
Cyber Senior Audit Analyst
NYC Cyber Command
New York, NY
(New York City Residency is required within 90 days of appointment)
About New York City Cyber Command
New York City Cyber Command (NYC3) is committed to protecting City systems that provide vital services to New Yorkers from cyber threats, and helping residents become safer in their digital lives.
As the organization defending the largest municipality in the country, NYC3 is charged with directing citywide incident response, setting citywide cybersecurity policies and standards and working with city agencies to strengthen their cyber defenses.
Job Description
The Cyber Senior Audit Analyst will serve as an auditor in the Audit and Compliance unit for NYC3. Under the supervision of the Audit Manager, the Analyst will help to shape the Audit and Compliance program and enforce policies and procedures with regards to cyber security audits of and compliance of City agencies.
Responsibilities include:
- Conduct evaluations of cybersecurity programs or their individual components to determine compliance with Citywide and NYC3 published cybersecurity policies and standards;
- Review and conduct audits of the NYC Agencies cybersecurity programs and projects;
- Assess NYC Agencies’ documented information security and technology policies, procedures, and practices;
- Review service performance reports identifying any significant issues and variances, initiating, where necessary, corrective actions;
- Ensure that cybersecurity requirements are properly included in contract language and delivered timely;
- Draft and present audit findings report accompanied with working papers, concise controls assessment and systems testing reports (both narrative and table based);
- Engage in communications with NYC Agencies to assist Agencies in complying with the policies and standards.
Minimum Qualification Requirements for CYBER SECURITY ANALYST Civil Service Title
1. A baccalaureate degree, from an accredited college including or supplemented by twenty-four (24) semester credits in cyber security, network security, computer science, computer programming, computer engineering, information technology, information science, information systems management, network administration, or a pertinent scientific, technical or related area;
or
2. A four-year high school diploma or its equivalent approved by a State’s department of education or a recognized accrediting organization and three years of satisfactory experience in any of the areas described in “1” above;
or
3. Education and/or experience equivalent to “1” or “2”, above. College education may be substituted for up to two years of the required experience in “2” above on the basis that sixty (60) semester credits from an accredited college is equated to one year of experience. In addition, twenty-four (24) credits from
an accredited college or graduate school in cyber security, network security, computer science, computer programming, computer engineering, information technology, information science, information systems management, network administration, or a pertinent scientific, technical or related area; or a certificate
of at least 625 hours in computer programming from an accredited technical school (post high school), may be substituted for one year of experience.
CURRENT CITY EMPLOYEES WITH PERMANENT CIVIL SERVICE TITLES WHOSE SPECIFICATIONS ALIGN WITH THE ROLE ARE ENCOURAGED TO APPLY
Preferred Skills
The preferred candidate should possess the following:
- BS/BA degree in Business, Management Information Systems, Law, Computer Science, or a related field;
- JD, LLM, Master of Business Administration, Master of Public Administration or similar is preferred;
- A minimum of 2 years of experience auditing IT systems;
- One or more of the following certifications: Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional
- (CISSP), Certified in Risk and Information Systems Control (CRISC), Certified Information Security Manager (CISM);
- 1+ years of relevant forensic and/or cyber security related experience;
- 1+ years’ experience in operational IT and audit/consulting, specifically performing penetration testing and vulnerability assessment engagements;
- Ability to work effectively in a team environment;
- Being highly organized, motivated and self-directed professional;
- Knowledge of hardware, software, data, and network principles and systems related to private and/or public sectors services;
- Understanding of commonly used computer operating systems, databases, network structures;
- Knowledge of Microsoft Office Suite: Word, Excel, PowerPoint, Access;
- Familiarity with cybersecurity framework(s) (NIST, SANS, PCI, ISO 27001/27002, or CIS);
- Investigative and analytical skills;
- Excellent oral and written communication skills, including the ability to explain complex audit issues in plain language;
- Knowledge of current and evolving cyber threat landscape;
- Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and information privacy
Best Computer Skills for Cyber Security Analysts
- IBM Data Science Professional Certificate by IBM
- Java Programming and Software Engineering Fundamentals Duke University
- Mathematics for Machine Learningby Imperial College London
- Cloud Computing by University of Illinois
- Data Mining by University of Illinois
- Applied Data Science with Python by University of Michigan
- Data in Database by Arizona State University
APPLY ONLINE AT NYC CYBER COMMAND