Logo
City of New York

Chief Information Security Officer (CISO)

City of New York, Lincoln, Nebraska, United States, 68511


The New York City Housing Authority (NYCHA), the largest public housing authority in North America, provides decent, affordable housing for low- and moderate-income New Yorkers. NYCHA is home to 1 in 17 New Yorkers, providing affordable housing to over 500,000 authorized residents through public housing and Permanent Affordability Commitment Together (PACT) programs as well as Section 8 housing. NYCHA has nearly 200,000 apartments in over 2,400 buildings across 335 conventional public housing and PACT developments. In addition, NYCHA connects residents to critical programs and services from external and internal partners, with a focus on economic opportunity, youth, seniors, and social services. With a housing stock that spans all five boroughs, NYCHA is a city within a city.

Are you a cybersecurity leader looking to make a real difference? The New York City Housing Authority is seeking a dynamic and experienced Chief Information Security Officer to join our team. This isn't just another corporate gig – it's a chance to protect vital information and systems that impact the lives of hundreds of thousands of New Yorkers. As our CISO, you'll lead a diverse team of security professionals, drive innovation in our cybersecurity practices, and play a crucial role in safeguarding the largest public housing system in North America. We're looking for someone who can blend technical expertise with strategic vision, communicate effectively with both IT teams and executive leadership, and navigate the unique challenges of securing a large public organization. If you're passionate about cybersecurity, public service, and making a tangible impact on your community, we want to hear from you. Bring your skills, your creativity, and your commitment to excellence. Help us build a safer digital future for NYCHA and the residents we serve.

Roles and ResponsibilitiesStrategic Leadership:

Provide strategic direction and leadership for NYCHA's cybersecurity program. Align cybersecurity strategies with NYCHA objectives and regulatory requirements. Report to senior leadership and the board on cybersecurity risks, initiatives, and performance. Manage and mentor leaders of the Security Governance, Security Engineering, and Security Operations teams. Collaborate with other departments to ensure integration of security practices across the organization. Develop, mentor, and retain cybersecurity talent across NYCHA.Risk Management and Compliance:

Lead enterprise-wide risk assessments and oversee the implementation of risk mitigation strategies. Ensure compliance with industry standards and regulatory requirements relevant to NYCHA. Oversee internal and external security audits and penetration testing. Support additional functions such as Privacy, Disaster Recovery, Legal Compliance, and cybersecurity insurance protection.Security Governance Oversight:

Develop and refine the security program with innovative strategies and tactical plans, leveraging the latest industry research, threat analysis, and lessons learned from internal practices. Ensure security strategies align with NYCHA objectives and comply with relevant regulations. Review and approve security policies, standards, and procedures. Oversee the development and reporting of security metrics such as OKRs and KPIs to enable data-driven decision making. Guide the development and implementation of end-user security training and awareness programs.Security Engineering Oversight:

Direct the planning, design, and implementation of security technologies and processes. Oversee the evaluation and integration of new security technologies. Ensure the team provides appropriate guidance on security controls to other NYCHA departments. Review and approve security architecture designs for protecting NYCHA data, applications, and infrastructure.Security Operations Oversight:

Direct the continuous monitoring, detection, and response to cyber threats. Oversee the partnership with OTI Cyber Command for coordinated responses to Citywide cyber threats. Review and approve the incident response plan and its implementation. Guide security remediation efforts across teams.Budget and Resource Management:

Develop and manage the information security budget across all of NYCHA IT. Justify security investments and demonstrate ROI to senior management.Vendor and Partner Management:

Oversee the security aspects of vendor relationships and contracts. Manage relationships with external security partners and service providers.Continuous Improvement and Innovation:

Stay informed about emerging threats and technologies in the cybersecurity landscape. Drive innovation in security practices across all of NYCHA.

NOTE: Due to the existence of a civil service list, candidates must have permanent civil service status in the title of Computer Systems Manager to be considered.

NOTE: This position is open to qualified persons with a disability who are eligible for the 55-a Program. Please indicate in your cover letter that you would like to be considered for the position under the 55-a Program. For detailed information regarding the 55-a Program, click on the link below:

https://bit.ly/55aProgram

Minimum QualificationsA master's degree in computer science from an accredited college or university and three (3) years of progressively more responsible, full-time, satisfactory experience in Information Technology (IT) including applications development, systems development, data communications and networking, database administration, data processing, or user services. At least eighteen (18) months of this experience must have been in an administrative, managerial or executive capacity in the areas of applications development, systems development, data communications and networking, database administration, data processing or in the supervision of staff performing these duties; orA baccalaureate degree from an accredited college or university and four (4) years of progressively more responsible, full-time, satisfactory experience as described in "1" above; orA four-year high school diploma or its educational equivalent, and six (6) years of progressively more responsible, full-time, satisfactory experience as described in "1" above; orA satisfactory combination of education and experience equivalent to "1", "2" or "3" above. However, all candidates must have at least a four-year high school diploma or its educational equivalent and must possess at least three (3) years of experience as described in "1" above, including the eighteen (18) months of administrative, managerial, executive or supervisory experience as described in "1" above.

In the absence of a baccalaureate degree, undergraduate credits may be substituted for a maximum of two (2) years of the required experience in IT on the basis of 30 semester credits for six (6) months of the required experience. Graduate credits in computer science may be substituted for a maximum of one (1) year of the required experience in IT on the basis of 30 graduate semester credits in computer science for one (1) year of the required IT experience. However, undergraduate and/or graduate credits may not be substituted for the eighteen (18) months of experience in an administrative, managerial, executive, or supervisory capacity as described in "1" above.

Preferred SkillsAble to be in the office two to three days per week and part of a hybrid work environment.Leadership and Management: Strong leadership and team management skills with proficiency in project management, strategic thinking, and the ability to manage and prioritize multiple projects simultaneously.Business Acumen: Understanding of how security aligns with business objectives. Financial budgeting and planning skills with vendor management experience.Compliance and Risk Management: In-depth knowledge of relevant regulatory frameworks and experience with risk assessment methodologies and frameworks. Understanding of legal and compliance issues related to cybersecurity.Communication: Excellent verbal and written skills with the ability to explain complex technical concepts to non-technical stakeholders. Strong presentation skills for board-level and executive communications.Technical Proficiency: In-depth knowledge of information security principles, best practices, and technologies to include network, system, and application security encryption technologies identity and access management concepts security information and event management solutions vulnerability assessment techniques and secure software development practices.Soft Skills: Adaptability and flexibility in a rapidly changing technological landscape. Strong ethical standards and integrity. Collaborative mindset and ability to work across departments. Continuous learning attitude to stay updated with emerging threats and technologies.Certifications: Relevant professional certifications such as CISSP, CISM, or CRISC.

55a ProgramThis position is also open to qualified persons with a disability who are eligible for the 55-a Program. Please indicate at the top of your resume and cover letter that you would like to be considered for the position through the 55-a Program.

Public Service Loan ForgivenessAs a prospective employee of the City of New York, you may be eligible for federal loan forgiveness programs and state repayment assistance programs. For more information, please visit the U.S. Department of Education’s website at

https://studentaid.gov/pslf/ .

Residency RequirementNYCHA has no residency requirements.

Additional InformationThe City of New York is an inclusive equal opportunity employer committed to recruiting and retaining a diverse workforce and providing a work environment that is free from discrimination and harassment based upon any legally protected status or protected characteristic, including but not limited to an individual's sex, race, color, ethnicity, national origin, age, religion, disability, sexual orientation, veteran status, gender identity, or pregnancy.

#J-18808-Ljbffr