY BE ELIGIBLE TO APPLY>

Established in , the New York City Department of Health and Mental Hygiene (the NYC Health Department) is the oldest and largest health department in the country.

Our mission is to protect and improve the health of all New Yorkers, in service of a vision of a city in which all New Yorkers can realize their full health potential, regardless of who they are, how old they are, where they are from, or where they live.

As a world-renowned public health agency with a history of building transformative public health programming and infrastructure, innovating in science and scholarship to advance public health knowledge, and responding to urgent public health crises from New York City’s yellow fever outbreak in , to the COVID-19 pandemic we are a hub for public health innovation, expertise, and programs, and services.

We serve as the population health strategist, and policy, and planning authority for the City of New York, while also having a vast impact on national and international public policy, including programs and services focused on food and nutrition, anti-tobacco support, chronic disease prevention, HIV / AIDS treatment, family and child health, environmental health, mental health, and racial and social justice work, among others.

Our Agency’s five strategic priorities, building off a recently-completed strategic planning process emerging from the COVID-19 emergency, are :

1) To re-envision how the Health Department prepares for and responds to health emergencies, with a focus on building a response-ready organization, with faster decision-making, transparent public communications, and stronger surveillance and bridges to healthcare systems 2) Address and prevent chronic and diet-related disease, including addressing rising rates of childhood obesity and the impact of diabetes, and transforming our food systems to improve nutrition and enhance access to healthy foods.

3) Address the second pandemic of mental illness including : reducing overdose deaths, strengthening our youth mental health systems, and supporting people with serious mental illness

4) Reduce black maternal mortality and make New York a model city for women’s health

5) Mobilize against and combat the health impacts of climate change

Our 7,-plus team members bring extraordinary diversity to the work of public health. True to our value of equity as a foundational element of all of our work, and a critical foundation to achieving population health impact in New York City, the NYC Health Department has been a leader in recognizing and dismantling racism’s impacts on the health of New Yorkers and beyond.

In , the NYC Board of Health declared racism as a public health crisis. With commitment to advance anti-racist public health practices that dismantle systems that perpetuate inequitable power, opportunity and access, the NYC Health Department continues to work in and with communities and community organizations to increase their access to health services and decrease avoidable health outcomes.

The Division of Information Technology (DIT) aims to align technology solutions with the DOHMH mission by prioritizing resource use and deploying innovations that facilitate the agency's day-to-day activities and enhance staff productivity and efficiency.

Our goal is to provide users with a reliable, stable, and safe computing environment, through the collaboration of : The Bureau of Technology Strategy & Project Management The Bureau of Network Technology & Telecommunication Services The Office of Information Security The Office of IT Administration The Office of Information Security The Office of Information Security (OIS)leads the implementation of an integrated, modern, framework-based security program across the Department of Health and Mental Hygiene to preserve the integrity of agency services and protect sensitive business data from current and emerging cyber threats, and to preserve the reputation of the agency and its ability to protect and promote the health of all New Yorkers.

Driven by information about attackers, using a risk-based and cost-effective approach, investments will be made in people, processes, and technology to prevent and respond to cyber threats.

We are seeking a dynamic Cybersecurity Risk Analyst to play a pivotal role in enhancing our cybersecurity program. If you excel in identifying and mitigating risks across diverse technology domains, ensuring timely resolution of risk assessment tickets, and possess a relentless commitment to staying abreast of the latest cybersecurity knowledge and trends, we want to hear from you.

DUTIES WILL INCLUDE BUT NOT BE LIMITED TO :

Risk Identification and Resolution : Collaborate with cross-functional teams to identify and assess cybersecurity risks associated with digital operations, applications, cloud solutions, firewalls, IoT devices, software, custom development, and technology acquisitions.

Fulfill risk assessment tickets in a timely manner, ensuring accurate documentation and meeting go-live conditions.

Third-party Risk Management : Stay abreast of the latest security, privacy, and regulatory concerns, ensuring a proactive approach to third-party risk management.

Advise the organization on security and privacy provisions within agreements or contracts, responding to changes requested by third parties to ensure compliance and data protection.

Develop and implement efficient processes for risk acceptances, balancing business needs with cybersecurity requirements for various technology domains.

Continuous Process Improvement in Risk Assessment : Lead initiatives to enhance the efficiency and effectiveness of risk assessment processes.

Regularly assess the methodology and tools used for risk assessment, identifying areas for improvement to ensure continuous alignment with industry best practices.

Implement improvements in risk assessment workflows, ensuring they remain adaptive to emerging cybersecurity threats for all technology domains.

Staying Abreast of Cybersecurity Knowledge and Trends : Proactively monitor and analyze the latest cybersecurity threats, vulnerabilities, and attack vectors.

Stay current with industry best practices, emerging technologies, and evolving regulatory requirements to ensure our cybersecurity measures remain at the forefront of the field.

Engage in continuous learning through participation in industry conferences, workshops, and professional development opportunities to expand your knowledge base.

Technology Assessments : Collaborate with IT project management and operational teams to conduct thorough security analyses encompassing a diverse range of technologies.

This includes, but is not limited to, cloud solutions, network security, connected devices, software applications, custom development projects, and technology acquisitions.

Implement and maintain security metrics to analyze risks and identify opportunities for reducing vulnerabilities in different technology domains.

Stakeholder Collaboration : Collaborate with internal and external stakeholders to obtain disposition of various technology solutions, updating the organization's inventory list and ensuring a comprehensive understanding of security measures across the enterprise.

IMPORTANT NOTES TO ALL CANDIDATES :

Please note : If you are called for an interview you will be required to bring to your interview copies of original documentation, such as :

• A document that establishes identity for employment eligibility, such as : A Valid U.S. Passport, Permanent Resident Card / Green Card, or Driver’s license.
• Proof of Education according to the education requirements of the civil service title.
• Current Resume
• Proof of Address / NYC Residency dated within the last 60 days, such as : Recent Utility Bill (i.e. Telephone, Cable, Mobile Phone)

Additional documentation may be required to evaluate your qualification as outlined in this posting’s Minimum Qualification Requirements section.

Examples of additional documentation may be, but not limited to : college transcript, experience verification or professional trade licenses.

If after your interview you are the selected candidate you will be contacted to schedule an on-boarding appointment. By the time of this appointment you will be asked to produce the originals of the above documents along with your original Social Security card.

LOAN FORGIVENESS

As a prospective employee of the City of New York, you may be eligible for federal loan forgiveness programs and state repayment assistance programs.

For more information, please visit the U.S. Department of Education’s website at StudentAid.gov / PSLF.

FINAL APPOINTMENTS ARE SUBJECT TO OFFICE OF MANAGEMENT & BUDGET APPROVAL

This position MAY be eligible for remote work up to two days per week, pursuant to the Remote Work Pilot Program.

Minimum Qualifications

1. A baccalaureate degree, from an accredited college including or supplemented by twenty-four semester credits in cyber security, network security, computer science, computer programming, computer engineering, information technology, information science, information systems management, network administration, or a pertinent scientific, technical or related area; or

2. A four-year high school diploma or its equivalent approved by a State’s department of education or a recognized accrediting organization and three years of satisfactory experience in any of the areas described in 1 above; or

3. Education and / or experience equivalent to 1 or 2 , above. College education may be substituted for up to two years of the required experience in 2 above on the basis that sixty semester credits from an accredited college is equated to one year of experience.

In addition, twenty-four credits from an accredited college or graduate school in cyber security, network security, computer science, computer programming, computer engineering, information technology, information science, information systems management, network administration, or a pertinent scientific, technical or related area;

or a certificate of at least hours in computer programming from an accredited technical school (post high school), may be substituted for one year of experience.

Preferred Skills

In addition to the foundational skills mentioned earlier, an experienced candidate should also possess : Demonstrated experience in leading cybersecurity initiatives and driving risk-based decision-making across diverse technology domains.

Proven ability to assess and communicate complex cybersecurity concepts to stakeholders at all levels of the organization.

Extensive knowledge of security controls, frameworks, and industry standards, with a focus on continuous improvement. Highly Desired : Bachelor's degree in information technology or Computer Science.

Industry-recognized certifications within information security and privacy domains (e.g., CISSP, GIAC, CISM, CISA, CIPP, CTPRP, CCSP, etc.

5+ years of experience in an IT computer-related field.3+ years of experience with Cybersecurity efforts and emerging technology aligned with the Risk.

55a Program

This position is also open to qualified persons with a disability who are eligible for the 55-a Program. Please indicate at the top of your resume and cover letter that you would like to be considered for the position through the 55-a Program.

Residency Requirement

New York City residency is not required for this title.