Cyber Security Program Lead – Governance

Job Description

DoITT provides for the sustained, efficient and effective delivery of IT services, infrastructure and telecommunications to enhance service delivery to New York City’s residents, businesses, employees and visitors. As the City’s technology leader, DoITT is responsible for maintaining the foundational IT infrastructure and systems that touch every aspect of City life from public safety to human services, from education to economic development crossing the full spectrum of governmental operations.

The successful candidate will serve as a Cyber Security Program Lead for Governance, reporting to the Citywide Chief Information Security Officer. Responsibilities will include: Oversee Cybersecurity Governance and Controls with a specific focus on Cyber Risk Management for DoITT and for DoITT’s department and Agency clients; play a key role in Citywide Cyber Policy review and refresh; responsible and accountable for Controls and Compliance to enforce hardening of networks, hosts and applications; make recommendations to the Citywide Chief Information Security Officer and to Citywide Leadership based on deep analysis of NYC Critical Assets within a Risk Framework; manage the daily use and distribution of strategic cyber risk and long term threat intelligence finished products; oversee sustained and successful participation by Cybersecurity in any cybersecurity relevant City audits; govern threat modeling and its application into the Citywide Cyber Uplift plan; manage all cybersecurity private/public and Federal/City relationships; manage special Cybersecurity projects, as assigned; and lead the Citywide Cybersecurity division in the Citywide Chief Information Security Officer’s absence.

The position’s responsibilities include commitment to and compliance with the City’s EEO policy.

Minimum Qual Requirements
1. A master’s degree in computer science from an accredited college and three years of progressively more responsible, full-time, satisfactory experience using information technology in computer applications programming, systems programming, computer systems development, data telecommunications, database administration, planning of data/information processing, user services, or area networks at least 18 months of this experience must have been in an administrative, managerial or executive capacity in the areas of computer applications programming, systems programming, computer systems development, data telecommunications, data base administration, or planning of data processing or in the supervision of staff performing these duties; or
2. A baccalaureate degree from an accredited college and four years of experience as described in “1” above; or
3. A four-year high school diploma or its educational equivalent approved by a State’s department of education or recognized accrediting organization and six years of experience as described in “1” above; or
4. A satisfactory combination of education and experience equivalent to “1”, “2” or “3” above. However, all candidates must have at least a four-year high school diploma or its educational equivalent approved by a State’s department of education or recognized accrediting organization and must possess at least three years of experience as described in “1” above, including the 18 months of administrative, managerial, executive or supervisory experience as described in
“1” above.
Qualification Requirements (continued)
NOTE: The following types of experience are not acceptable: superficial use of preprogrammed software without complex programming, design, implementation or management of the product; use of word processing packages; use of a hand held calculator; primarily the entering or updating of data in a system; the operation of data processing hardware or consoles.

Preferred Skills
The successful candidate should possess the following: 10+ years of network or security operational experience, including at least 2 years in a senior management/VP level position in an ISP, service provider, enterprise environment, or cybersecurity focused organization; significant and demonstrated capabilities to assess organizational cybersecurity hygiene, quantify cyber risk in a prioritized schema, and recommend tactical and strategic courses of action to executive leadership; significant track record of executing cybersecurity uplift in government, financial services or professional services industry; demonstrable knowledge of information security technologies, networking and network architecture; deep and hands on understanding of the current cyber threat landscape, attack methodologies, and risk mitigation/remediation methods; experience in cyber forensics and highly complex threat analyses; CISSP, CISA, CISM, CCFP and/or other information security certifications; knowledge of common information security management frameworks, such as ISO 27001, COBIT, NIST or other data security standard; in-depth knowledge of complex network architecture, internet connectivity and DMZ hosting strategies; knowledge of data privacy regulations, and compliance issues; track record of applying innovation successfully in technology environments; excellent written and verbal communication skills.

To Apply
For City employees, please go to Employee Self Service (ESS), click on Recruiting Activities > Careers, and search for Job ID #276347
For all other applicants, please go to and search for Job ID #276347
If you do not have access to a computer, please mail resume indicating Job ID # to:
Department of Information Technology and Telecommunications (DoITT)
Recruitment Office – 255 Greenwich Street – 9th Floor – New York, NY 10007

Day – Due to the necessary technical management duties of this position in a 24/7 operation, candidate may be required to be on call and/or work all shifts such as weekends and/or nights/evenings.

Work Location
Brooklyn, NY

Residency Requirement
New York City Residency is not required for this position


. . . . . . . .

Leave a Reply