Job Description

OPEN TO PERMANENT CYBER SECURITY ANALYST AND THE QUALIFIED CANDIDATES WHO FILES FOR THE EXAM MAY BE ELIGIBLE TO APPLY>

Established in 1805, the New York City Department of Health and Mental Hygiene (the NYC Health Department) is the oldest and largest health department in the country. Our mission is to protect and improve the health of all New Yorkers, in service of a vision of a city in which all New Yorkers can realize their full health potential, regardless of who they are, how old they are, where they are from, or where they live.

As a world-renowned public health agency with a history of building transformative public health programming and infrastructure, innovating in science and scholarship to advance public health knowledge, and responding to urgent public health crises from New York City’s yellow fever outbreak in 1822, to the COVID-19 pandemic we are a hub for public health innovation, expertise, and programs, and services. We serve as the population health strategist, and policy, and planning authority for the City of New York, while also having a vast impact on national and international public policy, including programs and services focused on food and nutrition, anti-tobacco support, chronic disease prevention, HIV/AIDS treatment, family and child health, environmental health, mental health, and racial and social justice work, among others.

Our Agency’s five strategic priorities, building off a recently-completed strategic planning process emerging from the COVID-19 emergency, are:

1) To re-envision how the Health Department prepares for and responds to health emergencies, with a focus on building a “response-ready” organization, with faster decision-making, transparent public communications, and stronger surveillance and bridges to healthcare systems 2) Address and prevent chronic and diet-related disease, including addressing rising rates of childhood obesity and the impact of diabetes, and transforming our food systems to improve nutrition and enhance access to healthy foods.

3) Address the second pandemic of mental illness including: reducing overdose deaths, strengthening our youth mental health systems, and supporting people with serious mental illness

4) Reduce black maternal mortality and make New York a model city for women’s health

5) Mobilize against and combat the health impacts of climate change

Our 7,000-plus team members bring extraordinary diversity to the work of public health. True to our value of equity as a foundational element of all of our work, and a critical foundation to achieving population health impact in New York City, the NYC Health Department has been a leader in recognizing and dismantling racism’s impacts on the health of New Yorkers and beyond. In 2021, the NYC Board of Health declared racism as a public health crisis. With commitment to advance anti-racist public health practices that dismantle systems that perpetuate inequitable power, opportunity and access, the NYC Health Department continues to work in and with communities and community organizations to increase their access to health services and decrease avoidable health outcomes.

PROGRAM AND JOB DESCRIPTION:

The Division of Information Technology (DIT) aims to align technology solutions with the DOHMH mission by prioritizing resource use and deploying innovations that facilitate the agency's day-to-day activities and enhance staff productivity and efficiency. Our goal is to provide users with a reliable, stable, and safe computing environment, through the collaboration of: The Bureau of Technology Strategy & Project Management The Bureau of Network Technology & Telecommunication Services The Office of Information Security The Office of IT Administration The Office of Information Security The Office of Information Security (OIS)leads the implementation of an integrated, modern, framework-based security program across the Department of Health and Mental Hygiene to preserve the integrity of agency services and protect sensitive business data from current and emerging cyber threats, and to preserve the reputation of the agency and its ability to protect and promote the health of all New Yorkers. Driven by information about attackers, using a risk-based and cost-effective approach, investments will be made in people, processes, and technology to prevent and respond to cyber threats.

DIT has an opening for a Cyber GRC Analyst serving DOHMH Division of Information Technology Office of Cybersecurity. This individual will perform tasks and assignments in the fields of Cyber security Awareness, Governance, Compliance , and other relevant and required duties for the Cyber security Strategy team, to further the mission of the Office of Cybersecurity (Information Security).

DUTIES WILL INCLUDE BUT NOT BE LIMITED TO:

Security Awareness: Develop and implement comprehensive security awareness programs tailored to the IT audience to ensure IT teams are fully aware of cybersecurity policies and procedures.

Maintain the Office of Cybersecurity SharePoint and other publicized pages to provide intuitive guidance, resources, and updates on security policies, best practices, and emerging threats.

Collaborate with cross-functional IT teams to ensure cybersecurity policies, standards, and procedures are effectively communicated and followed. Create and deliver engaging training materials,

including presentations, webinars, and documentation, to educate IT teams on cybersecurity best practices and procedures.

Conduct regular assessments to evaluate the effectiveness of security awareness initiatives within various IT departments and identify areas for improvement.

Stay informed about emerging threats and vulnerabilities and disseminate relevant information to IT stakeholders to enhance the organization's security posture.

Governance: Establish and maintain governance frameworks to ensure compliance with regulatory requirements, industry standards, and internal policies within the IT environment. Conduct risk assessments specific to Cybersecurity for IT systems and infrastructure to identify potential security gaps and recommend remediation measures.

Collaborate on internally and externally driven audits with IT project management and cyber risk teams to ensure alignment of cybersecurity controls with regulatory requirements and industry standards.

Develop and maintain documentation of cybersecurity policies, standards, and procedures, and ensure they are regularly reviewed and updated to address evolving threats and business needs.

Monitor compliance with cybersecurity policies and procedures within the IT environment and enforce consequences for non-compliance as necessary.

Compliance: Ensure compliance with relevant regulatory requirements such as NIST (800-53, 800-207, CSF) HIPAA, PCI DSS, Directive 1, etc., within the IT environment, and implement controls to address compliance gaps.

Stay updated on changes to regulatory requirements and industry standards and assess their impact on the organization's compliance efforts.

Coordinate with legal and regulatory affairs teams to respond to compliance inquiries, audits, and investigations, and ensure timely and accurate reporting of compliance-related activities.

Collaborate with external auditors and regulatory agencies to facilitate compliance assessments and audits and address any findings or recommendations in a timely manner.

Develop and maintain documentation of compliance-related activities, including policies, procedures, and audit reports, and ensure they are accessible to relevant stakeholders.

Strategy: Develop and execute a comprehensive cybersecurity strategy aligned with organizational goals, leveraging industry best practices and innovative approaches to mitigate risks effectively within the IT landscape.

Lead the development of long-term cybersecurity goals and objectives and collaborate with executive leadership to prioritize initiatives and allocate resources accordingly.

Continuously assess the organization's security posture and identify areas for improvement, proactively recommending strategic initiatives to enhance cybersecurity capabilities.

Stay abreast of emerging technologies, trends, and regulatory changes in the cybersecurity landscape, and assess their potential impact on the organization's security strategy.

Provide strategic guidance and support to internal IT teams to align cybersecurity initiatives with overarching business objectives and ensure the effective implementation of security controls.

Regularly evaluate the effectiveness of the cybersecurity strategy and adjust as necessary to address new threats, vulnerabilities, and business requirements.

**IMPORTANT NOTES TO ALL CANDIDATES:

Please note: If you are called for an interview you will be required to bring to your interview copies of original documentation, such as:

• A document that establishes identity for employment eligibility, such as: A Valid U.S. Passport, Permanent Resident Card/Green Card, or Driver’s license.

• Proof of Education according to the education requirements of the civil service title.

• Current Resume

• Proof of Address/NYC Residency dated within the last 60 days, such as: Recent Utility Bill (i.e. Telephone, Cable, Mobile Phone)

Additional documentation may be required to evaluate your qualification as outlined in this posting’s “Minimum Qualification Requirements” section. Examples of additional documentation may be, but not limited to: college transcript, experience verification or professional trade licenses.

If after your interview you are the selected candidate you will be contacted to schedule an on-boarding appointment. By the time of this appointment you will be asked to produce the originals of the above documents along with your original Social Security card.

**LOAN FORGIVENESS

As a prospective employee of the City of New York, you may be eligible for federal loan forgiveness programs and state repayment assistance programs. For more information, please visit the U.S. Department of Education’s website at StudentAid.gov/PSLF.

"FINAL APPOINTMENTS ARE SUBJECT TO OFFICE OF MANAGEMENT & BUDGET APPROVAL”

Qualifications

1. A baccalaureate degree, from an accredited college including or supplemented by twenty-four (24) semester credits in cyber security, network security, computer science, computer programming, computer engineering, information technology, information science, information systems management, network administration, or a pertinent scientific, technical or related area; or

2. A four-year high school diploma or its equivalent approved by a State’s department of education or a recognized accrediting organization and three years of satisfactory experience in any of the areas described in “1” above; or

3. Education and/or experience equivalent to “1” or “2”, above. College education may be substituted for up to two years of the required experience in “2” above on the basis that sixty (60) semester credits from an accredited college is equated to one year of experience. In addition, twenty-four (24) credits from an accredited college or graduate school in cyber security, network security, computer science, computer programming, computer engineering, information technology, information science, information systems management, network administration, or a pertinent scientific, technical or related area; or a certificate of at least 625 hours in computer programming from an accredited technical school (post high school), may be substituted for one year of experience.

Additional Information

The City of New York is an inclusive equal opportunity employer committed to recruiting and retaining a diverse workforce and providing a work environment that is free from discrimination and harassment based upon any legally protected status or protected characteristic, including but not limited to an individual's sex, race, color, ethnicity, national origin, age, religion, disability, sexual orientation, veteran status, gender identity, or pregnancy.