Business Information Security Officer - Lincoln, United States - City of New York

Description

The Office of Technology and Innovation (OTI) leverages technology to drive opportunity, improve public safety, and help government run better across New York City.

From delivering affordable broadband to protecting against cybersecurity threats and building digital government services, OTI is at the forefront of how the City delivers for New Yorkers in the 21st century.

Watch our welcome video to see our work in action, follow us on social media @NYCOfficeofTech, and visit to learn more.

At OTI, we offer great benefits, and the chance to work on projects that have a meaningful impact on millions of people.

You'll have the opportunity to work with cutting-edge technology and collaborate with other passionate professionals who share your drive and commitment to making a difference through technology.

About New York City Cyber Command

The New York City Office of Technology and Innovation (OTI) Cyber Command is committed to protecting City systems and technology infrastructure that provide and enable vital services to New Yorkers from cyber threats, and helping residents become safer in their digital lives.

As the organization defending the largest municipality in the country, OTI Cyber Command is charged with directing citywide incident response, setting citywide cybersecurity policies and standards and working with city agencies to strengthen their cyber defenses.

Mission Statement
"To lead and execute an innovative, intelligence-driven, risk-informed cyber defense and response strategy with the support of key partners and allies that enables the city government to properly function and provide services to New Yorkers".

Vision Statement
"New York City the most cyber-resilient city in the world"

Job Description

The Business Information Security Officer (BISO) serves as a trusted senior advisor to the citywide Chief Information Security Officer (CISO) and lines of business.

The BISO understands security risks and technologies and is able to effectively communicate them to business units.

The BISO is an advanced role supporting the cybersecurity program, serving as a central point of contact for the CISO and ensuring operations and strategy are working as planned.

In this role, the BISO also provides leadership support and helps ensure the CISOs strategic vision reaches across the diverse teams that support global enterprise security initiatives.

The BISO is an effective communicator and can readily collaborate with technical department leads and their direct reports.

On a daily basis, the BISO ensures the CISO is fully briefed and prepared for business and technical meetings, financial reporting, personnel management, operational stability, project status updates, strategic relationships, as well as incident(s) status and any breaking news related to cybersecurity.

The BISO must be capable of working closely with the executive team, third parties, project managers and subject matter experts (SMEs).

Additionally, the BISO must be personable and able to translate cybersecurity issues to business leader initiatives, understanding threats, as well as risk mitigations and technical controls recommended by security leaders.

Responsibilities include, but are not limited to:

• Serve as a trusted advisor to the CISO and lines of business;
• Act as a liaison and trusted point of contact across business units;
• Work closely with security leadership to instill cybersecurity policies and practices throughout business units;
• Be actively informed and engaged in security projects across the business;
• Provide disaster recovery and business continuity planning advice when working with leaders for business and cybersecurity resiliency;
• Enforce the strong security culture set forth by the CISO, ensuring uniformity across security leadership, business units and employees;
• Foster strong relationships with internal business units and excel in cybersecurity communication;
• Advise business units on enterprisewide people, process and technology security recommendations;
• Maintain uptodate knowledge related to security threats, vulnerabilities and mitigations set forth to reduce the attack surface; circulate this knowledge through the business units;
• Ensure business projects are focused on cybersecurity from the beginning;
• Identify and document threats and vulnerabilities that may impact the business and address them regularly with business units;
• In conjunction with security and business leaders, define key performance indicators (KPIs) and metrics aligning with business initiatives and deliver them to nontechnical teams in terms that are accessible and comprehensible;
• Provide motivation to business units to adopt cybersecurity controls;
• Stay abreast of new laws, regulations, and standards, and assess their impact to the business;
• Verify security content training initiatives and internal/external communication are conducted regularly;
• Openly support the CISO, management team and executive leadership, even during tumultuous times;
• Manage special projects and initiatives as assigned.

Minimum Qualifications

• A master's degree in computer science from an accredited college or university and three (3) years of progressively more responsible, full-time, satisfactory experience in Information Technology (IT) including applications development, systems development, data communications and networking, database administration, data processing, or user services. At least eighteen (18) months of this experience must have been in an administrative, managerial or executive capacity in the areas of applications development, systems development, data communications and networking, database administration, data processing or in the supervision of staff performing these duties; or
• A baccalaureate degree from an accredited college or university and four (4) years of progressively more responsible, full-time, satisfactory experience as described in "1" above; or
• A four-year high school diploma or its educational equivalent, and six (6) years of progressively more responsible, full-time, satisfactory experience as described in "1" above; or
• A satisfactory combination of education and experience equivalent to "1", "2" or "3" above. However, all candidates must have at least a four-year high school diploma or its educational equivalent and must possess at least three (3) years of experience as described in "1" above, including the eighteen (18) months of administrative, managerial, executive or supervisory experience as described in "1" above.

In the absence of a baccalaureate degree, undergraduate credits may be substituted for a maximum of two (2) years of the required experience in IT on the basis of 30 semester credits for six (6) months of the required experience.

Graduate credits in computer science may be substituted for a maximum of one (1) year of the required experience in IT on the basis of 30 graduate semester credits in computer science for one (1) year of the required IT experience.

However, undergraduate and/or graduate credits may not be substituted for the eighteen (18) months of experience in an administrative, managerial, executive, or supervisory capacity as described in "1" above.

Preferred Skills

The successful candidate should possess the following:

• Bachelor's degree with coursework in technical writing, political science, communications, business administration, international affairs, cyber security, computer engineering, or computer science
• Knowledge of technical terms and concepts of cyber security
• At least 10+ years' cybersecurity experience (or information technology coupled with cybersecurity), with at least 5+ years in an operationally focused role
• At least 3 years' experience working with business leadership and enterprise projects
• Strong written and verbal communication skills across all levels of the organization
• Capable of working with diverse teams and promoting an enterprisewide positive security culture
• High level of integrity, trustworthiness, and confidence, and able to represent the company and security leadership with the highest level of professionalism
• Adept at understanding business focus and processes and ability to inject cybersecurity into the business through teamwork and influence
• Strong project management, multitasking and organizational skills
• Ability to work effectively with diverse teams and varying personalities and adapt management style to effectively reach mutually beneficial outcomes
• Ability to attain and preserve credibility with the team through sustained industry knowledge
• Ability to motivate the team to achieve excellence and give credit and recognition where it is due
• Applicable knowledge of national and global cybersecurity policies, regulations, and security frameworks
• Demonstrated understanding and comprehension of a wide range of cybersecurity solutions. Additional Qualifications
• Proven trustworthiness and history of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating well
• Selfstarter requiring minimal supervision
• Possesses general business administration competencies
• Excellence in communicating privacy, business risk and remediation requirements from assessments
• Outstanding written and verbal business and cybersecurity communication skills
• Highly organized and efficient
• Demonstrated strategic and tactical thinking, along with decisionmaking skills and business acumen.

55a Program
This position is also open to qualified persons with a disability who are eligible for the 55-a Program.

Please indicate at the top of your resume and cover letter that you would like to be considered for the position through the 55-a Program.

Public Service Loan Forgiveness

As a prospective employee of the City of New York, you may be eligible for federal loan forgiveness programs and state repayment assistance programs.

For more information, please visit the U.S. Department of Education's website at
Residency Requirement
New York City Residency is not required for this position
Additional Information

The City of New York is an inclusive equal opportunity employer committed to recruiting and retaining a diverse workforce and providing a work environment that is free from discrimination and harassment based upon any legally protected status or protected characteristic, including but not limited to an individual's sex, race, color, ethnicity, national origin, age, religion, disability, sexual orientation, veteran status, gender identity, or pregnancy.

#J-18808-Ljbffr