Cyber Audit and Compliance Manager

OPEN TO OTI EMPLOYEES ONLY

Job Description

The Cyber Audit & Compliance Manager will be a crucial leader within OTI Cyber Command's Audit and Compliance Division, directly responsible for strengthening the City's cybersecurity risk and compliance framework. Reporting to the Director of the Audit and Compliance (A&C) Division, the Cyber Audit & Compliance Manager will receive strategic guidance and oversight, while driving the execution of essential cybersecurity risk, audit and compliance initiatives. This position will lead a dedicated team in ensuring that the City's cybersecurity practices are not only standardized but also aligned with evolving regulatory requirements. By working closely with City agencies, OTI divisions and key stakeholders, the Cyber Audit & Compliance Manager will play a vital role in standardizing risk acceptance processes and compliance procedures across City agencies, ensuring full adherence to both internal policies and external regulations. Without this leadership, the City's ability to maintain consistent compliance and mitigate cybersecurity risks will be compromised.

Responsibilities will include:

• Lead and manage the implementation of a centralized Risk Register tool and processes;
• As part of the Continuous Auditing Program, oversee A&C evaluations of NYC Agencies' cybersecurity programs or their components to ensure compliance with the Citywide cybersecurity
  
  
  

policies and standards;

• As part of the Citywide Audit Program, participate in audits of cybersecurity programs and cybersecurity related projects;
• Lead in further development of the Governance, Risk and Compliance (GRC) Program and related risk assessment methodology based on Citywide policies, cybersecurity frameworks, and
  
  
  

industry best practices;

• Ensure high quality of audit, risk and compliance related work products;
• Train, manage, and mentor team members;
• Adhere to and maintain strong ethical and professional standards when interacting with auditees and other stakeholders, such as agencies personnel and New York City Public;
• Handle special projects and initiatives as assigned.
  
  
  

HOURS/SHIFT

Day - Due to the necessary technical support duties of this position in a 24/7 operation, candidate may be required to work various shifts such as weekends and/or nights/evenings.

WORK LOCATION

Brooklyn, NY

TO APPLY - OPEN TO OTI EMPLOYEES ONLY

• Interested applicants with other civil service titles who meet the preferred requirements should also submit a resume for consideration
  
  
  

Please go to www.cityjobs.nyc.gov and search for Job ID #687851

SUBMISSION OF A RESUME IS NOT A GUARANTEE THAT YOU WILL RECEIVE AN INTERVIEW

APPOINTMENTS ARE SUBJECT TO OVERSIGHT APPROVAL

OTI participates in E-Verify

Minimum Qualifications

A baccalaureate degree from an accredited college and four years of satisfactory full-time experience related to projects and policies required by the particular position; or,

Education and/or experience which is equivalent to "1" above.

Preferred Skills

The preferred candidate should possess the following: - A minimum of 7 years of experience in cybersecurity and/or IT auditing and assessments. - Two or more of the following certifications: o Certified Information Systems Auditor (CISA) o Certified Information Systems Security Professional (CISSP) o Certified in Risk and Information Systems Control (CRISC) o Certified Information Security Manager (CISM) o Certified Public Accountant (CPA) - 6+ years of relevant cyber security related experience and experience in operational IT and audit/consulting, specifically performing penetration testing and vulnerability assessment engagements - Ability to work effectively in a team environment highly organized, motivated and self-directed professional - Knowledge of hardware, software, data, and network principles and systems related to Private and/or Public Sectors services - Familiarity with cybersecurity framework(s) (NIST, SANS, PCI, ISO 27001/27002, or CIS) - Excellent oral and written communication skills, including the ability to explain complex issues in plain language - Knowledge of current and evolving cyber threat landscape, laws, regulations, policies, and ethics as they relate to cybersecurity and information privacy - Experience managing risk exception requests and high-priority risk assessments - Expertise in managing and maintaining comprehensive risk registers to track vulnerabilities and ensure timely risk mitigation - Familiarity with NYC cybersecurity policies, standards, and directives, ensuring citywide compliance - Knowledge of web/non-web/native mobile system and application security threats and vulnerabilities (e.g., buffer overflow, cross-site scripting, code injections, race conditions, covert channel, replay, return-oriented attacks, malicious code) - Knowledge of secure configuration management techniques. (e.g., Security Technical Implementation Guides (STIGs), cybersecurity best practices on cisecurity.org).

Public Service Loan Forgiveness

As a prospective employee of the City of New York, you may be eligible for federal loan forgiveness programs and state repayment assistance programs. For more information, please visit the U.S. Department of Education’s website at https://studentaid.gov/pslf/.

Residency Requirement

New York City Residency is not required for this position

Additional Information

The City of New York is an inclusive equal opportunity employer committed to recruiting and retaining a diverse workforce and providing a work environment that is free from discrimination and harassment based upon any legally protected status or protected characteristic, including but not limited to an individual's sex, race, color, ethnicity, national origin, age, religion, disability, sexual orientation, veteran status, gender identity, or pregnancy.