Cyber Risk Analyst
About the role
The Cyber Risk Analyst will serve in the Cyber Command Risk Program under the direction of the Senior Advisor. They will help shape Cyber Command's approach to risk management, build new risk frameworks and processes, and assess and monitor NYC agencies' cybersecurity risks.
Responsibilities
- Build new risk processes and implement risk frameworks to enable better monitoring and evaluation of risks across the City;
- Manage projects, pushing through ambiguity and challenges which may arise;
- Work with stakeholders across various divisions, soliciting input and working through feedback;
- Review and analyze various cybersecurity risk cases, justifications, and exceptions documents submitted by agencies;
- Assist in developing cybersecurity risk assessment procedures and control testing methodologies based on established frameworks and guidelines;
- Assess NYC agencies' documented information security and technology policies, procedures, and practices.
- Draft risk cases accompanied by working papers, concise controls assessments, and systems testing reports;
- Present risk findings to senior leadership;
- Engage in communications with NYC agencies to assist them in successfully managing risk;
- Handle special projects and initiatives as assigned.
HOURS/SHIFT
Day - Due to the necessary technical duties of this position in a 24/7 operation, candidate may be required to work various shifts such as weekends and/or nights/evenings.
WORK LOCATION
Brooklyn, NY
To Apply
* Interested applicants with other civil service titles who meet the preferred requirements should also submit a resume for consideration
Please go to www.cityjobs/jobs/search and search for Job ID #769763
Submissions
To apply, candidates must submit a resume. Submission of a resume is not a guarantee that you will receive an interview.
Pay
Not specified
Schedule
Not specified
Benefits
Not specified
Skills
- 2-3 years of experience in cybersecurity risk management, IT auditing, or policy
- Familiarity with cybersecurity framework(s) (NIST, SANS, PCI, ISO 27001/27002, or CIS)
- Experience performing security controls assessments
- Knowledge of hardware, software, data, and network principles and systems related to Private and/or Public Sectors services
- Understanding of commonly used computer operating systems, databases, network structures
- Experience managing projects
- Being a highly organized, motivated, and self-directed professional
- Ability to work effectively in a team environment
- Investigative and analytical skills
- Excellent oral and written communication skills
- Knowledge of the current and evolving cyber threat landscape
- Knowledge of laws, regulations, policies, and ethics related to cybersecurity and information privacy
- One or more of the following certifications is preferred: CompTIA Security+, CompTIA Network+, CompTIA A+, CompTIA CySA+, Cisco Certified Network Associate - CCNA, CEH: Certified Ethical Hacker, GIAC Information Security Fundamentals GISF), GIAC Security Essentials (GSEC), ISC)2 Systems Security Certified Practitioner (SSCP)
- One or more of the following certifications are a plus: Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional CISSP), Certified in Risk and Information Systems Control (CRISC), Certified Information Security Manager (CISM)
Public Service Loan Forgiveness
For more information, please visit the U.S. Department of Education’s website at https://studentaid.gov/pslf/.
Residency Requirement
New York City Residency is not required for this position
Additional Information
The City of New York is an inclusive equal opportunity employer committed to recruiting and retaining a diverse workforce and providing a work environment that is free from discrimination and harassment based upon any legally protected status or protected characteristic, including but not limited to an individual's sex, race, color, ethnicity, national origin, age, religion, disability, sexual orientation, veteran status, gender identity, or pregnancy.