Cyber Incident Commander

  • $75,425.00 - $185,000.00/year
  • About New York City Cyber Command
    NYC Cyber Command was created in 2017 by Executive Order to lead the City’s cyber defense efforts, working across more than 100 agencies and offices to prevent, detect, respond, and recover from cyber threats. NYC Cyber Command is committed to protecting NYC infrastructure and critical systems from malicious attacks through the use of the latest technologies, public-private partnerships, and regular training and exercises for City employees.

    Job Description
    The Incident Commander is responsible for management, supervision and coordination of cybersecurity incidents as part of a 24x7 operation. As the ideal blend between a high level executive and a technician, the Incident Commander maintains incident response playbooks, conducts cyber tabletop exercises, acts as a liaison on third party incidents, and communicates with Agency and City Hall stakeholder leadership. The Incident commander conducts gap identification and program maturity recommendations to ensure that the Security Operations Center is staffed 24/7, 365 with capable leadership who can take immediate actions upon notification of a cybersecurity incident.

    Some of the duties include:
    • Lead significant or high-profile incidents, including validating and escalating incidents, coordinating response activities across multiple city agencies in a 24x7 operational tempo;
    • Rapid, independent decision making in stressful / fluid situations, including those that impact critical life safety and business systems;
    • Provide strategic guidance on and tracking of tools/visibility/capabilities gaps affecting information security posture;
    • Serve as a liaison between the Security Operations Center and the impacted agency or agencies business and technical teams during an incident;
    • Coordinate and directing efforts among Security Operations team members throughout the incident response lifecycle;
    • Provide timely and relevant updates to appropriate executive stakeholders and Agency leadership;
    • Conduct after action reporting and provides relevant insights to guide improvements and adjustments to cybersecurity response processes;
    • Test and update incident response plans and processes to address existing and emerging threats;
    • Maintain strong working relationships across City technology and security teams;
    • Perform special projects and initiatives as assigned.

    Minimum Qualification Requirements
    1. Six (6) years of progressively responsible full-time paid experience supervising or administering computer operations involving a large-scale third generation computer at least 18 months of which shall have been in a managerial capacity.or
    2. Education at an accredited college or university may be substituted for the general experience described above (but not for the 18 months of managerial experience described above) at the rate of one year of college for 6 months of experience up to a maximum of 4 years college for 2 years or experience. In addition a Master of Business Administration, Master of Public Administration or any other Master's Degree in Management of Administration may be substituted for an additional year of general work experience. However, all candidates must possess the 18 months of administrative or managerial experience or managerial experience described above.

    Preferred Skills
    The preferred candidate should possess the following:
    7+ leading significant or high-profile incidents, including validating and escalating incidents, coordinating response activities across multiple entities;
    Capable of rapid, independent decision making in stressful / fluid situations, including those that impact critical life safety and business systems;
    Experience in providing strategic guidance on and tracking of tools/visibility/capabilities gaps affecting information security posture;Excellent communication skills with multiple stakeholders to be a liaison between the Security Operations Center and the impacted agency or agencies business and technical teams during an incident; ability to provide them with timely reports and updates;
    Ability to coordinate and direct efforts among Security Operations team members throughout the incident response lifecycle;
    Experience in conduct of after action reporting that provides relevant insights to guide improvements and adjustments to cybersecurity response processes;
    Experience in testing and updating incident response plans and processes to address existing and emerging threats;
    Ability to maintain strong working relationships across City technology and security teams;
    Perform special projects and initiatives as assigned.Knowledge of the cyber landscape of the City of New York assets and other networks within NYC.

    To Apply

    Please submit your resume and cover letter via the form provided below.

    Special Note
    : Taking and passing civil service exams are necessary to maintain employment with the City of New York. Please check the Department of Citywide Administrative Services (DCAS) website (http://www.nyc.gov/html/dcas/html/work/exam_monthly.shtml) for important exam filing information. Please ensure that you are either a permanent employee in the civil service title listed on this posting, or, that you file for the examination when there is an open filing period.
    For more information regarding the civil service process, please visit the DCAS website at: http://www.nyc.gov/html/dcas/html/work/work.shtml

    * Interested applicants with similar permanent titles who meet the preferred requirements should also submit a resume for consideration

    SUBMISSION OF A RESUME IS NOT A GUARANTEE THAT YOU WILL RECEIVE AN INTERVIEW. APPOINTMENTS ARE SUBJECT TO OVERSIGHT APPROVAL

    Want to apply later?

    Type your email address below to receive a reminder

    Apply to Job

    ErrorRequired field
    ErrorRequired field
    ErrorRequired field
    Error
    Error
    insert_drive_file
    insert_drive_file