Cyber Risk Analyst, Office of Chief Information Officer
DEPT OF HEALTH/MENTAL HYGIENE
Full-Time
Location: QUEENS
No Exam Required
Department: DIT Administration
Salary Range: $75,000.00 – $110,000.00
Job Description
Division/Job Summary: The Division of Information Technology's mission and vision is to promote and protect the health of all New Yorkers through the use of innovative technology and health information that is useful and available. The nation's leading local health department seeks a Senior IT Portfolio Manager to join its award-winning, innovative technology team in revolutionizing public health IT.
DIT has an opening for a Cyber Risk Analyst serving DOHMH Division of Information Technology Office of Cybersecurity. This individual will perform tasks and assignments in the fields of Cybersecurity risk assessments, and other relevant and required duties for the Cybersecurity Risk team, to further the mission of the Office of Cybersecurity (Information Security).
DUTIES WILL INCLUDE BUT NOT BE LIMITED TO:
- Risk Identification and Resolution: Collaborate with cross-functional teams to identify and assess cybersecurity risks associated with digital operations, applications, cloud solutions, firewalls, IoT devices, software, custom development, and technology acquisitions. Fulfill risk assessment tickets in a timely manner, ensuring accurate documentation and meeting go-live conditions.
- Third-party Risk Management: Stay abreast of the latest security, privacy, and regulatory concerns, ensuring a proactive approach to third-party risk management. Advise the organization on security and privacy provisions within agreements or contracts, responding to changes requested by third parties to ensure compliance and data protection. Develop and implement efficient processes for risk acceptances, balancing business needs with cybersecurity requirements for various technology domains.
- Continuous Process Improvement in Risk Assessment: Lead initiatives to enhance the efficiency and effectiveness of risk assessment processes. Regularly assess the methodology and tools used for risk assessment, identifying areas for improvement to ensure continuous alignment with industry best practices. Implement improvements in risk assessment workflows, ensuring they remain adaptive to emerging cybersecurity threats for all technology domains.
- Staying Abreast of Cybersecurity Knowledge and Trends: Proactively monitor and analyze the latest cybersecurity threats, vulnerabilities, and attack vectors. Stay current with industry best practices, emerging technologies, and evolving regulatory requirements to ensure our cybersecurity measures remain at the forefront of the field. Engage in continuous learning through participation in industry conferences, workshops, and professional development opportunities to expand your knowledge base.
- Technology Assessments: Collaborate with IT project management and operational teams to conduct thorough security analyses encompassing a diverse range of technologies. This includes, but is not limited to, cloud solutions, network security, connected devices, software applications, custom development projects, and technology acquisitions. Implement and maintain security metrics to analyze risks and identify opportunities for reducing vulnerabilities in different technology domains.
- Stakeholder Collaboration: Collaborate with internal and external stakeholders to obtain disposition of various technology solutions, updating the organization's inventory list and ensuring a comprehensive understanding of security measures across the enterprise.
Preferred Skills:
- Demonstrated experience in leading cybersecurity initiatives and driving risk-based decision-making across diverse technology domains.
- Proven ability to assess and communicate complex cybersecurity concepts to stakeholders at all levels of the organization.
- Extensive knowledge of security controls, frameworks, and industry standards, with a focus on continuous improvement.
Preferred Education/Skills:
- Bachelor's degree in information technology or Computer Science.
- Industry-recognized certifications within information security and privacy domains (e.g., CISSP, GIAC, CISM, CISA, CIPP, CTPRP, CCSP, etc.).
- 5+ years of experience in an IT computer-related field.
- 3+ years of experience with Cybersecurity efforts and emerging technology aligned with the Risk.
Minimum Qualifications:
A baccalaureate degree from an accredited college and four years of satisfactory full-time experience related to projects and policies required by the particular position; or, Education and/or experience which is equivalent to "1" above.
Residency Requirement: NEW YORK CITY RESIDENCY IS NOT REQUIRED FOR THIS TITLE.
Additional Information: The City of New York is an inclusive equal opportunity employer committed to recruiting and retaining a diverse workforce and providing a work environment that is free from discrimination and harassment based upon any legally protected status or protected characteristic, including but not limited to an individual's sex, race, color, ethnicity, national origin, age, religion, disability, sexual orientation, veteran status, gender identity, or pregnancy.