The Office of Technology and Innovation (OTI) leverages technology to drive opportunity, improve public safety, and help government run better across New York City. From delivering affordable broadband to protecting against cybersecurity threats and building digital government services, OTI is at the forefront of how the City delivers for New Yorkers in the 21st century. Watch our welcome video to see our work in action, follow us on social media @NYCOfficeofTech, and visit oti.nyc.gov to learn more.

At OTI, we offer great benefits, and the chance to work on projects that have a meaningful impact on millions of people. You'll have the opportunity to work with cutting-edge technology, and collaborate with other passionate professionals who share your drive and commitment to making a difference through technology.

Job Description
The Director for Infrastructure Resilience Team (IRT) reports to the division Senior Director and is responsible for managing the creation, implementation, and oversight of technologies, programs and processes designed to secure the services across OTI’s infrastructure.

The Director ensures that security and compliance risks related to information systems and assets are identified and managed to meet external regulatory requirements as well as internal policies and control objectives; enforces proper implementation of the programs and processes use to mitigate threats and vulnerabilities, assessing impacts and driving responses as appropriate; provides clear and timely business advice to executive management on key IT controls, compliance, and assurance issues; collaborate with all levels of the organization including senior executives, managers, peers, technical staff, business staff, suppliers, and service providers.

Responsibilities will include:
- Create programs that develop metrics to measure, report, and enable decision making regarding organizational controls, compliance and policy effectiveness;
- Manage Identity Governance and Administration to include user life-cycle, entitlements, automated provisioning, certifications;
- Develop, implement and monitor a strategic, comprehensive enterprise information security and identity and access management program to ensure the confidentiality, integrity, and availability of information owned, controlled or processed by the organization;
- Manage vendor and supply chain risk in relation to securing OTI infrastructure systems;
- Familiarity with adaptive/risk-based authentication and authorization;
- Manage operational and engineering teams within infrastructure resilience, working with the other units of the Infrastructure Management and with teams across other OTI divisions as required;
- Create, communicate and implement a risk-based process for vendor risk management, including assessment and treatment for risks that may result from partners, consultants and other service providers;
- Respond to IT/OT related incidents affecting OTI customers ability to operate or provide services to constituents;
- Create a framework for roles and responsibilities with regards to information ownership, classification, accountability and protection;
- Ensure that Infrastructure Resilience programs are compliant with relevant laws, regulations and policies;
- Define and facilitate the information security risk assessment process; reporting and oversight of efforts to address findings;
- Develop, maintain and publish up-to-date policies, standards and guidelines, and oversee training and dissemination of policies and practices for the division;
- Perform other duties of the Infrastructure Resilience unit as assigned by the division Deputy Commissioner.

HOURS/SHIFT
Day - Due to the necessary technical management duties of this position in a 24/7 operation, candidate may be required to be on call and/or work various shifts such as weekends and/or nights/evenings.

WORK LOCATION
Brooklyn, NY

TO APPLY
Special Note: Taking and passing civil service exams are necessary to maintain employment with the City of New York. Please check the Department of Citywide Administrative Services (DCAS) website (http://www.nyc.gov/html/dcas/html/work/exam_monthly.shtml) for important exam filing information. Please ensure that you are either a permanent employee in the civil service title listed on this posting, or, that you file for the examination when there is an open filing period. For more information regarding the civil service process, please visit the DCAS website at: http://www.nyc.gov/html/dcas/html/work/work.shtml

* Interested applicants with other civil service titles who meet the preferred requirements should also submit a resume for consideration

Please go to www.cityjobs.nyc.gov and search for Job ID #626380

SUBMISSION OF A RESUME IS NOT A GUARANTEE THAT YOU WILL RECEIVE AN INTERVIEW
APPOINTMENTS ARE SUBJECT TO OVERSIGHT APPROVAL

OTI participates in E-Verify

1. A baccalaureate degree from an accredited college including or supplemented by 24 credits in the field of voice and/or data telecommunications or in a pertinent scientific, technical, electronic or related area, and four years of satisfactory fulltime experience in the performance of analytical, planning, operational, technical, or administrative duties in a voice and/or data telecommunications or closely related electronics planning, management, and/or service organization, one year of which must have been in a highly specialized capacity and 18 months must have been in an executive, managerial, or administrative capacity or in the supervision of staff performing work in the voice and/or data telecommunications field; or
2. An associate degree from an accredited college including or supplemented by 12 credits in the field of voice and/or data telecommunications or in a pertinent, scientific, technical, electronic or related area and five years of experience as described in "1" above; or
3. Education and/or experience equivalent to "1" above. However, all candidates must have at least a four-year high school diploma or its educational equivalent and one year of the specialized experience as described in "1" above and must possess the 18 months of executive, managerial, administrative or supervisory experience as described in "1" above.

The preferred candidate should possess the following: - 10 + years of experience in Information Technology with at a minimum of 8 years of Information Security Governance and Security Management experience - Experience administering or managing cybersecurity programs, vulnerability management and security monitoring tools, incident response, disaster recovery, business continuity planning, application security risk assessment, and creating effective technical training programs with at least 10 years previous experience in a senior supervisory/management role - Experience working in a large IT organization with a diverse customer base - Solid understanding of multiple IAM services and concepts: LDAP, SAML, Active Directory, RADIUS, TACACS+, CISCO ISE, MFA, OpenID Connect, OAuth, PIM/PAM, IDaaS, Microsoft Azure AD - Ability to work with relevant internal application, infrastructure, network and support teams to ensure that security controls are implemented at all significant and relevant phases of IT processes - Proven experience managing a team of engineers and architects supporting next-generation firewalls, IDPS and threat management platforms - Ability to evaluate risks to the organization and articulate issues, develop consensus, raise awareness, and plan and implement solutions - Strong networking background with a thorough knowledge of network management tools, IPv4, subnetting, super-netting and DNS - Ability to represent the organization in internal security assessments and audits, as well as to respond to external assessments and audits - Knowledge of common information technology management frameworks such as NIST 800-53, CIS, ISO/IEC 27001, ITIL - Knowledge and understanding of relevant legal, regulatory and privacy requirements - Strong project management experience within an IT centric organization - Ability to work collaboratively and effectively with a cross-section of the infrastructure management team and business organizations to implement information security standards and initiatives - Understanding of threat driven methodologies, SDLC, and threat modeling - Ability to clearly present complex technical concepts and techniques to staff with a wide range of technical knowledge - Comfortable and effective in building partnerships with organizational leaders and influencing senior management - Ability to manage multiple projects with changing/shifting/dynamic priorities - Excellent written and oral communication skills - Education in Computer Science, Information Systems, Cyber-Security, or similar discipline preferred - Certifications in Networking and Security is a plus.

New York City residency is generally required within 90 days of appointment. However, City Employees in certain titles who have worked for the City for 2 continuous years may also be eligible to reside in Nassau, Suffolk, Putnam, Westchester, Rockland, or Orange County. To determine if the residency requirement applies to you, please discuss with the agency representative at the time of interview.

The City of New York is an inclusive equal opportunity employer committed to recruiting and retaining a diverse workforce and providing a work environment that is free from discrimination and harassment based upon any legally protected status or protected characteristic, including but not limited to an individual's sex, race, color, ethnicity, national origin, age, religion, disability, sexual orientation, veteran status, gender identity, or pregnancy.