About New York City Cyber Command
Mission. NYC Cyber Command leads the City’s cyber defense efforts, working across more than 100 agencies and offices to prevent, detect, respond, and recover from cyber threats. NYC3 protects NYC infrastructure and critical systems from malicious attacks and safeguards the data, devices, and services of the City.
Culture. Foremost, we serve the people of the City of New York, so earning - and keeping - their trust is paramount. To deserve that trust, we relentlessly focus on facts, provide sound judgment, and maintain a healthy culture. We pride ourselves on having a respectful and inclusive workplace built on kindness, honest intellectual debate, and excellent work.
About the Job
Primarily, you will drive the information security risk identification and prioritization process: you will conduct qualitative and quantitative cyber risk assessments across City agencies and functions, and combine them into compelling, clear reporting. Under the supervision of the Director of Cyber Risk, you will communicate to senior stakeholders within NYC3 and beyond to drive cyber risk mitigation. You will also improve and automate cyber risk reporting. Along with the cyber risk management team, you will help establish a strategy to assess, manage, and monitor the impact of cyber risks on the delivery of Agency services to New Yorkers.
Some of your assessment responsibilities will be to:
- Apply qualitative and quantitative information security frameworks across City agencies and functions;
- Analyze technology risks across a federated government organization;
- Improve mathematical models and metrics to consistently classify cyber risk;
- Use data and judgment to recommend cyber risk reduction measures;
- Research extant and emergent information security risks;
- Support deployment of security policies, standards, and frameworks.
About You
People who succeed at NYC3 are collaborative, service-oriented, and mission-driven.
You are communicative, creative, and curious in assessing technology risk; you relish the opportunity to try something that has not yet been done. You are also rigorous in analyzing risk and thoughtful in communicating it; you can design a beautiful data visualization as well as craft a clear, concise narrative. You enjoy mapping processes and determining the root cause of information security issues. You are comfortable in a dynamic, ambiguous environment.
To apply for this job, you will need to at least have a bachelor’s degree and four years of experience or equivalent experience. Ideally, you will have a combination of experience in:
- Building reports and leveraging tools (e.g., GRC platforms and Monte Carlo simulations) to analyze and model cyber risk;
- Calibrating probability assessments and coaching others;
- Assessing cyber risk and communicating findings to varying audiences, as well as track risk mitigation;
- Understanding business continuity, contingency planning, and disaster recovery principles;
- Generating support for making process improvements to minimize risk and control measures;
- Operating in an ambiguous and dynamic environment;
- Working with data security standards for PII, PCI, and PHI.
Minimum Qualification Requirements for CYBER SECURITY ANALYST Civil Service Title
1. A baccalaureate degree, from an accredited college including or supplemented by twenty-four (24) semester credits in cyber security, network security, computer science, computer programming, computer engineering, information technology, information science, information systems management, network administration, or a pertinent scientific, technical or related area;
or
2. A four-year high school diploma or its equivalent approved by a State’s department of education or a recognized accrediting organization and three years of satisfactory experience in any of the areas described in “1” above;
or
3. Education and/or experience equivalent to “1” or “2”, above. College education may be substituted for up to two years of the required experience in “2” above on the basis that sixty (60) semester credits from an accredited college is equated to one year of experience. In addition, twenty-four (24) credits from an accredited college or graduate school in cyber security, network security, computer science, computer programming, computer engineering, information technology, information science, information systems management, network administration, or a pertinent scientific, technical or related area; or a certificate of at least 625 hours in computer programming from an accredited technical school (post high school), may be substituted for one year of experience.
CURRENT CITY EMPLOYEES WHO HAVE PERMANENT CIVIL SERVICE TITLES WHOSE FUNCTIONS ALIGN WITH THE POSTING ARE ALSO ENCOURAGED TO APPLY