The Office of Technology and Innovation (OTI) leverages technology to drive opportunity, improve public safety, and help government run better across New York City. From delivering affordable broadband to protecting against cybersecurity threats and building digital government services, OTI is at the forefront of how the City delivers for New Yorkers in the 21st century. Watch our welcome video to see our work in action, follow us on social media @NYCOfficeofTech, and visit oti.nyc.gov to learn more.

At OTI, we offer great benefits, and the chance to work on projects that have a meaningful impact on millions of people. You'll have the opportunity to work with cutting-edge technology, and collaborate with other passionate professionals who share your drive and commitment to making a difference through technology.

About Cyber Command
Cyber Command is charged with protecting all City systems against cyber threats, including systems that deliver vital services to New Yorkers. Headed by the Chief Information Security Officer of the City of New York, we provide in-depth support to over 100 agencies and offices to protect, detect, identify, respond to, and recover from cyber threats.

The Cyber Risk and Compliance Analyst will serve in a security risk and compliance analyst role within the Cyber Command Audit and Compliance Division. Under the supervision of the Audit Manager, the Analyst will help shape the Audit and Compliance program and assess NYC agencies' cybersecurity risks and compliance posture, enforce and ensure compliance with Citywide cybersecurity policies, standards, procedures and cybersecurity frameworks.

Responsibilities will include:
- Conduct evaluations of cybersecurity programs or their individual components to determine compliance with Citywide cybersecurity policies and standards;
- Review and conduct audits of NYC Agencies’ cybersecurity programs and projects;
- Review security assessment reports and identify any significant issues and variances, initiating, where necessary, corrective actions;
- Review and analyze various cybersecurity risk cases, justification, and exceptions documents submitted by agencies;
- Assist in the development of cybersecurity risk and compliance assessment procedures and testing methodologies based on established frameworks and guidelines;
- Assess NYC Agencies’ documented information security and technology policies, procedures, and practices.
- Review service performance reports identifying any significant issues and variances, initiating, where necessary, corrective actions to remediate vulnerabilities or weaknesses;
- Ensure that cybersecurity requirements are adequately included in contract language and delivered timely;
- Draft and present audit finding reports accompanied with working papers, concise controls assessments, and systems testing reports (both narrative and table based); and
- Engage in communications with NYC Agencies to assist Agencies in complying with Citywide policies and standards.
- Handle special projects and initiatives as assigned.

1. A baccalaureate degree, from an accredited college including or supplemented by twenty-four (24) semester credits in cyber security, network security, computer science, computer programming, computer engineering, information technology, information science, information systems management, network administration, or a pertinent scientific, technical or related area; or

2. A four-year high school diploma or its equivalent approved by a State’s department of education or a recognized accrediting organization and three years of satisfactory experience in any of the areas described in “1” above; or

3. Education and/or experience equivalent to “1” or “2”, above. College education may be substituted for up to two years of the required experience in “2” above on the basis that sixty (60) semester credits from an accredited college is equated to one year of experience. In addition, twenty-four (24) credits from an accredited college or graduate school in cyber security, network security, computer science, computer programming, computer engineering, information technology, information science, information systems management, network administration, or a pertinent scientific, technical or related area; or a certificate of at least 625 hours in computer programming from an accredited technical school (post high school), may be substituted for one year of experience.

The preferred candidate should possess the following: - BS/BA degree in Cybersecurity, Risk Management, Information Systems, Business, Law, Computer Science, or a related field - A minimum of 1 year of experience in cybersecurity risk assessment or auditing IT systems or 2 years of experience in an IT supporting role that was customer / end-user facing - One or more of the following certifications are preferred: o CompTIA Security+ o CompTIA Network+ o CompTIA A+ o CompTIA CySA+ o Cisco Certified Network Associate - CCNA o CEH: Certified Ethical Hacker o GIAC Information Security Fundamentals (GISF) o GIAC Security Essentials (GSEC) o (ISC)2 Systems Security Certified Practitioner (SSCP) - One or more of the following certifications are a plus: o Certified Information Systems Auditor (CISA) o Certified Information Systems Security Professional (CISSP) o Certified in Risk and Information Systems Control (CRISC) o Certified Information Security Manager (CISM) - Ability to work effectively in a team environment - Being highly organized, motivated and a self-directed professional - Knowledge of hardware, software, data, and network principles and systems related to Private and/or Public Sectors services - Understanding of commonly used computer operating systems, databases, network structures - Familiarity with cybersecurity framework(s) (NIST, SANS, PCI, ISO 27001/27002, or CIS) - Investigative and analytical skills - Excellent oral and written communication skills, including the ability to explain complex audit issues in plain language - Knowledge of the current and evolving cyber threat landscape - Knowledge of laws, regulations, policies, and ethics related to cybersecurity and information privacy - Knowledge of quality assurance processes and procedures.

This position is also open to qualified persons with a disability who are eligible for the 55-a Program. Please indicate at the top of your resume and cover letter that you would like to be considered for the position through the 55-a Program.

As a prospective employee of the City of New York, you may be eligible for federal loan forgiveness programs and state repayment assistance programs. For more information, please visit the U.S. Department of Education’s website at https://studentaid.gov/pslf/

New York City residency is generally required within 90 days of appointment. However, City Employees in certain titles who have worked for the City for 2 continuous years may also be eligible to reside in Nassau, Suffolk, Putnam, Westchester, Rockland, or Orange County. To determine if the residency requirement applies to you, please discuss with the agency representative at the time of interview.

The City of New York is an inclusive equal opportunity employer committed to recruiting and retaining a diverse workforce and providing a work environment that is free from discrimination and harassment based upon any legally protected status or protected characteristic, including but not limited to an individual's sex, race, color, ethnicity, national origin, age, religion, disability, sexual orientation, veteran status, gender identity, or pregnancy.