About TRS:

Since 1917, the Teachers’ Retirement System of the City of New York (TRS) has been securing better futures for NYC educators. With a pension fund valued at approximately $120 billion, TRS serves over 215,000 members, providing them with retirement, disability, and death benefit services.

At TRS, we seek dedicated professionals who are passionate about their work and committed to excellence. We pride ourselves on our member-centric culture, focused on delivering outstanding service and support to our members.

Position Summary:

TRS is seeking a seasoned and strategic Chief Information Security Officer (CISO) to lead and elevate it’s Information Security and Business Continuity programs. This is a critical leadership role within a well-established discipline; continuity and forward-thinking guidance are essential to ensuring ongoing protection of TRS’ mission-critical functions.

The ideal candidate is a versatile, decisive leader with deep expertise across all areas of information security, including policy development, risk assessments, regulatory audits, incident response, training, and third-party/vendor risk management. The CISO will collaborate closely with IT and business leaders and must be comfortable navigating both technical and strategic responsibilities.

Reporting to the Chief Risk Officer, this position leads a small, high-performing team within the Risk Management Department and requires a hands-on leader who can make risk-informed decisions under pressure while continuously maturing the agency’s security posture.

Key Responsibilities:

- Lead and continuously enhance the agency’s Information Security and Business Continuity programs, ensuring strategic alignment with IT architecture, security engineering, and operational frameworks in accordance with NIST, ISO, and applicable state regulatory standards.
- Serve as a technical and trusted advisor on Information Security and Business Continuity to IT, Legal, and business units, embedding security and resilience into systems, contracts, and daily operations.
- Participate in technical planning and understand impact to organization.
- Conduct and oversee cybersecurity risk assessments, vendor risk reviews, and responses to internal and external audits.
- Lead and coordinate the end-to-end lifecycle of security incidents, from initial detection and investigation to containment, forensics, and lessons-learned reporting. Serve as the technical escalation point for complex incidents.
- Maintain, test, improve, continuously improve business continuity and disaster recovery plans across critical operations, including data backup, replication strategies, and system failover procedures.
- Supervise and mentor a small, high impact team; ensuring coverage for both strategic planning and monitoring.
- Design and enforce technical policies, security configuration baselines, and automated compliance monitoring across hybrid infrastructure (on-premises and cloud environments).
- Design and lead a targeted security awareness program, promoting ownership and accountability across the organization.
- Monitor, track, and report on key risk indicators (KRIs), threat trends, control effectiveness, and program maturity metrics.
- Partner with auditors, regulators and external partners, to ensure compliance and manage remediation efforts.
- Engage with third-party vendors and service providers to assess security status and identify vulnerabilities.
- Stay current with emerging cybersecurity, privacy, and resilience trends, proactively integrating best practices and evolving threats into the agency’s strategic roadmap.
- Perform additional related duties as assigned by the Chief Risk Officer.

ADMINISTRATIVE RETIREMENT BENE - 82986

1. A baccalaureate degree from an accredited college or university including or supplemented by 12 credits in mathematics, statistics, accounting, and/or actuarial science and four years of satisfactory full-time experience implementing the provisions of a retirement plan involving the use of mathematical, statistical, actuarial or accounting computations, 18 months of which must have been in an administrative, managerial or executive capacity or supervising professionals implementing the provisions of a retirement plan involving the use of mathematical, statistical, actuarial or accounting computations; or

2. An associate degree or 60 credits from an accredited college or university, including or supplemented by 12 credits in mathematics, statistics, accounting and/or actuarial science and six years of satisfactory full-time experience as indicated in “1”; or

3. Education and/or experience equivalent to “1” or “2” above. However, all candidates must have 60 credits from an accredited college or university, including or supplemented by 12 credits in mathematics, statistics, accounting and/or actuarial science and the 18 months of experience in a supervisory, administrative, managerial or executive capacity as described in “1” above.

- Minimum 6 years of relevant IT/InfoSec experience as above, including at least 18 months in a managerial role. - Minimum 5 years of hands-on experience managing or supporting Information Security and/or Business Continuity programs. - Proven ability to lead through complex security incidents, audits, and regulatory events. - Experience in public sector environments preferred. - Required certification: CISM or CISSP - Preferred certifications: CRISC, CDPSE, CBCP, or equivalent industry-recognized credentials. - Working knowledge of key security and compliance frameworks such as NIST, ISO 27001, and state/local regulatory standards. - Demonstrated success managing multiple concurrent initiatives and working autonomously in high-responsibility roles. - In-depth knowledge of Information Security, Cyber Risk Management, and Business Continuity planning. - Strong interpersonal skills, with the ability to influence cross-functional stakeholders and drive consensus without direct authority. Exceptional communication skills, with the ability to effectively communicate technical and risk related concepts to executive leadership, non-technical stakeholders, and board-level audiences. - Demonstrated experience in designing and implementing security awareness and training programs, incorporating principles of adult learning and behavior-change. - Proficient in Microsoft Office (Word, Excel, PowerPoint) familiarity with GRC platforms and risk dashboards is a plus.

This position is also open to qualified persons with a disability who are eligible for the 55-a Program. Please indicate at the top of your resume and cover letter that you would like to be considered for the position through the 55-a Program.

As a prospective employee of the City of New York, you may be eligible for federal loan forgiveness programs and state repayment assistance programs. For more information, please visit the U.S. Department of Education’s website at https://studentaid.gov/pslf/.

New York City residency is generally required within 90 days of appointment. However, City Employees in certain titles who have worked for the City for 2 continuous years may also be eligible to reside in Nassau, Suffolk, Putnam, Westchester, Rockland, or Orange County. To determine if the residency requirement applies to you, please discuss with the agency representative at the time of interview.

The City of New York is an inclusive equal opportunity employer committed to recruiting and retaining a diverse workforce and providing a work environment that is free from discrimination and harassment based upon any legally protected status or protected characteristic, including but not limited to an individual's sex, race, color, ethnicity, national origin, age, religion, disability, sexual orientation, veteran status, gender identity, or pregnancy.