IMPORTANT NOTE:
CANDIDATES WITH A PERMANENT COMPUTER SYSTEMS MANAGER OR COMPARABLE CIVIL SERVICE TITLE WITH SIMILAR DUTIES/RESPONSIBILITES ARE ENCOURAGED TO APPLY. PLEASE INCLUDE YOUR EMPLOYEE IDENTIFICATION NUMBER (EIN) WHEN APPLYING AND INDICATE IN YOUR COVER LETTER YOUR PERMANENT CIVIL SERVICE TITLE.

The NYC Department of Finance (DOF) is responsible for administering the tax revenue laws of the city fairly, efficiently, and transparently to instill public confidence and encourage compliance while providing exceptional customer service.

The Finance Information Technology (FIT) Division designs, builds, and supports all facets of DOF’s computer systems, including hardware, software, applications, infrastructure, telephone, and data security. FIT delivers and administers tax-related payment programs for the City of New York by providing the information technology solutions needed to achieve its mission of collecting revenue while ensuring an efficient and improved customer experience. FIT is also responsible for the systems and websites which enable citywide payments, land records, property assessment, parking adjudications, customer service, and the Sheriff’s public safety work.

FIT is currently seeking a Director of Cybersecurity Governance, who will report to the Deputy Chief Information Security Officer (CISO). The selected candidate must have strong organizational and team leadership skills to achieve interdepartmental compliance and possess extensive technical knowledge in Cybersecurity and information systems. In addition, they must possess detailed knowledge of security and privacy technologies and best practices, knowledge of appropriate security methods and controls, as well as IT security privacy legislation and related policy issues are required. The Director of Cybersecurity Governance will manage all cybersecurity private/public and Federal/City relationships and be responsible for the oversight and coordination of security management controls, including cybersecurity policies, standards, guidance, and processes within the Department of Finance (DOF). The selected candidate should have the ability to develop and maintain effective working relationships with executive management, IT technical staff, legal staff as well as third-party vendors and related industry experts. The selected candidate will also manage special projects as needed.

The selected candidate's responsibilities will include but not be limited to the following:

- Oversee CyberSecurity Governance and Controls with a specific focus on Cyber Risk Management for the Department of Finance.
- Play a key role in Department of Finance's Cyber Policy review and refresh.
- Responsible and accountable for Controls and Compliance to enforce hardening of networks, hosts, and applications.
- Make recommendations to the Chief Information Security Officer and to agency leadership based on deep analysis of Department of Finance's Critical Assets within a Risk Management Framework.
- Manage the daily use and distribution of strategic cyber risk and long-term threat intelligence finished products.
- Oversee sustained and successful participation by Cyber Security in any cyber security relevant City audits; govern threat modeling and its application into the Department of Finance's Cyber Uplift plan.
- Work closely with cross functional team and OTI to embed security, and evaluate complex system security design, development, analysis and testing of all DOF's internal, external, multi-agency applications in hosted facilities and in cloud environment.
- Evaluating information security and developing appropriate solutions, functional structures of various operating systems components and associated security features.
- Help develop and deliver training around Software Development Life cycle and implementing and evaluating security of the software in early stage.
- Collaborate with Engineering to assess and prioritize security vulnerabilities and maintain application security tool.
- Solid understanding of cloud arch and services.
- Development of strategies for secure, cloud-based services.
- Solid understanding of threat modeling.

1. A master's degree in computer science from an accredited college or university and three (3) years of progressively more responsible, full-time, satisfactory experience in Information Technology (IT) including applications development, systems development, data communications and networking, database administration, data processing, or user services. At least eighteen (18) months of this experience must have been in an administrative, managerial or executive capacity in the areas of applications development, systems development, data communications and networking, database administration, data processing or in the supervision of staff performing these duties; or

2. A baccalaureate degree from an accredited college or university and four (4) years of progressively more responsible, full-time, satisfactory experience as described in "1" above; or

3. A four-year high school diploma or its educational equivalent, and six (6) years of progressively more responsible, full-time, satisfactory experience as described in "1" above; or

4. A satisfactory combination of education and experience equivalent to "1", "2" or "3" above. However, all candidates must have at least a four-year high school diploma or its educational equivalent and must possess at least three (3) years of experience as described in "1" above, including the eighteen (18) months of administrative, managerial, executive or supervisory experience as described in "1" above.

In the absence of a baccalaureate degree, undergraduate credits may be substituted for a maximum of two (2) years of the required experience in IT on the basis of 30 semester credits for six (6) months of the required experience. Graduate credits in computer science may be substituted for a maximum of one (1) year of the required experience in IT on the basis of 30 graduate semester credits in computer science for one (1) year of the required IT experience. However, undergraduate and/or graduate credits may not be substituted for the eighteen (18) months of experience in an administrative, managerial, executive, or supervisory capacity as described in "1" above.

- Bachelor's degree, from an accredited college or university with an emphasis in information security, computer science, information systems, computer engineering, or a related field. - 12 years of experience which includes demonstrated substantial responsibility for comprehensive security program management, as well as responsibility for planning, administering, and ensuring effective and secure large-scale information security policies covering applications and Infrastructure. - Advanced to expert level knowledge and understanding of information security architecture, information security technologies, tools, practices, and controls. - Demonstrable knowledge of information security technologies, networking and network architecture. - Deep and hands on understanding of the current cyber threat landscape, attack methodologies, and risk mitigation/remediation methods. - Experience in cyber forensics and highly complex threat analyses. - Current Certified Information Systems Security Professional (CISSP) and/or Certified Information Security Manager (CISM) CCIE (Security). - Knowledge of common information security management frameworks, such as ISO 27001, COBIT, NIST or other data security standard. - In-depth knowledge of complex network architecture, Internet connectivity and DMZ hosting strategies knowledge of data privacy regulations, and compliance issues. - Experience working effectively and collaboratively as a leader within an information technology governance model especially in the public sector. - Demonstrated exceptional communication skills and ability to clearly discuss and convey complex information technology security concepts and terminology with both technical and non-technical staff at all levels within and outside the County. - Demonstrated ability to implement and then act as an advocate for security best practices and security awareness. - Demonstrated ability to write and present succinct and informative communication, which conveys clear and concise meaning. - Demonstrated ability to develop clear requirements for internal information technology staff and third-party vendors. - Demonstrated ability to market new concepts and lead the effort for the change.

This position is also open to qualified persons with a disability who are eligible for the 55-a Program. Please indicate at the top of your resume and cover letter that you would like to be considered for the position through the 55-a Program.

As a prospective employee of the City of New York, you may be eligible for federal loan forgiveness programs and state repayment assistance programs. For more information, please visit the U.S. Department of Education’s website at https://studentaid.gov/pslf/.

New York City Residency is not required for this position

The City of New York is an inclusive equal opportunity employer committed to recruiting and retaining a diverse workforce and providing a work environment that is free from discrimination and harassment based upon any legally protected status or protected characteristic, including but not limited to an individual's sex, race, color, ethnicity, national origin, age, religion, disability, sexual orientation, veteran status, gender identity, or pregnancy.