Jump to main content.

The Official Careers Website of the City of New York


Cyber Policy Analyst

Cyber Policy Analyst

Posted on: 10/18/2023
  1. Full-time



  1. Exam may be required



$78,795.00 – $80,000.00

Job Description

This vacancy has now expired.

The Office of Technology and Innovation (OTI) leverages technology to drive opportunity, improve public safety, and help government run better across New York City. From delivering affordable broadband to protecting against cybersecurity threats and building digital government services, OTI is at the forefront of how the City delivers for New Yorkers in the 21st century. Watch our welcome video to see our work in action, follow us on social media @NYCOfficeofTech, and visit oti.nyc.gov to learn more.

At OTI, we offer great benefits, and the chance to work on projects that have a meaningful impact on millions of people. You'll have the opportunity to work with cutting-edge technology, and collaborate with other passionate professionals who share your drive and commitment to making a difference through technology.

About Cyber Command
Cyber Command is charged with protecting all City systems against cyber threats, including systems that deliver vital services to New Yorkers. Headed by the Chief Information Security Officer of the City of New York, we provide in-depth support to over 100 agencies and offices to protect, detect, identify, respond to, and recover from cyber threats.

Job Description
We are seeking a motivated and technically interested Cyber Policy Analyst to support our cybersecurity mission. The Cyber Policy Analyst will assist report to the Director of Cyber Policy and will assist the Cyber Policy Team in building the foundations of the City’s cybersecurity through the creation of a unified, cohesive, and authoritative collection of citywide cybersecurity policies, standards, directives, and guidance.

Responsibilities for the Cyber Policy Analyst will include, but not limited to the following:
- Assist the Policy Team in the development of citywide cybersecurity policies, standards, directives and guidelines, from creation to implementation, through research, drafting and coordinating with internal and external stakeholders;
- Assist in the development of products to help agencies navigate OTI Cyber Command’s policies, standards, directives, and guidelines;
- Research cybersecurity topics and maintain awareness of industry standards and applicable state and federal regulatory requirements;
- Maintain an internal library of cybersecurity policies, standards, directives, and guidelines used across the city;
- Coordinate across OTI divisions and domains, working with technical subject matter experts to develop policies and standards;
- Promote citywide cybersecurity policy initiatives internally and externally to help establish OTI Cyber Command as an authority in cybersecurity policies, standards, directives, and guidelines;
- Contribute to the organizational culture of diversity and inclusiveness and fact-based action, both internally and externally;
- Support OTI Cyber Command during a significant cyber incident;
- Support special cyber security initiatives and projects, as assigned.

Minimum Qualifications

1. A baccalaureate degree, from an accredited college including or supplemented by twenty-four (24) semester credits in cyber security, network security, computer science, computer programming, computer engineering, information technology, information science, information systems management, network administration, or a pertinent scientific, technical or related area; or

2. A four-year high school diploma or its equivalent approved by a State’s department of education or a recognized accrediting organization and three years of satisfactory experience in any of the areas described in “1” above; or

3. Education and/or experience equivalent to “1” or “2”, above. College education may be substituted for up to two years of the required experience in “2” above on the basis that sixty (60) semester credits from an accredited college is equated to one year of experience. In addition, twenty-four (24) credits from an accredited college or graduate school in cyber security, network security, computer science, computer programming, computer engineering, information technology, information science, information systems management, network administration, or a pertinent scientific, technical or related area; or a certificate of at least 625 hours in computer programming from an accredited technical school (post high school), may be substituted for one year of experience.

Preferred Skills

The preferred candidate should possess the following: - Excellent organizational and verbal and written communication skills - Experience supporting the development and analysis of cybersecurity policies, standards, directives, and guidelines in a large-scale enterprise environment - Experience working in a dynamic and fast-paced environment - Experience working with stakeholders across multiple departments and subject matter areas - Knowledge of the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF), NIST Risk Management Framework (RMF) and the Center for Information Security Critical Security Controls, and commonly referenced cybersecurity frameworks and policy-related publications - Knowledge of risk/threat assessment methods - Knowledge of cyber threats and vulnerabilities - Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption) - Knowledge of current industry methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts and capabilities - Knowledge of information technology (IT) supply chain security and supply chain risk management policies, requirements, and procedures.
55a Program

This position is also open to qualified persons with a disability who are eligible for the 55-a Program. Please indicate at the top of your resume and cover letter that you would like to be considered for the position through the 55-a Program.
Public Service Loan Forgiveness

As a prospective employee of the City of New York, you may be eligible for federal loan forgiveness programs and state repayment assistance programs. For more information, please visit the U.S. Department of Education’s website at https://studentaid.gov/pslf/
Residency Requirement

New York City residency is generally required within 90 days of appointment. However, City Employees in certain titles who have worked for the City for 2 continuous years may also be eligible to reside in Nassau, Suffolk, Putnam, Westchester, Rockland, or Orange County. To determine if the residency requirement applies to you, please discuss with the agency representative at the time of interview.
Additional Information

The City of New York is an inclusive equal opportunity employer committed to recruiting and retaining a diverse workforce and providing a work environment that is free from discrimination and harassment based upon any legally protected status or protected characteristic, including but not limited to an individual's sex, race, color, ethnicity, national origin, age, religion, disability, sexual orientation, veteran status, gender identity, or pregnancy.

Job ID


Title code


Civil service title


Title classification


Business title

Cyber Policy Analyst

Posted until


  1. Experienced (non-manager)

Number of positions


Work location

11 Metrotech Center

  1. Technology, Data & Innovation