About New York City Cyber Command:

New York City Cyber Command (NYC3) is committed to protecting city systems that provide vital services to New Yorkers from cyber threats, and helping residents become safer in their digital lives.

As the organization defending the largest municipality in the country, NYC3 is charged with directing citywide incident response, setting citywide cybersecurity policies and standards and working with city agencies to strengthen their cyber defenses.

Job Description

Under the guidance of the Director of Policies, you will be responsible for helping establish a unified, cohesive, and authoritative collection of citywide cybersecurity policies, standards, directives, and guidelines that draws heavily from various NIST Cybersecurity Frameworks. You will help agencies navigate citywide cybersecurity policies, standards, directives, and guidelines.

Responsibilities for the Cybersecurity Senior Policy Analyst will include, but are not limited to:

Support the development of citywide cybersecurity policies, standards, directives and guidelines through drafting and coordinating with internal and external stakeholders;

Perform analysis of the City’s cybersecurity landscape and determine the most appropriate cybersecurity policies for drafting and implementation

Assist in the creation and execution of a policy development and implementation process for NYC Cyber Command policies, standards, directives and guidelines

Develop products to help agencies navigate NYC Cyber Command’s policies, standards, directives, and guidelines;

Coordinate across NYC Cyber Command divisions and domains to identify and develop new policies and standards;

Assist the Director of Policy maintain awareness of applicable state and federal regulatory requirements that could impact citywide cybersecurity policies, standards, directives, and guidelines;

Assist the Director of Policy in maintaining an internal library of cybersecurity policies, standards, directives, and guidelines used across the city, by other states and large-scale organizations, and internationally;

Promote citywide cybersecurity policy initiatives internally and externally to help establish NYC3 as an authority in cybersecurity policies, standards, directives, and guidelines.

Contribute to the organizational culture of diversity and inclusiveness and fact based action. both internally and externally;

Support NYC Cyber Command during a significant cyber incident;

Manage special cyber security initiatives and projects, as assigned by the Director of Strategic Planning.

Preferred Skills:

Excellent verbal & written communication skills;

Excellent critical thinking, systems thinking and problem solving skills

Demonstrated experience working with technical and non-technical personnel on challenging complex initiatives and efforts;

In-depth knowledge of the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF), NIST Risk Management Framework (RMF) and the Center for Information Security Top 20 Controls (CIS Top 20), and commonly referenced cybersecurity frameworks and policy-related publications;

Demonstrated experience supporting the development and analysis of cybersecurity policies, standards, directives, and guidelines in a large-scale enterprise environment;

Experience building partnerships with stakeholders;

Outstanding collaboration skills;

Excellent organization, presentation and facilitation skills;

Knowledge of strategic planning frameworks;

Knowledge of risk/threat assessment methods;

Knowledge of data flow automation;

Familiarity and ease with human centered design practices to influence the creation, implementation, and ongoing development of initiatives, services, processes, protocols, and plans.

Minimum Qual Requirements

1. A baccalaureate degree, from an accredited college including or supplemented by twenty-four (24) semester credits in cyber security, network security, computer science, computer programming, computer engineering, information technology, information science, information systems management, network administration, or a pertinent scientific, technical or related area; or

2. A four-year high school diploma or its equivalent approved by a State’s department of education or a recognized accrediting organization and three years of satisfactory experience in any of the areas described in “1” above; or

3. Education and/or experience equivalent to “1” or “2”, above. College education may be substituted for up to two years of the required experience in “2” above on the basis that sixty (60) semester credits from an accredited college is equated to one year of experience. In addition, twenty-four (24) credits from an accredited college or graduate school in cyber security, network security, computer science, computer programming, computer engineering, information technology, information science, information systems management, network administration, or a pertinent scientific, technical or related area; or a certificate of at least 625 hours in computer programming from an accredited technical school (post high school), may be substituted for one year of experience.