City of New York
ASSISTANT DEPUTY COMMISSIONER, DATA SECURITY OPERATIONS
City of New York, New York, New York, 10261
Company Description Job Description APPLICANTS MUST BE PERMANENT IN THE COMPUTER SYSTEMS MANAGER CIVIL SERVICE TITLE. The Department of Social Services Accountability Office (DSS-AO) is responsible for supporting the integrity of social services programs administered by the New York City Human Resources Administration (HRA), Department of Social Services (DSS) and Department of Homeless Services (DHS). DSS-AO maintains the operation of the Office of Audit Services (OAS) and Office of Quality Assurance (OQA), Office of Accountability Strategies (OAS), Compliance and Contract Monitoring (CCM), Investigation, Revenue and Enforcement Administration (IREA), Office of Data Security Management (ODSM) and the Accountability Initiative and Change Monitoring (AICM). The Office of Data Security Management (ODSM) is responsible for implementing the Agency's cybersecurity program. ODSM is tasked with continuously improving the Agency's risk posture by ensuring that appropriate security controls are in place to protect the confidentiality, integrity and availability of Agency information resources. The Office of Data Security Management is recruiting for (1) Computer Systems Manager M IV to function as an Assistant Deputy Commissioner, Data Security Operations, who will: -Develop and implement best practices to support efficiencies and effective daily operations in an ongoing effort to meet the Agency's cybersecurity needs. Oversee the day-to-day operations for the Security Operations Center and Emergency Operations and Incident Management units. Collaborate to ensure appropriate cross-utilization of the various units across ODSM. -Implement the strategic goals determined by the Chief Information Security Officer (CISO), including: the strategic enterprise cybersecurity and risk management plan and a long-term roadmap to arrive at the desired future state. Ensure implementation of security controls requirements, policies, and standards as outlined in the strategic plan. -Monitor implementation priorities, and specific initiatives necessary to achieve the future state. Ensure the CISO is updated periodically, communicate changes in priorities to the relevant stakeholders, monitor workstreams that support and implement agreed upon strategic goals. Develop and recommend corrective action plans, where needed. -Through the direction of the CISO, the ADC implements the appropriate data security management framework for the Agency. Implement established controls into daily operations to monitor compliance. Recommend IT solutions to the CISO to minimize the risk of cyber-attacks and insider vulnerabilities. Support/assist the CISO in the development of operations-level policies and proactively identify/remediate potential weaknesses. Conduct vulnerability scans, monitor and analyze network logs and flows, aggressively monitor the Identity and Access Management (IAM) program, and data and usage discovery for investigations of employees. Present findings to the CISO, the Chief Accountability Officer, the DSS First Deputy Commissioner, and the Commissioner. -Oversee the day-to-day operations related to Security Operations Center, which monitors the Agency's network, perimeter, endpoints and applications. Oversee the investigation of reported security breaches. Develop strategies to effectively and appropriately handle security incidents and trigger investigations. Coordinate major incident response among internal and external stakeholders, oversee postmortem analyses, and ensures findings are communicated and addressed appropriately. -At the direction of the CISO, implement an Agency-wide information security awareness program. Facilitate the implementation of methods to educate Agency personnel, such as behavioral and learning tests and nudge theory. -Review and analyze reports outcome and use findings to report on the effectiveness of current program and the state of personnel preparedness. Makes recommendations to the CISO and implements corrective action plans as necessary. Ensures that the program meets all relevant city, state and federal mandates, and that it leverages best industry practices. Periodically reports findings monthly to agency executives, including the Commissioner. Hours/Shift: Monday to Friday: 9 am - 5pm Location: Qualifications 1. A master's degree in computer science from an accredited college or university and three (3) years of progressively more responsible, full-time, satisfactory experience in Information Technology (IT) including applications development, systems development, data communications and networking, database administration, data processing, or user services. At least eighteen (18) months of this experience must have been in an administrative, managerial or executive capacity in the areas of applications development, systems development, data communications and networking, database administration, data processing or in the supervision of staff performing these duties; or 2. A baccalaureate degree from an accredited college or university and four (4) years of progressively more responsible, full-time, satisfactory experience as described in "1" above; or 3. A four-year high school diploma or its educational equivalent, and six (6) years of progressively more responsible, full-time, satisfactory experience as described in "1" above; or 4. A satisfactory combination of education and experience equivalent to "1", "2" or "3" above. However, all candidates must have at least a four-year high school diploma or its educational equivalent and must possess at least three (3) years of experience as described in "1" above, including the eighteen (18) months of administrative, managerial, executive or supervisory experience as described in "1" above. In the absence of a baccalaureate degree, undergraduate credits may be substituted for a maximum of two (2) years of the required experience in IT on the basis of 30 semester credits for six (6) months of the required experience. Graduate credits in computer science may be substituted for a maximum of one (1) year of the required experience in IT on the basis of 30 graduate semester credits in computer science for one (1) year of the required IT experience. However, undergraduate and/or graduate credits may not be substituted for the eighteen (18) months of experience in an administrative, managerial, executive, or supervisory capacity as described in "1" above. Additional Information The City of New York is an inclusive equal opportunity employer committed to recruiting and retaining a diverse workforce and providing a work environment that is free from discrimination and harassment based upon any legally protected status or protected characteristic, including but not limited to an individual's sex, race, color, ethnicity, national origin, age, religion, disability, sexual orientation, veteran status, gender identity, or pregnancy.