The New York City Department of Investigation (DOI) is one of the oldest law enforcement agencies in the country with a mission of combating municipal corruption. It serves the People of New York City by acting as an independent and nonpartisan watchdog for New York City government, City agencies, and City employees, vendors with City contracts, individuals and entities that receive City funds.

DOI’s is seeking a Chief Information Security Officer (CISO) who will lead in the implementation and management of information security controls that will increase the Agency’s overall information security posture. Under the direction of the CIO, the successful candidate will be responsible for the integration of information security controls and overall information security awareness across all departments and units. The CISO will be responsible for the compliance of IT systems, applications and networks with security policies and information protection strategies; develop, publish, and maintain Agency information security policies, standards, procedures, and guidelines; provide technical guidance and training to information "owners," agency IT teams, and design and implement programs for user awareness, and security compliance monitoring. The candidate will analyze potential security risks or breaches that have occurred, and implement widely accepted and automated technologies to mitigate these risks/breaches and harden security systems for effective defense.

Responsibilities will include but are not limited to the following:
- Oversee Cyber Security Governance and Controls.
- Lead in the construction of DOI’s Cyber Security Policies, Procedures and Standards review and refresh.
- Implement Controls and Compliance to enforce hardening of networks, endpoints and applications.
- Make recommendations to the Chief Information Officer on an information security roadmap based on risk analysis and assessments for current state and future state of information security posture.
- Manage the daily use and administration of strategic cyber risk and long-term threat intelligence products.
- Lead in developing communications for DOI’s end users and stakeholders around cyber security issues.
- Oversee sustained and successful participation by IT security in any cyber security relevant audits; perform threat modeling and subsequent risk mitigation.
- Manage cyber security private/public and Federal/City relationships; and manage special cyber security projects, as assigned.

NOTE: The following types of experience are not acceptable: superficial use of preprogrammed software without complex programming, design, implementation or management of the product; use of word processing packages; use of a handheld calculator; primarily the entering or updating of data in a system; the operation of data processing hardware or consoles.

If selected, the candidate will be fingerprinted and undergo a background investigation.

1. A baccalaureate degree from an accredited college or university and four years of full-time experience in investigation, auditing, law enforcement, law security, management analysis, or in a major operational area of the agency to which the assignment is to be made; at least 18 months of which must have been in a supervisory, administrative, managerial or executive capacity, and the approval of the Commissioner of Investigation; or

2. Education and/or experience equivalent to “1” above. However, all candidates must have the approval of the Commissioner of Investigation and 18 months of supervisory, administrative, managerial or executive experience; or 18 months of experience in the exercise of discretion and professional judgment in significant policy matters related to criminal justice or areas particularly relevant to the Office of the Inspector General to which the candidate would be assigned.

1. Seven+ years of network or security operational experience, including at least 2 years in a senior management/Director level position in an IT enterprise environment, or cyber security focused organization. 2. Significant and demonstrated capabilities to assess organizational cyber security hygiene, quantify cyber risk in a prioritized schema, and recommend tactical and strategic courses of action to executive leadership. 3. Experience in execution cyber security uplift in government, financial services or professional services industry. 4. Demonstrable knowledge of information security technologies, networking and network and systems architecture. 5. Deep and hands-on understanding of the current cyber threat landscape, attack methodologies, and risk mitigation/ remediation methods experience in cyber forensics and highly complex threat analyses. 6. Possess CISSP, CISM, and/or other information security and information security management certifications. 7. Knowledge of common information security management frameworks, such as NIST or other data security standards or widely accepted information security recommended actions. 8. In-depth knowledge of complex network architecture, internet connectivity and DMZ hosting strategies. 9. Track record of applying innovation successfully in technology environments. 10. Excellent written and verbal communication skills.

As a prospective employee of the City of New York, you may be eligible for federal loan forgiveness programs and state repayment assistance programs. For more information, please visit the U.S. Department of Education’s website at https://studentaid.gov/pslf/

New York City residency is generally required within 90 days of appointment. However, City Employees in certain titles who have worked for the City for 2 continuous years may also be eligible to reside in Nassau, Suffolk, Putnam, Westchester, Rockland, or Orange County. To determine if the residency requirement applies to you, please discuss with the agency representative at the time of interview.

The City of New York is an inclusive equal opportunity employer committed to recruiting and retaining a diverse workforce and providing a work environment that is free from discrimination and harassment based upon any legally protected status or protected characteristic, including but not limited to an individual's sex, race, color, ethnicity, national origin, age, religion, disability, sexual orientation, veteran status, gender identity, or pregnancy.