About New York City Cyber Command
New York City Cyber Command (NYC3) was created in 2017 by Executive Order to lead the city’s cyber defense efforts, working across more than 100 agencies and offices to prevent, detect, respond, and recover from cyber threats. New York City Cyber Command (NYC3) is committed to protecting City infrastructure and critical systems from cyber threats, and helping residents become safer in their digital lives.
As the organization defending the largest municipality in the country, NYC3 is charged with directing citywide incident response, setting citywide cybersecurity policies and standards, and working with city agencies to strengthen their cyber defenses.
About the Position
This position description is based on the National Initiative for Cybersecurity Education (NICE) Workforce Framework that categorizes and describes cybersecurity work across sectors using a consistent taxonomy and common lexicon. The Cybersecurity Audit Analyst will work with the Director of Audit within Cyber Command and across City agencies to ensure compliance with cybersecurity policies and standards.
Work Role Definition and Select Tasks
Conducts evaluations of cybersecurity programs or their individual components at the direction of the Director of Audit to determine compliance with published standards.
– Monitor and measure risk, compliance, and assurance efforts;
– Provide ongoing optimization and problem-solving support;
– Provide recommendations for possible improvements and upgrades;
– Review or conduct audits of cybersecurity programs and projects;
– Review service performance reports identifying any significant issues and variances, initiating, where necessary, corrective actions and ensuring that all outstanding issues are followed up;
– Ensure that cybersecurity requirements are included in contract language and delivered.
Minimum Qual Requirements
1. A baccalaureate degree, from an accredited college including or supplemented by twenty-four (24) semester credits in cyber security, network security, computer science, computer programming, computer engineering, information technology, information science, information systems management, network administration, or a pertinent scientific, technical or related area; or
2. A four-year high school diploma or its equivalent approved by a State’s department of education or a recognized accrediting organization and three years of satisfactory experience in any of the areas described in “1” above; or
3. Education and/or experience equivalent to “1” or “2”, above. College education may be substituted for up to two years of the required experience in “2” above on the basis that sixty (60) semester credits from an accredited college is equated to one year of experience. In addition, twenty-four (24) credits from an accredited college or graduate school in cyber security, network security, computer science, computer programming, computer engineering, information technology, information science, information systems management, network administration, or a pertinent scientific, technical or related area; or a certificate of at least 625 hours in computer programming from an accredited technical school (post high school), may be substituted for one year of experience.
The preferred candidate should possess the following:
– Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy;
– Knowledge of cybersecurity and privacy principles;
– Knowledge of cyber threats and vulnerabilities;
– Knowledge of specific operational impacts of cybersecurity lapses;
– Knowledge of industry-standard and organizationally accepted analysis principles and methods;
– Knowledge of information technology (IT) architectural concepts and frameworks;
– Knowledge of Risk Management Framework (RMF) requirements;
– Knowledge of Supply Chain Risk Management Practices (NIST SP 800-161);
– Knowledge of risk/threat assessment;
– Knowledge of service management concepts for networks and related standards (e.g., Information Technology Infrastructure Library, current version [ITIL]);
– Knowledge of how to leverage research and development centers, think tanks, academic research, and industry systems;
– Skill in identifying measures or indicators of system performance and the actions needed to improve or correct performance, relative to the goals of the system;
– Skill in conducting audits or reviews of technical systems;
– Ability to ensure cybersecurity policies and standards are implemented and compliance is tracked.
Special Note: Taking and passing civil service exams are necessary to maintain employment with the City of New York. Please check the Department of Citywide Administrative Services (DCAS) website (http://www.nyc.gov/html/dcas/html/work/exam_monthly.shtml) for important exam filing information. Please ensure that you are either a permanent employee in the civil service title listed on this posting, or, that you file for the examination when there is an open filing period. For more information regarding the civil service process, please visit the DCAS website at: http://www.nyc.gov/html/dcas/html/work/work.shtml
* Interested applicants with other civil service titles who meet the preferred requirements should also submit a resume for consideration
For City employees, please go to Employee Self Service (ESS), click on Recruiting Activities > Careers, and search for Job ID #445309
For all other applicants, please go to www.nyc.gov/jobs/search and search for Job ID #445309
SUBMISSION OF A RESUME IS NOT A GUARANTEE THAT YOU WILL RECEIVE AN INTERVIEW
APPOINTMENTS ARE SUBJECT TO OVERSIGHT APPROVAL
DoITT participates in E-Verify
Day – Due to the necessary technical support duties of this position in a 24/7 operation, candidate may be required to work various shifts such as weekends and/or nights/evenings.
New York, NY
New York City residency is generally required within 90 days of appointment. However, City Employees in certain titles who have worked for the City for 2 continuous years may also be eligible to reside in Nassau, Suffolk, Putnam, Westchester, Rockland, or Orange County. To determine if the residency requirement applies to you, please discuss with the agency representative at the time of interview.