Cybersecurity Lead - (NYC)

Description

Duties Description

This position will report to the DOH Chief Information Security Officer within the Office of Health Information Management (OHIM). The Project Coordinators will be responsible for agency Information Security incident response, risk and compliance, and cyber governance. Duties include:

Implements information security and compliance programs.

• Participates in the development, interpretation, review and communication of information security regulations, policies, procedures, and standards.
• Monitors information security compliance and recommends improvements.
• Supports the implementation of information security procedures and protocols and participates in security risk reviews and remediation activity including producing written reports.
• Works with internal and external partners on information security issues.
• Plans and conducts outreach programs and activities to increase cyber security awareness.
• Tracks and reports out on all security related project portfolio tasks.
  
  

Supports the management and resolution of security threats to agency information systems.

• Participates in information security risk analysis and risk management processes with business and IT units.
• Review vulnerability scanning and analysis reports to help determine scope of risk and prioritization of remediation.
• Collects and maintains risk register, including reporting and tracking of remediation.
• Monitors external data sources to maintain currency of threat condition and potential impact on enterprise.
• Participates in the identification and modeling of new threat scenarios to provide proactive defensive measures to technical teams for mitigation of risk.
• Disseminates threat and vulnerability intelligence products.
• Participates in the continuous monitoring and protection of technology resources and determines events that require investigation and response.
  
  

Participates in cyber incident response.

• Supports the implementation and improvement of information security incident response plans and reports.
• Design, plan, and facilitate cyber security tabletop exercises to foster information-sharing and enhance cyber awareness with stakeholders.
• Participates in the investigation of alleged information security violations, follows agency procedures for referring the investigation to other investigatory entities (e.g., NYS Cyber Command, law enforcement, and State and federal oversight agencies), and responds to requests for information from external investigators.
• Performs analysis (e.g., logs, packet capture, reverse engineering) during cyber investigations to establish root cause and provides remediation recommendations.
• Conduct post-exercise after-action analysis, reporting, and assessment, develop recommendations, and design future exercises to validate improvements.
  
  

Serves as information security expert and evaluates systems and contracts for alignment with agency and State information security policies.

• Reviews contract, service level agreement, memorandum of understanding language and other documents to verify that they meet information security needs and requirements and align with agency and State information security policies.
• Provides information security expertise, advice, and recommendations to agency executives on a broad range of information security matters.
• Acts as information security lead on projects and initiatives to ensure security by design through implementation of the Secure Systems Development Lifecycle (SSDLC).
  
  

Monitors information security trends, tools, and techniques.

• Keeps abreast of relevant laws and regulations that could affect the security controls and classification of information assets and communicates legal and regulatory requirements.
• Researches, administers, and utilizes specialized cyber security tools, techniques, and procedures.
• Represents the agency at internal and external information security meetings and conferences to maintain awareness and evaluates the applicability of the latest information security techniques and tools to the agency’s security program.
• Participates in creation and maintenance of dashboard and reports that present information security data in an intuitive manner.
  
  

Serves as a subject matter expert in multiple areas of cyber security such as incident response, digital forensics, risk assessments, digital identity management, state, and federal compliance requirements.

Supervises staff and assigns work, writes performance and probationary evaluations, conducts interviews, and hires staff.

Qualifications

Minimum Qualifications

A bachelor’s degree* with at least 15 credit hours in cyber security, information assurance, or information technology; and three years of information technology experience, including two years of information security or information assurance experience**.

• Substitution: bachelor's degree candidates without at least 15 course credits in cyber security, information assurance, or information technology require an additional year of
  
  

general information technology experience to qualify. Appropriate information security or information assurance experience may substitute for the bachelor's degree on a yearfor-year basis; an associate's degree requires an additional two years of general information technology experience.

• Experience solely in information security or information assurance may substitute for the general information technology experience.
  
  

Preferred Qualifications

• Master’s degree in Cybersecurity, Risk Management, Information Systems, Health Information Management, Computer Science, or a related field
• A minimum of 3 year of experience in cybersecurity, cyber risk assessment, cyber incident response, or auditing IT systems
• Certification in one or more of the following:
• Certified Information Systems Auditor (CISA)
• Certified Information Systems Security Professional (CISSP)
• (ISC)2 Systems Security Certified Practitioner (SSCP)
• Certified in Risk and Information Systems Control (CRISC)
• Certified Information Security Manager (CISM)
• CompTIA Security
• CEH: Certified Ethical Hacker
• Ability to work effectively in a team environment - Being highly organized, motivated and a self-directed professional.
• Knowledge of hardware, software, data, and network principles and systems related to Private and/or Public Sectors services.
• Understanding of commonly used computer operating systems, databases, network structures
• Familiarity with cybersecurity regulations and framework(s) (HIPAA, HITECH, NIST, PCI, ISO 27001/27002, or CIS)
• Investigative and analytical skills
• Excellent oral and written communication skills, including the ability to explain complex technical issues in plain language.
• Knowledge of the current and evolving cyber threat landscape
• Knowledge of laws, regulations, policies, and ethics related to cybersecurity and information privacy.
  
  

Additional Comments

These positions are being recruited in both New York City and Albany; the positions may be filled at either location.

We offer a work-life balance and a generous benefits package, worth 65% of salary, including:

• Holiday & Paid Time Off
• Public Service Loan Forgiveness (PSLF)
• Pension from New York State Employees’ Retirement System
• Shift & Geographic pay differentials
• Affordable Health Care options
• Family dental and vision benefits at no additional cost
• NYS Deferred Compensation plan
• Access to NY 529 and NY ABLE College Savings Programs, and U.S. Savings Bonds
• And many more...
  
  

For new State employees appointed to graded positions, the annual salary is the hiring rate (beginning of the Salary Range) of the position. Promotion salaries are calculated by the NYS Office of the State Comptroller in accordance with NYS Civil Service Law, OSC Payroll rules and regulations and negotiated union contracts.

The NYS Department of Health is committed to making New York a safer, healthier, and more equitable place to live. Understanding health equity, social determinants of health and health disparities is critical to accomplish our goal of eliminating health disparities. For more information on the NYS Department of Health’s Mission, Vision, Values and Strategic Plan, please visit: https://health.ny.gov/commissioner/index.htm