ONLY PERMANENT EMPLOYEES IN THE TITLE AND THOSE THAT ARE REACHABLE ON THE CYBER SECURITY ANALYST CIVIL SERVICE LIST ARE ELIGIBLE TO APPLY.

Division/Program Summary:
Audit Services plays a leading role in risk-based assessments of the Department’s operational efficiencies, control effectiveness and compliance with federal laws, such as the Health Insurance Portability and Accountability Act (HIPAA), Citywide policies, and New York City Comptroller’s directives.

Position Summary:
This position will report to the Cyber Security IT Audit Manager in the Bureau of Audit Services, Office of the Chief Operating Officer.

Job Duties and Responsibilities:
- Plan and execute advisory, assessment and audit projects using information technology (IT) Governance, Risk and Compliance (GRC) best practices, methodologies and tools.
- Conduct research and analysis of the agency’ systems, IT hardware and network infrastructure, programs, IT contracts and procurement, IT professional services, and compliance with the City’s and Agency’s policies and procedures and in comparison, to federal and industry recommended standards, frameworks and controls.
- Assist in the development of cybersecurity audit plans, test plans, system analyses and IT system controls.
- Document and present IT advisory, assessment and audit reports – including test results – to all levels of management.
- Perform cybersecurity IT audits, security risk assessments, IT system integrity testing, IT controls reviews and integrated audits with fiscal auditors.
- Research, analyze and evaluate risks and controls relevant to cybersecurity and provide risk assessment and risk mitigation recommendations.
- Document project lessons learned and help identify risk management and performance improvement opportunities.
- Support Audit Management in conducting internal reviews of the Department’s general IT system controls (e.g., access control, audit and accountability, configuration management, contingency planning, incident response and disaster recovery, physical and environmental protection, data center operations, supply chain risk management, etc.), and recommend controls to mitigate risks.
- Support the assessment of Department’s compliance with federal requirements such as HIPAA Security and Privacy rules.
- Maintain ongoing and open communication with the Department’s programs – including the Division of Information Technology Office of Cybersecurity on general and application control issues and implementation of corrective actions.
- Prepare and maintain complete work paper documentation, memos, and letters.
- Act as the agency’s representative during external audits/ reviews, and as a liaison between the Comptroller’s Office, third party auditors/reviews and the division/bureau being audited
- Seek self-improvement through education, certification, training, and staying abreast of current and emerging technologies; and;
- Research and stay up-to-date on IT risk management and relevant audit concepts and methods.

Why you should work for us:

- Benefits: City employees are entitled to unmatched benefits such as:
o a premium-free health insurance plan that saves employees over $10K annually, per a 2024 assessment.
o additional health, fitness, and financial benefits may be available based on the position’s associated union/benefit fund.
o a public sector defined benefit pension plan with steady monthly payments in retirement.
o a tax-deferred savings program and
o a robust Worksite Wellness Program that offers resources and opportunities to keep you healthy while serving New Yorkers.
- Work From Home Policy: Depending on your position, you may be able to work up to two days during the week from home.
- Job Security - you could enjoy more job security compared to private sector employment and be able to contribute to making NYC a healthy place to live and work.

Established in 1805, the New York City Department of Health and Mental Hygiene (NYC Health Department) is the oldest and largest health department in the U.S., dedicated to protecting and improving the health of NYC. Our mission is to safeguard the health of every resident and cultivate a city where everyone, regardless of age, background, or location, can achieve their optimal health. We provide a wide array of programs and services focused on food and nutrition, anti-tobacco support, chronic disease prevention, HIV/AIDS treatment, family and child health, environmental health, mental health, and social justice initiatives. As the primary population health strategist and policy authority for NYC, with a rich history of public health initiatives and scientific advancements, from addressing the 1822 yellow fever outbreak to the COVID-19 pandemic, we serve as a global leader in public health innovation and expertise.

Come join us and help to continue our efforts in making a difference in the lives of all New Yorkers!

Commitment to Equity:

The City of New York is an inclusive equal opportunity employer committed to recruiting and retaining a diverse workforce and providing a work environment that is free from discrimination and harassment based upon any legally protected status or protected characteristic, including but not limited to an individual's sex, race, color, ethnicity, national origin, age, religion, disability, sexual orientation, veteran status, gender identity, or pregnancy.

The NYC Health Department is an inclusive equal opportunity employer committed to providing access and reasonable accommodation to all individuals. To request reasonable accommodation to participate in the job application or interview process, contact Sye-Eun Ahn, Director of the Office of Equal Employment Opportunity, at sahn1@health.nyc.gov or 347-396-6549.

CYBER SECURITY ANALYST - 13633

1. A baccalaureate degree, from an accredited college including or supplemented by twenty-four (24) semester credits in cyber security, network security, computer science, computer programming, computer engineering, information technology, information science, information systems management, network administration, or a pertinent scientific, technical or related area; or

2. A four-year high school diploma or its equivalent approved by a State’s department of education or a recognized accrediting organization and three years of satisfactory experience in any of the areas described in “1” above; or

3. Education and/or experience equivalent to “1” or “2”, above. College education may be substituted for up to two years of the required experience in “2” above on the basis that sixty (60) semester credits from an accredited college is equated to one year of experience. In addition, twenty-four (24) credits from an accredited college or graduate school in cyber security, network security, computer science, computer programming, computer engineering, information technology, information science, information systems management, network administration, or a pertinent scientific, technical or related area; or a certificate of at least 625 hours in computer programming from an accredited technical school (post high school), may be substituted for one year of experience.

- A baccalaureate (BA/BS) degree from an accredited college or university in information technology, computer science, systems engineering, cybersecurity, accounting, business or a related area, including or supplemented by (i) 24 semester credits in computer science, or 24 semester credits in accounting and auditing or a closely related field and one (1) or more years of experience in information technology in information systems and cybersecurity audit, or cybersecurity risk, governance or compliance management, cybersecurity incident management, or cybersecurity operations. - Highly motivated, self-directed and organized professional with the ability to plan and execute a project. - Business analysis with a curious mindset and interest to learn new information. - Excellent oral and written – including word-based and graphic – communication skills. - Ability to work independently when given specific instructions. - Excellent interpersonal and relationship building skills. - Ability to adapt to change quickly and follow directions, and capable of handling multiple projects at the same time and meet deadlines. - Understanding of the CIA Triad and cyber security frameworks such as ISO 2700X, COBIT 5, and NIST CSF and 800-53. - Related industry certifications or actively pursuing certifications such as Security+, CISSP, CISA, and/or CISM. - Advanced knowledge of Microsoft Office Suite: Word, Excel, PowerPoint, Access, and Visio. - ACL (Audit Command Language) or SQL (Structured Query Language) experience is a plus. - Basic understanding of commonly used operation systems, databases, network structures. - Ability to create and maintain project plans with Gannt charts and other audit project plan records.

This position is also open to qualified persons with a disability who are eligible for the 55-a Program. Please indicate at the top of your resume and cover letter that you would like to be considered for the position through the 55-a Program.

As a prospective employee of the City of New York, you may be eligible for federal loan forgiveness programs and state repayment assistance programs. For more information, please visit the U.S. Department of Education’s website at https://studentaid.gov/pslf/.

New York City residency is generally required within 90 days of appointment. However, City Employees in certain titles who have worked for the City for 2 continuous years may also be eligible to reside in Nassau, Suffolk, Putnam, Westchester, Rockland, or Orange County. To determine if the residency requirement applies to you, please discuss with the agency representative at the time of interview.

The City of New York is an inclusive equal opportunity employer committed to recruiting and retaining a diverse workforce and providing a work environment that is free from discrimination and harassment based upon any legally protected status or protected characteristic, including but not limited to an individual's sex, race, color, ethnicity, national origin, age, religion, disability, sexual orientation, veteran status, gender identity, or pregnancy.