IMPORTANT NOTE:
CANDIDATES WITH A PERMANENT COMPUTER SYSTEMS MANAGER OR COMPARABLE CIVIL SERVICE TITLE WITH SIMILAR DUTIES/RESPONSIBILITES ARE ENCOURAGED TO APPLY. PLEASE INCLUDE YOUR EMPLOYEE IDENTIFICATION NUMBER (EIN) WHEN APPLYING AND INDICATE IN YOUR COVER LETTER YOUR PERMANENT CIVIL SERVICE TITLE.

The NYC Department of Finance (DOF) is responsible for administering the tax revenue laws of the city fairly, efficiently, and transparently to instill public confidence and encourage compliance while providing exceptional customer service.

The Finance Information Technology (FIT) Division designs, builds, and supports all facets of DOF’s computer systems, including hardware, software, applications, infrastructure, telephone, and data security. FIT delivers and administers tax-related payment programs for the City of New York by providing the information technology solutions needed to achieve its mission of collecting revenue while ensuring an efficient and improved customer experience. FIT is also responsible for the systems and websites which enable citywide payments, land records, property assessment, parking adjudications, customer service, and the Sheriff’s public safety work.

DOF is seeking to hire an experienced, engaging, and innovative Deputy Chief Information Security Officer (Deputy CISO), to serve as a senior-level executive to oversee and coordinate all IT security efforts for the agency. DOF is continuously embarking on new technology initiatives and the selected candidate must be able to work effectively within this dynamic environment to maintain and grow an enterprise-wide, Cyber Security program to prevent Cyber-attacks and other security breaches.

Reporting directly to the Chief Information Security Officer (CISO), the selected candidate must have strong organizational and team leadership skills. DOF has recruited top Cyber professionals to form one of the largest Cyber Security teams in New York City government and through this team's efforts has implemented high-impact security protocols grounded in the NIST Cyber Security framework. The candidate would need to have the ability to build on this strong base to propel the agency to even higher levels of maturity. To that end, a proven track record of securing classified data as well as the ability to maintain the resiliency of applications generating revenues of 35 billion dollars annually is expected.

The Deputy CISO will oversee the following:

- Comprehensive Cyber Security program management, leading teams across a broad range of disciplines, including but not limited to Cyber Security operations, governance, risk, & compliance, security engineering, Cyber security forensics, identity access management, security event and incident management, data loss prevention, and privileged access management.
- The information security function across the entire agency to ensure consistent and high-quality information security management in support of the DOF business goals.
- Audit and compliance mechanisms to measure and enforce alignment with regulatory Cybersecurity requirements, as well as the implementation and maintenance of policies, and a comprehensive control framework to ensure technical systems and information assets are protected.
- Interact with internal and external counsel, Audit & IT Controls teams, internal risk committees, and external agencies Plan, develop, drive, and manage complex, multi-year projects and associated initiatives designed to improve the overall information security program, maintain an annual budget, ensure projects are executed as planned and aligned with Cybersecurity mandates.
- Disaster recovery policies and standards to align with the enterprise business continuity management (BCM) program goals, with the realization that components supporting primary business processes may be outside the corporate perimeter.
- Secure application architecture and design of high classified data network security with hosting facility.
- Development of strategic and tactical solutions for secure, cloud-based services.
- Code testing and validation methodologies for all application development life cycle for all DOF applications.
- Penetration testing methodologies and vulnerability management efforts.
- Technology dependencies outside of direct organizational control. This includes reviewing contracts and the creation of alternatives for managing risk.
- Containment of information security incidents and events to protect corporate IT assets, intellectual property, regulated data, and the company's reputation.
- The monitoring of the external threat environment for emerging threats, advising relevant stakeholders on the appropriate courses of action.
- Strategic relationships with the Office of Technology and other mayoral agencies and external agencies, such as law enforcement.

1. A master's degree in computer science from an accredited college or university and three (3) years of progressively more responsible, full-time, satisfactory experience in Information Technology (IT) including applications development, systems development, data communications and networking, database administration, data processing, or user services. At least eighteen (18) months of this experience must have been in an administrative, managerial or executive capacity in the areas of applications development, systems development, data communications and networking, database administration, data processing or in the supervision of staff performing these duties; or

2. A baccalaureate degree from an accredited college or university and four (4) years of progressively more responsible, full-time, satisfactory experience as described in "1" above; or

3. A four-year high school diploma or its educational equivalent, and six (6) years of progressively more responsible, full-time, satisfactory experience as described in "1" above; or

4. A satisfactory combination of education and experience equivalent to "1", "2" or "3" above. However, all candidates must have at least a four-year high school diploma or its educational equivalent and must possess at least three (3) years of experience as described in "1" above, including the eighteen (18) months of administrative, managerial, executive or supervisory experience as described in "1" above.

In the absence of a baccalaureate degree, undergraduate credits may be substituted for a maximum of two (2) years of the required experience in IT on the basis of 30 semester credits for six (6) months of the required experience. Graduate credits in computer science may be substituted for a maximum of one (1) year of the required experience in IT on the basis of 30 graduate semester credits in computer science for one (1) year of the required IT experience. However, undergraduate and/or graduate credits may not be substituted for the eighteen (18) months of experience in an administrative, managerial, executive, or supervisory capacity as described in "1" above.

- Master's degree and higher-level degree in Computer Science or related field preferred plus 10+ years of experience implementing and managing security programs. - 5+ years senior level-executive experience preferred. - Previous experience working in a Cyber Security leadership role in government or private financial entities. - CISSP or CISO Certification. - CISM or CISA or CGEIT Certification. - Experience using NIST 800-53, Fed Ramp, and FISMA as foundational frameworks. - ITIL Foundation Certification in IT Service Management or equivalent processes. - 5+ years of experience managing teams in a large and complex production operational environment. - Understanding of proactive security monitoring tools and alerts. - Strong passion for improving processes and overall customer experience. - Ability to ensure consistency of operations and respond and resolve tickets within predefined SLAs. - Ability to effectively escalate critical outages that could significantly impact the business. - Excellent organization, time management, and follow-up skills. - Outstanding written and verbal communication skills. - Advanced to expert level knowledge and understanding of information security architecture, information security technologies, tools, practices, and controls. - Ability to implement and then act as an advocate for security best practices and security awareness. - Ability to market new concepts and lead the effort for change.

This position is also open to qualified persons with a disability who are eligible for the 55-a Program. Please indicate at the top of your resume and cover letter that you would like to be considered for the position through the 55-a Program.

As a prospective employee of the City of New York, you may be eligible for federal loan forgiveness programs and state repayment assistance programs. For more information, please visit the U.S. Department of Education’s website at https://studentaid.gov/pslf/.

New York City Residency is not required for this position

The City of New York is an inclusive equal opportunity employer committed to recruiting and retaining a diverse workforce and providing a work environment that is free from discrimination and harassment based upon any legally protected status or protected characteristic, including but not limited to an individual's sex, race, color, ethnicity, national origin, age, religion, disability, sexual orientation, veteran status, gender identity, or pregnancy.