The Office of Technology and Innovation (OTI) oversees all Citywide technology, privacy, cybersecurity, infrastructure, and telecommunications to ensure the security of, and enhance, City operations and service delivery to New York City's residents, businesses, employees, and visitors. As the City's technology and innovation leader, OTI is responsible for operating, maintaining, and securing IT infrastructure and systems that touch every aspect of City life from public safety to human services, from education to economic development crossing the full spectrum of governmental operations.

At OTI, we offer great benefits, and the chance to work on projects that have a meaningful impact on millions of people. You'll have the opportunity to work with cutting-edge technology, transition our existing data infrastructure to a cloud-centric platform, and collaborate with other passionate professionals who share your drive and commitment to making a difference through technology.

About Cyber Command
OTI Cyber Command is committed to protecting City systems and technology infrastructure that provide and enable vital services to New Yorkers from cyber threats, and helping residents become safer in their digital lives.

As the organization defending the largest municipality in the country, OTI Cyber Command is charged with directing citywide incident response, setting citywide cybersecurity policies and standards and working with city agencies to strengthen their cyber defenses.

Mission Statement
"To lead and execute an innovative, intelligence-driven, risk-informed cyber defense and response strategy -- with the support of key partners and allies -- that enables the city government to properly function and provide services to New Yorkers”.

Vision Statement
"New York City the most cyber-resilient city in the world"

Job Description
As the Cyber Test Analyst, you will participate in the daily execution of cybersecurity assessments in support of OTI, City agencies, and the Citywide Cybersecurity Assessment Program (CCAP). CCAP is a Citywide provider of cybersecurity assessment capabilities focused on four key areas: audit and compliance, cooperative vulnerability and penetration assessment, adversarial assessment, and protect, mitigate, restore (PMR) assessment. You will serve as a liaison among OTI, the City agency, and the testing partner during the execution of the test. You will assist in ensuring all parties follow and adhere to the agreed upon test plan and rules of engagement, make operation test decisions, and escalate potential issues to the appropriate teams. You will review assessment results to ensure findings are accurately represented. Working with OTI teams, you will assist in technical risk assessments, identification, and assignment of failed controls, and inform the development of agency Plans of Actions and Milestones (POA&M). You will generate deliverables including assessment status updates, results, and final reports. You will need strong organization and management skills as CCAP simultaneously interacts with multiple City agencies and OTI divisions.

Responsibilities will include:
- Become familiar with assessment plan and objectives;
- Ensure all parties adhere to the assessment plan and rules of engagement;
- Review assessment findings and socialize with stakeholders;
- Work with stakeholders to accurately assess finding severity and risk;
- Work with stakeholders to accurately identify failed controls;
- Collaborate with stakeholders to identify potential remediations, mitigations, and/or compensating controls;
- Assist in the development and maintenance of agency POA&M;
- Escalate noncompliance with established service level agreements to stakeholders;
- Develop and deliver assessment updates, hot washes, and briefs as needed;
- Generate final assessment reports that contain assessment objectives, findings, limitations, and recommendations;
- Support the integration of assessment deliverables into NYC3 workstreams

1. A baccalaureate degree, from an accredited college including or supplemented by twenty-four (24) semester credits in cyber security, network security, computer science, computer programming, computer engineering, information technology, information science, information systems management, network administration, or a pertinent scientific, technical or related area; or

2. A four-year high school diploma or its equivalent approved by a State’s department of education or a recognized accrediting organization and three years of satisfactory experience in any of the areas described in “1” above; or

3. Education and/or experience equivalent to “1” or “2”, above. College education may be substituted for up to two years of the required experience in “2” above on the basis that sixty (60) semester credits from an accredited college is equated to one year of experience. In addition, twenty-four (24) credits from an accredited college or graduate school in cyber security, network security, computer science, computer programming, computer engineering, information technology, information science, information systems management, network administration, or a pertinent scientific, technical or related area; or a certificate of at least 625 hours in computer programming from an accredited technical school (post high school), may be substituted for one year of experience.

The preferred candidate should possess the following: - Bachelor’s degree with significant coursework in Cyber Security, Computer Science, or Information Technology - At least 2 years’ experience in planning and/or conducting cybersecurity assessments such as penetration tests, vulnerability and risk assessments, or compliance and auditing - Excellent verbal communication and presentation skills - Ability to achieve goals with minimal supervision self-starter - Demonstrated experience with building relationships with a diverse array of internal and external stakeholders - Excellent task management, information management, and organizational skills - Strong writing, copyediting, and proofreading skills - Knowledge of the NIST Cybersecurity Framework (CSF), NIST RMF, NIST 800-53, and/or other common cybersecurity frameworks and standards - Demonstrated experience working with technical and non-technical personnel on challenges, complex initiatives and efforts - Outstanding collaboration and team-building skills.

This position is also open to qualified persons with a disability who are eligible for the 55-a Program. Please indicate at the top of your resume and cover letter that you would like to be considered for the position through the 55-a Program.

As a prospective employee of the City of New York, you may be eligible for federal loan forgiveness programs and state repayment assistance programs. For more information, please visit the U.S. Department of Education’s website at https://studentaid.gov/pslf/

New York City residency is generally required within 90 days of appointment. However, City Employees in certain titles who have worked for the City for 2 continuous years may also be eligible to reside in Nassau, Suffolk, Putnam, Westchester, Rockland, or Orange County. To determine if the residency requirement applies to you, please discuss with the agency representative at the time of interview.

The City of New York is an inclusive equal opportunity employer committed to recruiting and retaining a diverse workforce and providing a work environment that is free from discrimination and harassment based upon any legally protected status or protected characteristic, including but not limited to an individual's sex, race, color, ethnicity, national origin, age, religion, disability, sexual orientation, veteran status, gender identity, or pregnancy.