Job Information
City of New York Business Information Security Officer in New York, New York
Job Description
The Office of Technology and Innovation (OTI) leverages technology to drive opportunity, improve public safety, and help government run better across New York City. From delivering affordable broadband to protecting against cybersecurity threats and building digital government services, OTI is at the forefront of how the City delivers for New Yorkers in the 21st century. Watch our welcome video to see our work in action, follow us on social media @NYCOfficeofTech, and visit oti.nyc.gov to learn more.
At OTI, we offer great benefits, and the chance to work on projects that have a meaningful impact on millions of people. You'll have the opportunity to work with cutting-edge technology and collaborate with other passionate professionals who share your drive and commitment to making a difference through technology.
About New York City Cyber Command
The New York City Office of Technology and Innovation (OTI) Cyber Command is committed to protecting City systems and technology infrastructure that provide and enable vital services to New Yorkers from cyber threats, and helping residents become safer in their digital lives.
As the organization defending the largest municipality in the country, OTI Cyber Command is charged with directing citywide incident response, setting citywide cybersecurity policies and standards and working with city agencies to strengthen their cyber defenses.
Mission Statement
"To lead and execute an innovative, intelligence-driven, risk-informed cyber defense and response strategy -- with the support of key partners and allies -- that enables the city government to properly function and provide services to New Yorkers”.
Vision Statement
"New York City the most cyber-resilient city in the world"
Job Description
The Business Information Security Officer (BISO) serves as a trusted senior advisor to the citywide Chief Information Security Officer (CISO) and lines of business. The BISO understands security risks and technologies and is able to effectively communicate them to business units. The BISO is an advanced role supporting the cybersecurity program, serving as a central point of contact for the CISO and ensuring operations and strategy are working as planned. In this role, the BISO also provides leadership support and helps ensure the CISOs strategic vision reaches across the diverse teams that support global enterprise security initiatives.
The BISO is an effective communicator and can readily collaborate with technical department leads and their direct reports. On a daily basis, the BISO ensures the CISO is fully briefed and prepared for business and technical meetings, financial reporting, personnel management, operational stability, project status updates, strategic relationships, as well as incident(s) status and any breaking news related to cybersecurity.
The BISO must be capable of working closely with the executive team, third parties, project managers and subject matter experts (SMEs). Additionally, the BISO must be personable and able to translate cybersecurity issues to business leader initiatives, understanding threats, as well as risk mitigations and technical controls recommended by security leaders.
Responsibilities include, but are not limited to:
Serve as a trusted advisor to the CISO and lines of business;
Act as a liaison and trusted point of contact across business units;
Work closely with security leadership to instill cybersecurity policies and practices throughout business units;
Be actively informed and engaged in security projects across the business;
Provide disaster recovery and business continuity planning advice when working with leaders for business and cybersecurity resiliency;
Enforce the strong security culture set forth by the CISO, ensuring uniformity across security leadership, business units and employees;
Foster strong relationships with internal business units and excel in cybersecurity communication;
Advise business units on enterprise-wide people, process and technology security recommendations;
Maintain up-to-date knowledge related to security threats, vulnerabilities and mitigations set forth to reduce the attack surface; circulate this knowledge through the business units;
Ensure business projects are focused on cybersecurity from the beginning;
Identify and document threats and vulnerabilities that may impact the business and address them regularly with business units;
In conjunction with security and business leaders, define key performance indicators (KPIs) and metrics aligning with business initiatives and deliver them to non-technical teams in terms that are accessible and comprehensible;
Provide motivation to business units to adopt cybersecurity controls;
Stay abreast of new laws, regulations, and standards, and assess their impact to the business;
Verify security content training initiatives and internal/external communication are conducted regularly;
Openly support the CISO, management team and executive leadership, even during tumultuous times;
Manage special projects and initiatives as assigned.
Qualifications
A master's degree in computer science from an accredited college or university and three (3) years of progressively more responsible, full-time, satisfactory experience in Information Technology (IT) including applications development, systems development, data communications and networking, database administration, data processing, or user services. At least eighteen (18) months of this experience must have been in an administrative, managerial or executive capacity in the areas of applications development, systems development, data communications and networking, database administration, data processing or in the supervision of staff performing these duties; or
A baccalaureate degree from an accredited college or university and four (4) years of progressively more responsible, full-time, satisfactory experience as described in "1" above; or
A four-year high school diploma or its educational equivalent, and six (6) years of progressively more responsible, full-time, satisfactory experience as described in "1" above; or
A satisfactory combination of education and experience equivalent to "1", "2" or "3" above. However, all candidates must have at least a four-year high school diploma or its educational equivalent and must possess at least three (3) years of experience as described in "1" above, including the eighteen (18) months of administrative, managerial, executive or supervisory experience as described in "1" above.
In the absence of a baccalaureate degree, undergraduate credits may be substituted for a maximum of two (2) years of the required experience in IT on the basis of 30 semester credits for six (6) months of the required experience. Graduate credits in computer science may be substituted for a maximum of one (1) year of the required experience in IT on the basis of 30 graduate semester credits in computer science for one (1) year of the required IT experience. However, undergraduate and/or graduate credits may not be substituted for the eighteen (18) months of experience in an administrative, managerial, executive, or supervisory capacity as described in "1" above.
Additional Information
The City of New York is an inclusive equal opportunity employer committed to recruiting and retaining a diverse workforce and providing a work environment that is free from discrimination and harassment based upon any legally protected status or protected characteristic, including but not limited to an individual's sex, race, color, ethnicity, national origin, age, religion, disability, sexual orientation, veteran status, gender identity, or pregnancy.