Job Description This position is only open to candidates who are permanent in the civil service title of Computer Systems Manager or for those who have taken and passed the exam for the title listed above.
It is important that you have taken the exam to avoid being bumped out of your position when the Eligible List for this title is established.
The New York City Administration for Children’s Services (ACS) is seeking an outstanding candidate to serve as the Agency’s Chief Information Security Officer (CISO) in the Office of Information Technology (OIT).
Candidate must be a knowledgeable leader to provide vision, strategy, planning, best practices and hands-on responsibility as the CISO for the agency.
The selected candidate will be an integral member of the OIT leadership team for one of the country’s premier children’s services agencies dedicated to strengthening NYC’s families and their 1.
8 million children. Reporting to the Associate Commissioner / Chief Information Officer (CIO), with latitude for independent initiative, judgment and decision-
making, the Chief Information Security Officer will provide leadership for the protection of agency information assets.
The Chief Information Security Officer responsibilities include, but are not limited to :
The CISO is responsible for the development and delivery of a comprehensive information security and cybersecurity strategy to optimize the overall security posture of the Agency.
The CISO leads the development and implementation of an overall security program that leverages collaboration with New York City Cyber Command (NYC3), New York City Department of Information Technology and Telecommunications (DoITT) and ACS IT resources, facilitating information security governance according to NYC3 and DoITT Citywide security policies in managing information security risk.
Partnering with ACS employees and consultants to ensure understanding of and adherence to the Citywide Information Security Policies.
Provide guidance and counsel to the CIO, working closely with NYC3 as well as operational management in defining objectives for information security, while building relationships and goodwill.
Promptly reporting security incidents or significant security problems along with action plans to mitigate, to the CIO.
Acts as an advisor to the CIO regarding compliance with the Citywide Information Security Policies.
Keep up to date on information security topics; information security conferences, teleconferences sponsored by NYC3, DoITT and other recognized information security organizations, i.e. SANS, ISSA, ISACA, etc.
Establish procedures to ensure that systems and / or software comply with ACS and Citywide Information Security Policies.
Application Development Security Operations, imbedding security throughout the Systems Development Life Cycle (SDLC), providing advice on regulations as they apply to security in application development, expert in application security principles, risks, attacks, and resources such as Open Web Application Security Project (OWASP).
Responsible for tools related to dynamic scans, static source code reviews, and application penetration testing e.g. BlackDuck, WhiteHat, Veracode, Nexpose, Metasploit.
Provide consultation to business units, Project Management Office (PMO), and developers during the early phases to ensure secure application design.
Prepare, execute and enforcement of information security policies and training for the agency.
Provide leadership in promoting information security into all appropriate agency business plans and overseeing execution, and especially ensuring that ACS Information Owners (Divisions) understand and execute their responsibilities appropriately.
Establishing an information technology security awareness program to ensure all ACS employees understand and adhere to information technology policies and standards.
Coordinate closely with those responsible for physical security within ACS.
Continuously identifying, updating and maintaining information regarding potential security vulnerabilities, risk and threats to the enterprise information technology infrastructure, and distributing technology security information to appropriate staff.
Provide instructions and coordination regarding software configuration standards for servers and desktop systems that are or may be attached to the enterprise network where necessary to ensure information technology security.
Minimum Qual Requirements 1. A master's degree in computer science from an accredited college and three years of progressively more responsible, full-
time, satisfactory experience using information technology in computer applications programming, systems programming, computer systems development, data telecommunications, database administration, planning of data / information processing, user services, or area networks at least 18 months of this experience must have been in an administrative, managerial or executive capacity in the areas of computer applications programming, systems programming, computer systems development, data telecommunications, data base administration, or planning of data processing or in the supervision of staff performing these duties; or
2. A baccalaureate degree from an accredited college and four years of experience as described in "1" above; or
3. A four-year high school diploma or its educational equivalent approved by a State's department of education or recognized accrediting organization and six years of experience as described in "1" above; or
4. A satisfactory combination of education and experience equivalent to "1", "2" or "3" above. However, all candidates must have at least a four-
year high school diploma or its educational equivalent approved by a State's department of education or recognized accrediting organization and must possess at least three years of experience as described in "1" above, including the 18 months of administrative, managerial, executive or supervisory experience as described in
Qualification Requirements (continued)
NOTE : The following types of experience are not acceptable : superficial use of preprogrammed software without complex programming, design, implementation or management of the product;
use of word processing packages; use of a hand held calculator; primarily the entering or updating of data in a system; the operation of data processing hardware or consoles.
Preferred Skills Minimum of 8 years of experience in a combination of risk management, information security and information technology fields.
At least 4 years of experience in a senior leadership role. Employment history must demonstrate increasing levels of responsibility.
Knowledge of common information security management frameworks, such as NIST.
Knowledge and demonstrated experience of relevant legal and regulatory requirements, such as HITRUST, SOC-2, HITECH, FERPA, HIPAA Privacy & Security and other CMS regulations and guidelines.
Network and Endpoint security experience required; IDS, IPS, ATP, Malware defenses and monitoring experience.
Demonstrated experience with firewall and system configuration and event log monitoring required.
Knowledge and experience with common information security management frameworks, such as International Standards Organization (ISO) 17799 / 27001 and the IT Infrastructure Library (ITIL), Control Objectives for Information and Related Technology (CobiT) and National Institute of Standards and Technology (NIST) frameworks Preferred Certifications : CCISO, CISSP, CISM, CCSP, Security + etc.
Additional Information Section 424-A of the New York Social Services Law requires an authorized agency to inquire whether a candidate for employment with child-
caring responsibilities has been the subject of a child abuse and maltreatment report.
The City of New York and the Administration for Children’s Services are Equal Opportunity Employers Committed to Diversity To Apply Click on the "Apply Now" button Residency Requirement New York City Residency is not required for this position