Job Description:

.Build new risk processes and implement risk frameworks to enable better monitoring and evaluation of risks

across the city.

.Manage complex, cross-functional projects, pushing through ambiguity and challenges which may arise.

. Work with stakeholders across various divisions, soliciting input and working through feedback.

.Evaluate risk of third parties used by New York City agencies.

.Document and track remediation of risks in the Risk Register.

. Review and analyze various cybersecurity risk cases, justification, and exceptions documents submitted by

agencies.

.Assist in the development of cybersecurity risk assessment procedures and testing methodologies based on

established frameworks and guidelines.

. Initiating corrective actions to remediate vulnerabilities or weaknesses where necessary.

.Engage in communications with NYC Agencies.

.Handle special projects and initiatives as assigned.

Responsibilities:

· A minimum of 4 years of experience in risk management or cybersecurity risk assessment or 4 years of experience evaluating and managing third parties in a cybersecurity team.

· BS/BA degree in Cybersecurity, Risk Management, Information Systems, Computer Science, or a related field.

· Ability to work effectively in a team environment.

· Being highly organized, motivated and a self-directed professional.

· Knowledge of hardware, software, data, and network principles and systems related to Private and/or Public Sectors services.

· Understanding of commonly used computer operating systems, databases, network structures.

· Familiarity with cybersecurity framework(s) (NIST, SANS, PCI, ISO 27001/27002, or CIS)

· Investigative and analytical skills.

· Excellent oral and written communication skills.

· Knowledge of the current and evolving cyber threat landscape.

· Knowledge of laws, regulations, policies, and ethics related to cybersecurity and information privacy.

. A minimum of 4 years of experience in risk management or cybersecurity risk assessment or 4 years of

experience evaluating and managing third parties in a cybersecurity team.

.BS/BA degree in Cybersecurity, Risk Management, Information Systems, Computer Science, or a related field.

. Ability to work effectively in a team environment.

. Being highly organized, motivated and a self-directed professional.

.Knowledge of hardware, software, data, and network principles and systems related to Private and/or Public

Sectors services.

. Understanding of commonly used computer operating systems, databases, network structures.

.Familiarity with cybersecurity framework(s) (NIST, SANS, PCI, ISO 27001/27002, or CIS)

.Investigative and analytical skills.

.Excellent oral and written communication skills.

. Knowledge of the current and evolving cyber threat landscape.

. Knowledge of laws, regulations, policies, and ethics related to cybersecurity and information privacy.