Jump to main content.

The Official Careers Website of the City of New York

Search

Chief Information Security Officer (CISO)

  1. NYC HOUSING AUTHORITY
Posted on: 10/18/2024
  1. Full-time

Location

NYC-ALL BOROS

  1. Exam may be required

Department

Cyber Security & IT Risk MGMT

$100,102.00 – $220,000.00

Job Description

The New York City Housing Authority (NYCHA), the largest public housing authority in North America, provides decent, affordable housing for low- and moderate-income New Yorkers. NYCHA is home to 1 in 17 New Yorkers, providing affordable housing to over 500,000 authorized residents through public housing and Permanent Affordability Commitment Together (PACT) programs as well as Section 8 housing. NYCHA has nearly 200,000 apartments in over 2,400 buildings across 335 conventional public housing and PACT developments. In addition, NYCHA connects residents to critical programs and services from external and internal partners, with a focus on economic opportunity, youth, seniors, and social services. With a housing stock that spans all five boroughs, NYCHA is a city within a city.

Are you a cybersecurity leader looking to make a real difference? The New York City Housing Authority is seeking a dynamic and experienced Chief Information Security Officer to join our team. This isn't just another corporate gig – it's a chance to protect vital information and systems that impact the lives of hundreds of thousands of New Yorkers. As our CISO, you'll lead a diverse team of security professionals, drive innovation in our cybersecurity practices, and play a crucial role in safeguarding the largest public housing system in North America. We're looking for someone who can blend technical expertise with strategic vision, communicate effectively with both IT teams and executive leadership, and navigate the unique challenges of securing a large public organization. If you're passionate about cybersecurity, public service, and making a tangible impact on your community, we want to hear from you. Bring your skills, your creativity, and your commitment to excellence. Help us build a safer digital future for NYCHA and the residents we serve.

Roles and Responsibilities

- Strategic Leadership: Provide strategic direction and leadership for NYCHA's cybersecurity program. Align cybersecurity strategies with NYCHA objectives and regulatory requirements. Report to senior leadership and the board on cybersecurity risks, initiatives, and performance. Manage and mentor leaders of the Security Governance, Security Engineering, and Security Operations teams. Collaborate with other departments to ensure integration of security practices across the organization. Develop, mentor, and retain cybersecurity talent across NYCHA.
- Risk Management and Compliance: Lead enterprise-wide risk assessments and oversee the implementation of risk mitigation strategies. Ensure compliance with industry standards and regulatory requirements relevant to NYCHA. Oversee internal and external security audits and penetration testing. Support additional functions such as Privacy, Disaster Recovery, Legal Compliance, and cybersecurity insurance protection.
- Security Governance Oversight: Develop and refine the security program with innovative strategies and tactical plans, leveraging the latest industry research, threat analysis, and lessons learned from internal practices. Ensure security strategies align with NYCHA objectives and comply with relevant regulations. Review and approve security policies, standards, and procedures. Oversee the development and reporting of security metrics such as OKRs and KPIs to enable data-driven decision making. Guide the development and implementation of end-user security training and awareness programs.
- Security Engineering Oversight: Direct the planning, design, and implementation of security technologies and processes. Oversee the evaluation and integration of new security technologies. Ensure the team provides appropriate guidance on security controls to other NYCHA departments. Review and approve security architecture designs for protecting NYCHA data, applications, and infrastructure.
- Security Operations Oversight: Direct the continuous monitoring, detection, and response to cyber threats. Oversee the partnership with OTI Cyber Command for coordinated responses to Citywide cyber threats. Review and approve the incident response plan and its implementation. Guide security remediation efforts across teams.
- Budget and Resource Management: Develop and manage the information security budget across all of NYCHA IT. Justify security investments and demonstrate ROI to senior management.
- Vendor and Partner Management: Oversee the security aspects of vendor relationships and contracts. Manage relationships with external security partners and service providers.
- Continuous Improvement and Innovation: Stay informed about emerging threats and technologies in the cybersecurity landscape. Drive innovation in security practices across all of NYCHA.

NOTE: Due to the existence of a civil service list, candidates must have permanent civil service status in the title of Computer Systems Manager to be considered.

NOTE: This position is open to qualified persons with a disability who are eligible for the 55-a Program. Please indicate in your cover letter that you would like to be considered for the position under the 55-a Program. For detailed information regarding the 55-a Program, click on the link below:

https://bit.ly/55aProgram

Additional Information

1. INTERAGENCY TRANSFERS INTO NYCHA OF THOSE PERMANENT IN TITLE ARE NOT PERMITTED IN THE FACE OF AN ACTIVE AND VIABLE NYCHA PROMOTION LIST OR PREFERRED LIST FOR THE SAME TITLE.
2. NYCHA employees applying for promotional, title or level change opportunities must have served a period of one year at current location and in current title and level (if applicable).
3. NYCHA residents are encouraged to apply.

Please read this posting carefully to make certain you meet the minimum qualification requirements before applying to this position.


Minimum Qualifications

1. A master's degree in computer science from an accredited college or university and three (3) years of progressively more responsible, full-time, satisfactory experience in Information Technology (IT) including applications development, systems development, data communications and networking, database administration, data processing, or user services. At least eighteen (18) months of this experience must have been in an administrative, managerial or executive capacity in the areas of applications development, systems development, data communications and networking, database administration, data processing or in the supervision of staff performing these duties; or

2. A baccalaureate degree from an accredited college or university and four (4) years of progressively more responsible, full-time, satisfactory experience as described in "1" above; or

3. A four-year high school diploma or its educational equivalent, and six (6) years of progressively more responsible, full-time, satisfactory experience as described in "1" above; or

4. A satisfactory combination of education and experience equivalent to "1", "2" or "3" above. However, all candidates must have at least a four-year high school diploma or its educational equivalent and must possess at least three (3) years of experience as described in "1" above, including the eighteen (18) months of administrative, managerial, executive or supervisory experience as described in "1" above.

In the absence of a baccalaureate degree, undergraduate credits may be substituted for a maximum of two (2) years of the required experience in IT on the basis of 30 semester credits for six (6) months of the required experience. Graduate credits in computer science may be substituted for a maximum of one (1) year of the required experience in IT on the basis of 30 graduate semester credits in computer science for one (1) year of the required IT experience. However, undergraduate and/or graduate credits may not be substituted for the eighteen (18) months of experience in an administrative, managerial, executive, or supervisory capacity as described in "1" above.


Preferred Skills

- Able to be in the office two to three days per week and part of a hybrid work environment. - Leadership and Management: Strong leadership and team management skills with proficiency in project management, strategic thinking, and the ability to manage and prioritize multiple projects simultaneously. - Business Acumen: Understanding of how security aligns with business objectives. Financial budgeting and planning skills with vendor management experience. - Compliance and Risk Management: In-depth knowledge of relevant regulatory frameworks and experience with risk assessment methodologies and frameworks. Understanding of legal and compliance issues related to cybersecurity. - Communication: Excellent verbal and written skills with the ability to explain complex technical concepts to non-technical stakeholders. Strong presentation skills for board-level and executive communications. - Technical Proficiency: In-depth knowledge of information security principles, best practices, and technologies to include network, system, and application security encryption technologies identity and access management concepts security information and event management solutions vulnerability assessment techniques and secure software development practices. - Soft Skills: Adaptability and flexibility in a rapidly changing technological landscape. Strong ethical standards and integrity. Collaborative mindset and ability to work across departments. Continuous learning attitude to stay updated with emerging threats and technologies. - Certifications: Relevant professional certifications such as CISSP, CISM, or CRISC.
55a Program

This position is also open to qualified persons with a disability who are eligible for the 55-a Program. Please indicate at the top of your resume and cover letter that you would like to be considered for the position through the 55-a Program.
Public Service Loan Forgiveness

As a prospective employee of the City of New York, you may be eligible for federal loan forgiveness programs and state repayment assistance programs. For more information, please visit the U.S. Department of Education’s website at https://studentaid.gov/pslf/.
Residency Requirement

NYCHA has no residency requirements.
Additional Information

The City of New York is an inclusive equal opportunity employer committed to recruiting and retaining a diverse workforce and providing a work environment that is free from discrimination and harassment based upon any legally protected status or protected characteristic, including but not limited to an individual's sex, race, color, ethnicity, national origin, age, religion, disability, sexual orientation, veteran status, gender identity, or pregnancy.

Job ID

682972

Title code

10050

Civil service title

COMPUTER SYSTEMS MANAGER

Title classification

Competitive-1

Business title

Chief Information Security Officer (CISO)

  1. Manager

Job level

M5

Number of positions

1

Work location

VP-Cyber Sec & IT Risk Mgmt

  1. Technology, Data & Innovation

Chief Information Security Officer (CISO)

Search