Chief Information Security Officer

City of New York•Corona, NY

About The Position

Only a Permanent Civil Service city employee serving in the title may apply for this position. Please indicate on your cover letter that you have a permanent Computer Operations Manager title otherwise; you will not be considered for an interview. The NYC Department of Environmental Protection (DEP) enriches the environment and protects public health for all New Yorkers by providing 1.1 billion gallons of high-quality drinking water, managing wastewater and stormwater, and reducing air, noise, and hazardous materials pollution. DEP is the largest combined municipal and wastewater utility in the country, with nearly 6,000 employees. DEP's water supply system is comprised of 19 reservoirs and 3 controlled lakes throughout the system’s 2,000 square mile watershed that extends 125 miles north and west of the city. The New York City Department of Environmental Protection (NYC DEP) Business Information Technology (BIT) division is responsible for providing quality business, technical, and information technology system support to agency users. This commitment is achieved through collaboration, strong relationships, and a unified vision with DEP partners to deliver technology solutions that support the agency’s operational needs. Providing these services ensures that DEP continues its tradition of delivering excellent service to the residents of New York City. Reporting to the Chief Information Officer (CIO), the Business Information Technology team seeks to hire a Chief Information Security Officer (CISO). Responsibilities include cybersecurity strategy, architecture, solutions design, program coordination and execution, awareness and outreach, business management, and reporting on the effectiveness of the information security program. This position requires a seasoned leader with strong business acumen and a detailed working knowledge of information security technologies, practices, and policies and their application in a business environment. The CISO will research and recommend innovative solutions and improvements to existing procedures. The CISO is an implementer who possesses the poise and ability to act calmly and competently in high-pressure situations. This role is responsible for developing and managing strong strategic relationships within Information Technology (IT) and ensuring that projects, initiatives, and security platforms meet all required security standards. Under varying levels of executive direction, with latitude for independent initiative, judgment, and decision making, the selected candidate will develop and implement the organization’s information security strategy to protect data and systems from cyber threats. The CISO will safeguard information system assets by identifying security risks, threats, and vulnerabilities affecting networks, systems, and applications across new and existing technology initiatives, the selected candidate will evaluate high-level information technology initiatives and provide technical guidance to ensure compliance with security policies, standards, and guidelines. Responsibilities include developing, implementing, enforcing, and communicating security policies and plans covering data, software applications, hardware, and telecommunications systems. The role requires in-depth knowledge of Internet Protocol (IP) networking and networking protocols, along with security technologies including encryption, Internet Protocol Security (IPsec), Public Key Infrastructure (PKI), Virtual Private Networks (VPNs), firewalls, proxy services, Domain Name System (DNS), electronic mail systems, privileged access management, and access lists. Experience with Operational Technology (OT) networks and Supervisory Control and Data Acquisition (SCADA) environments is also required. The candidate will serve as a recognized subject matter expert in internet, web, application, and network security engineering, including vulnerability assessments, network scanning, and threat surface analysis. The role also requires advanced knowledge of cloud service security models and enterprise data protection strategies, including backup architecture, disaster recovery planning, and business continuity frameworks.

Requirements

Only a Permanent Civil Service city employee serving in the title may apply for this position. Please indicate on your cover letter that you have a permanent Computer Operations Manager title otherwise; you will not be considered for an interview.
Six (6) years of progressively responsible full-time paid experience supervising or administering computer operations involving a large-scale mainframe, network, or multi-tier computer environment at least 18 months of which shall have been in an administrative, managerial or executive capacity.
A baccalaureate degree from an accredited college or university may be substituted for a maximum of two (2) years of general experience described above. In the absence of a baccalaureate degree, undergraduate credits may be substituted for a maximum of two (2) years of general experience described above on the basis of 30 semester credits for six (6) months of experience.
A master’s degree in Computer Science, Computer Engineering, Electrical Engineering, Business Administration, Public Administration or Management of Administration may be substituted for a maximum of one (1) year of general experience described above. In the absence of a master's degree, graduate credits in Computer Science, Computer Engineering, Electrical Engineering, Business Administration, Public Administration or Management of Administration may be substituted for a maximum of one (1) year of the general experience on the basis of 30 graduate semester credits for one (1) year of experience. However, undergraduate and/or graduate credits may not be substituted for the eighteen (18) months of experience in an administrative, managerial, or executive capacity.
In-depth knowledge of Internet Protocol (IP) networking and networking protocols, along with security technologies including encryption, Internet Protocol Security (IPsec), Public Key Infrastructure (PKI), Virtual Private Networks (VPNs), firewalls, proxy services, Domain Name System (DNS), electronic mail systems, privileged access management, and access lists.
Experience with Operational Technology (OT) networks and Supervisory Control and Data Acquisition (SCADA) environments is also required.
The candidate will serve as a recognized subject matter expert in internet, web, application, and network security engineering, including vulnerability assessments, network scanning, and threat surface analysis.
The role also requires advanced knowledge of cloud service security models and enterprise data protection strategies, including backup architecture, disaster recovery planning, and business continuity frameworks.

Responsibilities

Lead the development, coordination, and submission of materials required to maintain compliance with the New York State Cybersecurity Regulations for Public Water Systems.
Manage and direct a team of information technology security professionals, providing leadership, guidance, and support.
Manage cybersecurity incidents and attacks in coordination with the team and oversight agencies such as New York City Cyber Command (NYC Cyber Command).
Track cyber security incidents and vulnerability reports, direct teams for remediation of issues.
Design a critical response process for cyber security incidents.
Continuously monitor threats to DEP’s information technology (IT) and operational technology (OT) environments.
Develop cybersecurity Key Risk Indicators (KRIs) and dashboard metrics for reporting.
Develop and document cybersecurity policies, procedures, and standards in alignment with Citywide Information Security Policies.
Coordinate air-gapped backup strategies with agency business units.
Participate in annual financial and technology audits for the agency.
Examine computer systems to ensure secure operation and protection of data from internal and external threats.
Perform security assessments to ensure compliance with security policies, procedures, and industry standards.
Monitor, evaluate, and maintain security systems according to industry best practices to safeguard internal systems and databases.
Assist with the review and definition of security requirements and evaluate systems for compliance with established standards.
Investigate security violations and breaches and prepare reports on incidents and intrusions as required.
Review and assess firewall logs and configure firewalls, intrusion detection systems, and other network security devices.
Work with other BIT teams to design and implement cybersecurity solutions across DEP infrastructure, networks, and systems.
Develop necessary budget analysis and related documentation for annual submissions of budget for cyber-security related solutions.