Chief Information Security Officer

*****Only a Permanent Civil Service city employee serving in the title may apply for this position. Please indicate on your cover letter that you have a permanent Computer Operations Manager title otherwise; you will not be considered for an interview.

The NYC Department of Environmental Protection (DEP) enriches the environment and protects public health for all New Yorkers by providing 1.1 billion gallons of high-quality drinking water managing wastewater and stormwater and reducing air noise and hazardous materials pollution. DEP is the largest combined municipal and wastewater utility in the country with nearly 6000 employees. DEPs water supply system is comprised of 19 reservoirs and 3 controlled lakes throughout the systems 2000 square mile watershed that extends 125 miles north and west of the city.

The New York City Department of Environmental Protection (NYC DEP) Business Information Technology (BIT) division is responsible for providing quality business technical and information technology system support to agency users. This commitment is achieved through collaboration strong relationships and a unified vision with DEP partners to deliver technology solutions that support the agencys operational needs. Providing these services ensures that DEP continues its tradition of delivering excellent service to the residents of New York City.
Reporting to the Chief Information Officer (CIO) the Business Information Technology team seeks to hire a Chief Information Security Officer (CISO). Responsibilities include cybersecurity strategy architecture solutions design program coordination and execution awareness and outreach business management and reporting on the effectiveness of the information security program. This position requires a seasoned leader with strong business acumen and a detailed working knowledge of information security technologies practices and policies and their application in a business environment. The CISO will research and recommend innovative solutions and improvements to existing procedures.
The CISO is an implementer who possesses the poise and ability to act calmly and competently in high-pressure situations. This role is responsible for developing and managing strong strategic relationships within Information Technology (IT) and ensuring that projects initiatives and security platforms meet all required security standards.
Under varying levels of executive direction with latitude for independent initiative judgment and decision making the selected candidate will develop and implement the organizations information security strategy to protect data and systems from cyber threats. The CISO will safeguard information system assets by identifying security risks threats and vulnerabilities affecting networks systems and applications across new and existing technology initiatives the selected candidate will evaluate high-level information technology initiatives and provide technical guidance to ensure compliance with security policies standards and guidelines. Responsibilities include developing implementing enforcing and communicating security policies and plans covering data software applications hardware and telecommunications systems.
The role requires in-depth knowledge of Internet Protocol (IP) networking and networking protocols along with security technologies including encryption Internet Protocol Security (IPsec) Public Key Infrastructure (PKI) Virtual Private Networks (VPNs) firewalls proxy services Domain Name System (DNS) electronic mail systems privileged access management and access lists. Experience with Operational Technology (OT) networks and Supervisory Control and Data Acquisition (SCADA) environments is also required.
The candidate will serve as a recognized subject matter expert in internet web application and network security engineering including vulnerability assessments network scanning and threat surface analysis. The role also requires advanced knowledge of cloud service security models and enterprise data protection strategies including backup architecture disaster recovery planning and business continuity frameworks.

Essential Job Functions

- Lead the development coordination and submission of materials required to maintain compliance with the New York State Cybersecurity Regulations for Public Water Systems.
-Manage and direct a team of information technology security professionals providing leadership guidance and support.
-Manage cybersecurity incidents and attacks in coordination with the team and oversight agencies such as New York City Cyber Command (NYC Cyber Command).
-Track cyber security incidents and vulnerability reports direct teams for remediation of issues.
-Design a critical response process for cyber security incidents.
-Continuously monitor threats to DEPs information technology (IT) and operational technology (OT) environments.
-Develop cybersecurity Key Risk Indicators (KRIs) and dashboard metrics for reporting.
-Develop and document cybersecurity policies procedures and standards in alignment with Citywide Information Security Policies.
-Coordinate air-gapped backup strategies with agency business units.
-Participate in annual financial and technology audits for the agency.
-Examine computer systems to ensure secure operation and protection of data from internal and external threats.
-Perform security assessments to ensure compliance with security policies procedures and industry standards.
-Monitor evaluate and maintain security systems according to industry best practices to safeguard internal systems and databases.
-Assist with the review and definition of security requirements and evaluate systems for compliance with established standards.
-Investigate security violations and breaches and prepare reports on incidents and intrusions as required.
-Review and assess firewall logs and configure firewalls intrusion detection systems and other network security devices.
-Work with other BIT teams to design and implement cybersecurity solutions across DEP infrastructure networks and systems.
-Develop necessary budget analysis and related documentation for annual submissions of budget for cyber-security related solutions.

COMPUTER OPERATIONS MANAGER (S - 10074

Qualifications :

1. Six (6) years of progressively responsible full-time paid experience supervising or administering computer operations involving a large-scale mainframe network or multi-tier computer environment at least 18 months of which shall have been in an administrative managerial or executive capacity.

2. A baccalaureate degree from an accredited college or university may be substituted for a maximum of two (2) years of general experience described the absence of a baccalaureate degree undergraduate credits may be substituted for a maximum of two (2) years of general experience described above on the basis of 30 semester credits for six (6) months of experience.

3. A masters degree in Computer Science Computer Engineering Electrical Engineering Business Administration Public Administration or Management of Administration may be substituted for a maximum of one (1) year of general experience described the absence of a masters degree graduate credits in Computer Science Computer Engineering Electrical Engineering Business Administration Public Administration or Management of Administration may be substituted for a maximum of one (1) year of the general experience on the basis of 30 graduate semester credits for one (1) year of experience. However undergraduate and/or graduate credits may not be substituted for the eighteen (18) months of experience in an administrative managerial or executive capacity.

Additional Information :

The City of New York is an inclusive equal opportunity employer committed to recruiting and retaining a diverse workforce and providing a work environment that is free from discrimination and harassment based upon any legally protected status or protected characteristic including but not limited to an individuals sex race color ethnicity national origin age religion disability sexual orientation veteran status gender identity or pregnancy.

Remote Work :

No

Employment Type :

Full-time