NYC Department of Finance (DOF) is responsible for administering the tax revenue laws of the city fairly, efficiently, and transparently to instill public confidence and encourage compliance while providing exceptional customer service.Finance Information Technology (FIT) provides support for all facets of Department of Finance?s computer systems, including hardware, software, applications, and data security. FIT Division delivers information and technology solutions that the Department of Finance needs to achieve results. The Cyber Security unit is looking to hire a Cyber Security Compliance Engineer. The selected candidate’s responsibilities will include but not limited to the following: Responsible for Information Security compliance agency wide level with direct control over all compliance need activity across the agency. Manage relationship and be Partner with DOITT and Cyber on security compliance related initiatives. Manage compliance activity related to PCI-DSS, and IRS Pub 1075 and other security-related regulations and standards agency-wide, Responsible for coordinating security compliance related activated across all IT units of the Agency to support internal and external auditors. Collaborate with DOITT and cyber on the on-going development and implementation of client’s Information Security policies, standards, procedures and guidance. In addition, manage and track specific information security projects, audit plans of correction, and other security tasks and responsibilities. Manage client’s PCI compliance activities, including SAQ submissions, quarterly penetration tests, and reporting to the PCI Steering Committee . Work with other InfoSec Team functions including security architecture, risk management, and InfoSec operations to identify gaps and make recommendations for solutions. Establish and satisfy system-wide information security requirements based upon the analysis of user, policy, regulatory and resource demands. Support customers at the highest levels in the development and implementation of doctrine and policies. Provide leadership and guidance the development, design and application of solutions implemented by more junior staff members. Will have management responsibilities of projects or initiatives as the Finance Cyber Security Programs demand . Planning and coordinating with senior representatives within the customer organizations to address program goals, milestones, resources and risks. Conduct training for employees educating on agency’s compliance obligation (PCI, IRS).
Minimum Qual Requirements
1. A master’s degree in computer science from an accredited college and three years of progressively more responsible, full-time, satisfactory experience using information technology in computer applications programming, systems programming, computer systems development, data telecommunications, database administration, planning of data/information processing, user services, or area networks at least 18 months of this experience must have been in an administrative, managerial or executive capacity in the areas of computer applications programming, systems programming, computer systems development, data telecommunications, data base administration, or planning of data processing or in the supervision of staff performing these duties; or 2. A baccalaureate degree from an accredited college and four years of experience as described in “1” above; or 3. A four-year high school diploma or its educational equivalent approved by a State’s department of education or recognized accrediting organization and six years of experience as described in “1” above; or 4. A satisfactory combination of education and experience equivalent to “1”, “2” or “3” above. However, all candidates must have at least a four-year high school diploma or its educational equivalent approved by a State’s department of education or recognized accrediting organization and must possess at least three years of experience as described in “1” above, including the 18 months of administrative, managerial, executive or supervisory experience as described in “1” above. Qualification Requirements (continued) NOTE: The following types of experience are not acceptable: superficial use of preprogrammed software without complex programming, design, implementation or management of the product; use of word processing packages; use of a hand held calculator; primarily the entering or updating of data in a system; the operation of data processing hardware or consoles.
Strong analytical and critical thinking skills. Experience in interfacing with executive level management and giving senior level presentations; Subject Matter Expert (SME) in Risk Management Tools, Techniques and Methodologies and Frameworks. SME in conducting IT RISK Evaluations, Assessments, and Reporting. SME in Classifying and monitoring IT risks. SME in maintaining a Risk Register and Dashboard. Define a risk appetite Experience with PCI compliance and responding to IT audits.
In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification document form upon hire.NOTE: THIS POSITION IS OPEN TO APPLICANTS WHO HAVE TAKEN THE OPEN COMPETITIVE COMPUTER SYSTEMS MANAGER EXAM #9011, OR THOSE WHO ARE ALREADY PERMANENT IN THE COMPUTER SYSTEMS MANAGER TITLE. PLEASE INDICATE IN YOUR COVER LETTER IF YOU HAVE TAKEN THE EXAM OR ALREADY PERMANENT IN THE COMPUTER SYSTEMS MANAGER TITLE.THIS POSITION IS OPEN TO QUALIFIED PERSONS WITH A DISABILITY WHO ARE ELIGIBLE FOR THE 55-A PROGRAM. PLEASE INDICATE ON YOUR RESUME OR COVER LETTER IF YOU WOULD LIKE TO BE CONSIDERED FOR THE POSITION UNDER THE 55-A PROGRAM.
Click the “Apply Now” button.While we appreciate every applicant’s interest, only those under consideration will be contacted.
Unless otherwise indicated positions require a five-day workweek.
59 Maiden Lane(Current location but could be subject to change)
New York City Residency is not required for this position