Full-time
Chief Information Security Officer (CISO) - New York City NYC HOUSING AUTHORITY - New York, NY

The Chief Information Security Officer (CISO) leads the Authority’s enterprise-wide cybersecurity program and provides security oversight to the agency's information technology (IT) investments. The CISO develops, evaluates and implements policies for NYCHA programs.

Under direction of the Executive Vice President (EVP) / Chief Information Officer (CIO), with latitude for independent decision making and actions, this role provides support in building a strategic and comprehensive Information Security program that defines, develops, maintains and implements policies and processes that enable consistent, effective information security practices, which minimize risk and ensure the integrity, confidentiality and availability of information that is owned, controlled and processed within the organization.

Responsibilities will include, but are not limited to the following:

1. Lead the cybersecurity team across a broad range of disciplines, including security operations; Governance, Risk, & Compliance (GRC); support; incident response; implementation and optimization of security tools; access control; analytics; threat hunting/emulation; management of threat intelligence and vulnerabilities; security engineering; monitoring/detection; forensic investigations; metrics; training; and policy creation and implementation, ensuring compliance with the National Institute of Standards and Technology (NIST) and other applicable policies, laws and governing frameworks.
2. Support the development of an Information Security Program (ISP) and Information Security Management System (ISMS), providing assurances by way of reporting the effectiveness of the ISP.
3. Develop a comprehensive cybersecurity policy that ties to the ISP and integrates with the controls to support the security architecture.
4. Work with IT Architecture, Engineering, and Operations teams to oversee (designs architecture/integration, procure, configure, manage) a comprehensive suite of security tools and monitoring technologies based on a continuous review of industry trends, security architecture designs, and gaps in the environment.
5. Continuously monitor threat detection and response, hunting, compliance, and related enterprise-level security activities. Recommend enhancements designed to provide a comprehensive set of tools that integrate effectively and keep pace with evolving threats. Develop and refine the security program with innovative strategies and tactical plans, leveraging the latest industry research, threat analysis, and lessons learned from internal practices.
6. Conduct security assessments of all aspects of the IT architecture for compliance and to determine where vulnerabilities exist, translating findings into Remediation Plans.
7. Lead security monitoring of all environments and incident response to cyber-attacks by designing comprehensive plans, managing routine exercises, partnering with threat experts and law enforcement, fine tuning and optimizing security tools, working with external vendors, and building and leveraging threat intelligence and analytics programs.
8. Update and enhance a comprehensive threat monitoring and response program capable of rapidly detecting and responding to attacks.
9. Create and oversee penetration testing and vulnerability management efforts. This includes threat hunting and emulation (red team/blue team) efforts designed to detect and repair vulnerabilities across the enterprise network, determining where the architecture lacks sufficient security controls that could be exploited by an adversary.
10. Develop and manage an innovative and current cybersecurity training and awareness program that looks both internally at developing professionals in the field and educating employees across NYCHA. Ensure employees at all levels receive training to prevent security mishaps and build a security conscious workforce.
11. Provide leadership to the agency’s Information Security team by mentoring, coaching, and training.
12. Oversee Identity and Access Management settings, tools and governance standards.
13. Ensure the Disaster Recovery and Incident Response plans and procedures in the organization are updated and exercised.
14. Ensure security testing and validation methodologies are part of the development lifecycle on any solution.
15. Serve as an Information Security consultant to all departments for all data security related issues.
16. Maintain working knowledge of security standards, frameworks, certification requirements and accreditation standards.
17. Brief the executive team on progress being made to enhance security, status of security and risks, including taking the role of champion for the overall strategy.

Key Competencies

Excellent Communicator - ability to communicate clearly, both written and verbal; to think on one’s feet with a calm and pleasant demeanor; to artfully influence and persuade, and to render diplomatic approaches while remaining focused on the agency’s goals and priorities.Creative Problem Solver - develop innovative and impactful solutions that help address operational needs.Strategic - think strategically about trends and consequences.Multi-task & Goal Oriented - demonstrated ability to make timely and sound decisions/recommendations; establish priorities and successfully carry out multiple assignments, meeting critical deadlines and timeframes.
NOTE: This position is open to qualified persons with a disability who are eligible for the 55-a Program. Please indicate in your cover letter that you would like to be considered for the position under the 55-a Program. For detailed information regarding the 55-a Program, please visit the following link: http://www.nyc.gov/html/dcas/downloads/pdf/psb/100_1.pdf

Please read this posting carefully to make certain you meet the qualification requirements before applying to this position.

Minimum Qual Requirements

1. A master's degree in computer science from an accredited college and three years of progressively more responsible, full-time, satisfactory experience using information technology in computer applications programming, systems programming, computer systems development, data telecommunications, database administration, planning of data/information processing, user services, or area networks at least 18 months of this experience must have been in an administrative, managerial or executive capacity in the areas of computer applications programming, systems programming, computer systems development, data telecommunications, data base administration, or planning of data processing or in the supervision of staff performing these duties; or
2. A baccalaureate degree from an accredited college and four years of experience as described in "1" above; or
3. A four-year high school diploma or its educational equivalent approved by a State's department of education or recognized accrediting organization and six years of experience as described in "1" above; or
4. A satisfactory combination of education and experience equivalent to "1", "2" or "3" above. However, all candidates must have at least a four-year high school diploma or its educational equivalent approved by a State's department of education or recognized accrediting organization and must possess at least three years of experience as described in "1" above, including the 18 months of administrative, managerial, executive or supervisory experience as described in
"1" above.
Qualification Requirements (continued)
NOTE: The following types of experience are not acceptable: superficial use of preprogrammed software without complex programming, design, implementation or management of the product; use of word processing packages; use of a hand held calculator; primarily the entering or updating of data in a system; the operation of data processing hardware or consoles.

Preferred Skills

1. Bachelor’s Degree in Computer Science or related find plus 5+ years of experience implementing and managing security programs.
2. CISSP or CICSO Certification.
3. CISM or CISA or CGEIT Certification.
4. ITIL Foundation Certification in IT Service Management or equivalent processes.
5. 5+ years of experience managing teams in a large and complex production operational environment.
6. 5+ years senior level-executive experience preferred.
7. Understanding and experience supporting relevant voice and data (IP) technologies.
8. Excellent organization, time management and follow-up skills.
9. Understanding of proactive security monitoring tools and alerts.
10. Outstanding written and verbal communication skills.
11. Strong passion for improving processes and overall customer experience.
12. Ability to ensure consistency of operations and respond and resolve tickets within predefined SLAs.
13. Ability to effectively escalate critical outages that could significantly impact the business.
14. Knowledge of Cloud application environments and security architectures.
15. Experience with Incident Response.
16. Risk Management, Compliance and Audit experience.
17. Experience with Threat and Vulnerability Management.
18. Establish Data Classification model and support processes and adequate controls for data protection.
19. Understanding of Business Continuity and Disaster Recovery.
20. Experience that evidences ability to represent NYCHA internally and externally.

Additional Information

1. Due to the existence of a civil service list, candidates must have permanent civil service status in the title of Computer Systems Manager to apply.
2. INTERAGENCY TRANSFERS INTO NYCHA OF THOSE PERMANENT IN TITLE ARE NOT PERMITTED IN THE FACE OF AN ACTIVE AND VIABLE NYCHA PROMOTION LIST OR PREFERRED LIST FOR THE SAME TITLE.
3. Employees serving in the title of or who meet the qualification requirements for Computer Operations Manager will also be considered.
4. NYCHA employees applying for promotional, title or level change opportunities must have served a period of one year in their current title and level (if applicable).
5. NYCHA residents are encouraged to apply.

To Apply

Click the "Apply Now" button.

Residency Requirement

NYCHA has no residency requirements.

Apply for this job  or Save to My Jobs

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.com, you agree to our use of cookies.