Deputy CISO

THE SELECTED CANDIDATE WILL BE OFFERED A SALARY BETWEEN $155,000.00 - $165,000.00.

The Administration for Children’s Services (ACS) protects and promotes the safety and well-being of children and families through child welfare and juvenile justice services and community supports. ACS manages community-based supports and foster care services, and provides subsidized child care vouchers. ACS child protection staff respond to allegations of child maltreatment. In juvenile justice, ACS oversees detention, placement and programs for youth in the community.

ACS' Office of Information Technology (OIT) is responsible for providing high-quality, reliable, and sustainable technology services as well as IT support to meet the needs of the families and children we serve through ACS, its vendor partners, and other City agencies. Within OIT, the Chief Information Security Officer (CISO) Unit is responsible for establishing and maintaining the information security program at ACS to ensure information assets and technologies are adequately protected. This Unit directs staff in identifying, developing, implementing, and maintaining processes across ACS and its program divisions to reduce information and IT risks. The CISO Unit also responds to incidents, establishes appropriate standards and controls, manages security technologies, and directs establishment and implementation of policies and procedures.

Reporting to the ACS Chief Information Security Officer (CISO), the Deputy CISO role is pivotal for maintaining an enterprise-wide, information risk management program, and cybersecurity organization.

The Deputy CISO will be responsible for performing the following duties, but will not be limited to:

Strategic Leadership

• Partner with the CISO to work closely with all areas of ACS' business to develop and articulate a shared vision for a "best-in-class" information security and compliance program aligned with the objectives of the Agency.
  
  

Security Architecture And Design

• Responsibilities include strategy, architecture, solutions design, program coordination and execution, awareness, outreach, business management, and reporting on information security program effectiveness.
  
  

Policy Development And Compliance

• Develop and maintain information security policies, standards, and procedures in compliance with regulatory requirements and industry best practices to ensure adherence across the organization.
  
  

Security Awareness And Training

• Work closely with NYC Cyber and CISO to develop and deliver comprehensive security awareness and training programs to educate employees and stakeholders about information security risks, policies and best practices, and monitor training compliance.
  
  

Incident Response And Investigation

• Work alongside the CISO to lead incident response efforts, including investigation, containment, and remediation of security incidents and breaches in coordination with internal teams and external stakeholders like NYC Cyber and NYC Office of Technology and Innovation (OTI).
  
  

Continuous Improvement

• Monitor emerging threats, technologies, and industry trends to proactively identify areas for improvement and innovation in the agency's information security program.
  
  

Reporting And Metrics

• Prepare regular performance metrics to report on the effectiveness of the information security program, including key performance indicators (KPIs) and key risk indicators (KRIs) for presentations to Executive Leadership and the CIO.
• Develop and manage strong strategic relationships within IT. Ensuring projects, initiatives, and security platforms are meeting NIST 800-53, SOC Type II, and FedRamp standards.
  
  

Additional Information

Section 424-A of the New York Social Services Law requires an authorized agency to inquire whether a candidate for employment with child-caring responsibilities has been the subject of a child abuse and maltreatment report.

To Apply

• Please go to www.cityjobs.nyc.gov or www.nyc.gov/ess for current NYC employees and search for Job ID #645851
• NO PHONE CALLS, FAXES, OR PERSONAL INQUIRES PERMITTED
• NOTE: ONLY THOSE CANDIDATES UNDER CONSIDERATION WILL BE CONTACTED
  
  

Minimum Qualifications

A baccalaureate degree from an accredited college and four years of satisfactory full-time experience related to projects and policies required by the particular position; or,

Education and/or experience which is equivalent to "1" above.

Preferred Skills

The preferred candidate will possess the following: - Minimum of 10+ years’ experience in cybersecurity and information security which includes leading information security programs, applying information security, risk management, and following privacy practices in local, state or federal government. - Minimum of 10 years hands-on experience designing and implementing enterprise information technology security. - Demonstrates industry-leading security innovation skills and an eye towards understanding the threat environment from a preventative posture. - Thorough understanding of regulatory requirements and laws pertaining to cybersecurity. - Proven experience interfacing with senior executives/business leader levels and communicating complex cybersecurity concepts in business-relevant ways. - Strong demonstrated knowledge of enterprise systems, cloud solutions, and IT/security technologies. - Prior information disaster recovery planning and testing, auditing, risk analysis, business system resumption planning, and contingency planning experience. - Experience with strategic planning, budgeting and allocation as well as business system continuity planning, auditing, and risk management experience as it relates to information security. - Excellent written and verbal communication skills with experience presenting to executive/leadership teams with ability to communicate security and risk-related concepts to technical and non-technical audiences. - Experience in supporting the development, implementation, and monitoring of a comprehensive enterprise information security, compliance, and risk management program. - Experience in implementing and maintaining policies, including a comprehensive controls framework to ensure technical systems and information assets are protected. - Coordinate Chief Information Security Officer (CISO) program execution timelines, deliverables, and information requests across CISO functions and other IT teams and business functions. - Oversee global security awareness strategy and programs, including annual employee training and ongoing awareness campaigns. - Create and execute a cybersecurity outreach and engagement program to improve understanding and alignment in the business regarding cybersecurity issues. - Understand potential and emerging information security threats, vulnerabilities, and control techniques. - Understand the trade-offs required to manage the different levels of risk appetite and risk exposure across the organization. - Engage and coordinate cross-functional business participation in risk profiling, investigation, escalation, and resolution. - Knowledge of security frameworks such as NIST CSF, NIST SP 800-53, PCI, and CJIS. - Certification in CISSP, CISM, CISA, CRISC, and GSLC are preferable.

Public Service Loan Forgiveness

As a prospective employee of the City of New York, you may be eligible for federal loan forgiveness programs and state repayment assistance programs. For more information, please visit the U.S. Department of Education’s website at https://studentaid.gov/pslf/.

Residency Requirement

New York City Residency is not required for this position

Additional Information

The City of New York is an inclusive equal opportunity employer committed to recruiting and retaining a diverse workforce and providing a work environment that is free from discrimination and harassment based upon any legally protected status or protected characteristic, including but not limited to an individual's sex, race, color, ethnicity, national origin, age, religion, disability, sexual orientation, veteran status, gender identity, or pregnancy.