Jump to main content.

The Official Careers Website of the City of New York

Search

ASSISTANT DEPUTY COMMISSIONER, DATA SECURITY OPERATIONS

  1. HRA/DEPT OF SOCIAL SERVICES
Posted on: 09/18/2024
  1. Full-time

Location

MANHATTAN

  1. Exam may be required

Department

DSS ACCOUNTABILITY OFFICE MGR

$98,231.00 – $174,064.00

Job Description

APPLICANTS MUST BE PERMANENT IN THE COMPUTER SYSTEMS MANAGER CIVIL SERVICE TITLE.

The Department of Social Services Accountability Office (DSS-AO) is responsible for supporting the integrity of social services programs administered by the New York City Human Resources Administration (HRA), Department of Social Services (DSS) and Department of Homeless Services (DHS).

DSS-AO maintains the operation of the Office of Audit Services (OAS) and Office of Quality Assurance (OQA), Office of Accountability Strategies (OAS), Compliance and Contract Monitoring (CCM), Investigation, Revenue and Enforcement Administration (IREA), Office of Data Security Management (ODSM) and the Accountability Initiative and Change Monitoring (AICM).

The Office of Data Security Management (ODSM) is responsible for implementing the Agency's cybersecurity program. ODSM is tasked with continuously improving the Agency's risk posture by ensuring that appropriate security controls are in place to protect the confidentiality, integrity and availability of Agency information resources.

The Office of Data Security Management is recruiting for (1) Computer Systems Manager M IV to function as an Assistant Deputy Commissioner, Data Security Operations, who will:

- Develop and implement best practices to support efficiencies and effective daily operations in an ongoing effort to meet the Agency’s cybersecurity needs. Oversee the day-to-day operations for the Security Operations Center and Emergency Operations and Incident Management units. Collaborate to ensure appropriate cross-utilization of the various units across ODSM.

- Implement the strategic goals determined by the Chief Information Security Officer (CISO), including: the strategic enterprise cybersecurity and risk management plan and a long-term roadmap to arrive at the desired future state. Ensure implementation of security controls requirements, policies, and standards as outlined in the strategic plan.

- Monitor implementation priorities, and specific initiatives necessary to achieve the future state. Ensure the CISO is updated periodically, communicate changes in priorities to the relevant stakeholders, monitor workstreams that support and implement agreed upon strategic goals. Develop and recommend corrective action plans, where needed.

- Through the direction of the CISO, the ADC implements the appropriate data security management framework for the Agency. Implement established controls into daily operations to monitor compliance. Recommend IT solutions to the CISO to minimize the risk of cyber-attacks and insider vulnerabilities. Support/assist the CISO in the development of operations-level policies and proactively identify/remediate potential weaknesses. Conduct vulnerability scans, monitor and analyze network logs and flows, aggressively monitor the Identity and Access Management (IAM) program, and data and usage discovery for investigations of employees. Present findings to the CISO, the Chief Accountability Officer, the DSS First Deputy Commissioner, and the Commissioner.

- Oversee the day-to-day operations related to Security Operations Center, which monitors the Agency's network, perimeter, endpoints and applications. Oversee the investigation of reported security breaches. Develop strategies to effectively and appropriately handle security incidents and trigger investigations. Coordinate major incident response among internal and external stakeholders, oversee postmortem analyses, and ensures findings are communicated and addressed appropriately.

- At the direction of the CISO, implement an Agency-wide information security awareness program. Facilitate the implementation of methods to educate Agency personnel, such as behavioral and learning tests and nudge theory.

- Review and analyze reports outcome and use findings to report on the effectiveness of current program and the state of personnel preparedness. Makes recommendations to the CISO and implements corrective action plans as necessary. Ensures that the program meets all relevant city, state and federal mandates, and that it leverages best industry practices. Periodically reports findings monthly to agency executives, including the Commissioner.



Hours/Shift: Monday to Friday: 9 am - 5pm

Location:


Minimum Qualifications

1. A master's degree in computer science from an accredited college or university and three (3) years of progressively more responsible, full-time, satisfactory experience in Information Technology (IT) including applications development, systems development, data communications and networking, database administration, data processing, or user services. At least eighteen (18) months of this experience must have been in an administrative, managerial or executive capacity in the areas of applications development, systems development, data communications and networking, database administration, data processing or in the supervision of staff performing these duties; or

2. A baccalaureate degree from an accredited college or university and four (4) years of progressively more responsible, full-time, satisfactory experience as described in "1" above; or

3. A four-year high school diploma or its educational equivalent, and six (6) years of progressively more responsible, full-time, satisfactory experience as described in "1" above; or

4. A satisfactory combination of education and experience equivalent to "1", "2" or "3" above. However, all candidates must have at least a four-year high school diploma or its educational equivalent and must possess at least three (3) years of experience as described in "1" above, including the eighteen (18) months of administrative, managerial, executive or supervisory experience as described in "1" above.

In the absence of a baccalaureate degree, undergraduate credits may be substituted for a maximum of two (2) years of the required experience in IT on the basis of 30 semester credits for six (6) months of the required experience. Graduate credits in computer science may be substituted for a maximum of one (1) year of the required experience in IT on the basis of 30 graduate semester credits in computer science for one (1) year of the required IT experience. However, undergraduate and/or graduate credits may not be substituted for the eighteen (18) months of experience in an administrative, managerial, executive, or supervisory capacity as described in "1" above.


Preferred Skills

- High degree of confidence and briefing skill, comfortable fielding questions and articulating project/program details before the commissioner and senior leadership. - Experience handling highly complex cybersecurity projects focused on endpoint detection and response technologies. - Strong knowledge of Microsoft products and technologies required (e.g., Windows Servers, Azure, DevOp, Microsoft 365, Azure Active Directory, and Windows Authenticator) - In-depth knowledge of enterprise-level cybersecurity infrastructure and experience with regulated workloads and security frameworks - Experience communicating effectively across internal program areas and external agencies for complex mission-critical solutions and experience in cybersecurity incident response and handling best practices. - In-depth knowledge of a Security Information and Event Management (SIEM) system such as Splunk, utilizing machine-generated data to get operational insight into threats, vulnerabilities, security technologies, and identity and assets information. - Working knowledge of a practical cybersecurity solution such as Rapid7 to collect data,and manage vulnerabilities. - Working knowledge of a cloud workload and endpoint security, threat intelligence, and cyberattack response service such as CrowdStrike, to monitor malicious behavior, investigate, and shut down cyberattacks at the endpoints. - Knowledge of an IT Service Management (ITSM) system such as ServiceNow. - In-depth knowledge of an attacker’s common methodologies and strategies. - A solid understanding of a variety of security engineering tools and network protocols and technologies such as TCP/IP, UDP, DHCP, FTP, SFTP, SNMP, SMTP, SSH, SSL, VPN, RDP, HTTP and HTTPS
55a Program

This position is also open to qualified persons with a disability who are eligible for the 55-a Program. Please indicate at the top of your resume and cover letter that you would like to be considered for the position through the 55-a Program.
Public Service Loan Forgiveness

As a prospective employee of the City of New York, you may be eligible for federal loan forgiveness programs and state repayment assistance programs. For more information, please visit the U.S. Department of Education’s website at https://studentaid.gov/pslf/.
Residency Requirement

New York City Residency is not required for this position
Additional Information

The City of New York is an inclusive equal opportunity employer committed to recruiting and retaining a diverse workforce and providing a work environment that is free from discrimination and harassment based upon any legally protected status or protected characteristic, including but not limited to an individual's sex, race, color, ethnicity, national origin, age, religion, disability, sexual orientation, veteran status, gender identity, or pregnancy.

Job ID

679854

Title code

10050

Civil service title

COMPUTER SYSTEMS MANAGER

Title classification

Competitive-1

Business title

ASSISTANT DEPUTY COMMISSIONER, DATA SECURITY OPERATIONS

  1. Manager

Job level

M4

Number of positions

1

Work location

155 West Broadway New York N Y

  1. Administration & Human Resources

ASSISTANT DEPUTY COMMISSIONER, DATA SECURITY OPERATIONS

Search