New York City is home to approximately 1.7 million older adults, and the Department for the Aging (NYC Aging) is committed to helping them age in their homes and communities. The mission of NYC Aging is to eliminate ageism and ensure the dignity and quality of life of diverse older adults. The NYC Aging also works to support caregivers through service, advocacy, and education.

The Office of Information Technology (OIT) develops innovative and responsive solutions for NYC Aging's internal and external needs, and provide quality assurance for OIT projects and services. OIT enables NYC Aging staff to communicate, collaborate and automate routine tasks, and generally provide teams with the functionality they need to perform their duties through the support of its network infrastructure. OIT's technology responsibilities include policy formation, inter-agency coordination, IT project oversight, information security, technology service delivery, and advocacy. The unit also administers network and data security, databases and network infrastructure, and provides application development and internal help desk support.

NYC Aging is seeking a Chief Information Security Officer (CISO) who will lead in the implementation and management of information security controls that will increase the Agency’s overall information security posture. Under the direction of the Chief Information Officer, the successful candidate will be responsible for the integration of information security controls and overall information security awareness across all departments and units. The CISO will be responsible for the compliance of IT systems, applications and networks with security policies and information protection strategies; develop, publish, and maintain Agency information security policies, standards, procedures, and guidelines; provide technical guidance and training to information "owners," agency IT teams, and design and implement programs for user awareness, and security compliance monitoring. The candidate will analyze potential security risks or breaches that have occurred and implement widely accepted and automated technologies to mitigate these risks/breaches and harden security systems for effective defense.

Responsibilities will include but are not limited to the following:

• Oversee Cyber Security Governance and Controls.

• Lead in the construction of NYC Aging Cyber Security Policies, Procedures and Standards review and refresh.

• Implement Controls and Compliance to enforce hardening of networks, endpoints and applications.

• Make recommendations to the Chief Information Officer on an information security roadmap based on risk analysis and assessments for current state and future state of information security posture.

• Manage the daily use and administration of strategic cyber risk and long-term threat intelligence products.

• Lead in developing communications for NYC Aging end users and stakeholders around cyber security issues.

• Oversee sustained and successful participation by IT security in any cyber security relevant audits; perform threat modeling and subsequent risk mitigation.

• Ensure compliance with Citywide and agency security policies and standards.

• Design security solutions; conducts IT risk assessments and recommended mitigating solutions.

• Define, manage and monitor data security, confidentiality, integrity, and availability.

• Identify probable system exposures, compromises, problems, or design flaws and escalates issues to upper management to limit serious performance impact.

• Stay current with the latest security trends, threats, and technologies to ensure that the NYC Aging security is up-to-date and effective.

1. Six (6) years of progressively responsible full-time paid experience supervising or administering computer operations involving a large-scale mainframe, network, or multi-tier computer environment at least 18 months of which shall have been in an administrative, managerial or executive capacity.

2. A baccalaureate degree from an accredited college or university may be substituted for a maximum of two (2) years of general experience described above. In the absence of a baccalaureate degree, undergraduate credits may be substituted for a maximum of two (2) years of general experience described above on the basis of 30 semester credits for six (6) months of experience.

3. A master’s degree in Computer Science, Computer Engineering, Electrical Engineering, Business Administration, Public Administration or Management of Administration may be substituted for a maximum of one (1) year of general experience described above. In the absence of a master's degree, graduate credits in Computer Science, Computer Engineering, Electrical Engineering, Business Administration, Public Administration or Management of Administration may be substituted for a maximum of one (1) year of the general experience on the basis of 30 graduate semester credits for one (1) year of experience. However, undergraduate and/or graduate credits may not be substituted for the eighteen (18) months of experience in an administrative, managerial, or executive capacity.

• (7) seven + years of network or security operational experience, and at least three years of satisfactory, full-time experience in: Security and Risk Management, Asset Security, Security Architecture and Engineering, Communications and Network Security, Identity and Access Management, Security Assessment and Testing, Security Operations, or Software Development Security.
• Possess the capability to assess organizational cyber security hygiene, quantify cyber risk in a prioritized schema, and recommend tactical and strategic courses of action to executive leadership.
• Experience in the execution of the cyber security uplift in government, financial services or professional services industry.
• Hands-on understanding of the current cyber threat landscape, attack methodologies, and risk mitigation/ remediation methods; experience in cyber forensics and highly complex threat analyses.
• Possess CISSP, CISM, and/or other information security and information security management certifications.
• Knowledge of common information security management frameworks, such as NIST or other data security standards or widely accepted information security recommended actions.
• In-depth knowledge of complex network architecture, internet connectivity and DMZ hosting strategies.
• Previous experience in successfully applying innovative technologies in a professional environment a plus.
• Excellent written and verbal communication skills.

In order to be considered for the position candidates must be a current City Employee and be serving permanently in the title of Computer Operations Manager or¿have taken the most recent Computer Operations Manager civil service exam and be reachable for appointment from the resulting list.¿

Please be sure to submit a resume & cover letter when applying.
All current City Employees may apply by going to Employee Self Service (ESS) http://cityshare.nycnet/ess
Click on Recruiting Activities/Careers and Search for Job ID #584985
All other applicants, please go to www.nyc.gov/careers/search and search for Job ID#584985
Please do not email, mail or fax your resume to NYC Aging directly.

NYC Residency is not required for this position.