The Fund for Public Health in New York City (FPHNYC) is a 501(c)3 non-profit organization dedicated to advancing the health and well-being of all New Yorkers. To this end, in partnership with the New York City Department of Health and Mental Hygiene (DOHMH), FPHNYC incubates innovative public health initiatives implemented by DOHMH to advance community health throughout the city. It facilitates partnerships, often new and unconventional, between the government and the private sector to develop, test, and launch new initiatives. These collaborations speed the execution of demonstration projects, effect expansion of successful pilot programs, and support rapid implementation to meet the public health needs of individuals, families, and communities across New York City.
Program Overview
The Division of Information Technology aims to align technology solutions with the DOHMH mission by prioritizing resource use and deploying innovations that facilitate the agency’s day-to-day activities and enhance staff productivity and efficiency. Our goal is to provide users with a reliable, stable, and safe computing environment through the collaboration of the Bureau of Technology Strategy & Project Management, which provides business analysis and IT project management services to define and deliver IT solutions that meet all program needs.
POSITION OVERVIEW:
The New York City Department of Health and Mental Hygiene (DOHMH) is seeking a qualified Cloud Risk Analyst. We are looking for a Risk Analyst to join a team responsible for the assessment of information security practices and posture of commercial Cloud vendors and their delivery models, including IaaS, PaaS, and SaaS. Responsibilities include the research and the analysis to establish tactics, techniques and procedures for vulnerability scanning, remediation, and mitigation, including risk assessments and risk reporting. Document and maintain cybersecurity and privacy policies, legal agreements, vendor vs owner responsibilities, compliance artifacts, standards for compliance, system authentication/authorization, and management in a commercial Cloud environment.
RESPONSIBILITIES:
- The Cloud Risk Analyst will work with DOHMH staff to properly capture issues and assist with resolution. The consultant will ensure proper follow-up occurs and that all issues are resolved within an estimated timeframe. In addition, the consultant will:
- Keep abreast of the latest security, privacy, and regulatory concerns and best practices impacting third party risk management.
- Advise agency on any changes requested by third parties to security and privacy provisions of agreements or contracts.
- Collaborate with IT project management and operational teams to design secure cloud infrastructure plans and services.
- Perform analysis on the security for all cloud services including but not limited to: AWS, Microsoft Azure, Google, etc.
- Provide subject matter expertise on cloud security, automation and virtualization.
- Develop, document, and validate policies, processes and/or procedures relating to a variety of cloud concepts and standards.
- Develop cloud security metrics to analyze risk and identify potential opportunities to reduce vulnerabilities.
- Collaborate with all parties and city Cyber Command Center to obtain disposition of cloud solution and update agency inventory list.
QUALIFICATIONS:
- Broad knowledge of information security and privacy fundamentals.
- Knowledge on applying risk management frameworks such as NIST, FISMA, or ISO 27000.
- Knowledge in SSAE 16, SOC 2, Shared Assessments, FedRAMP, and other vender risk assessment methodologies.
- Knowledge on Governance, Risk, and Compliance (GRC) and vendor risk management tools.
- Excellent oral and written communication, ability to convey technical and security related concepts to people at all levels of the organization.
- Proficient in the design and implementation of effective information security controls with minimal oversight.
- Acute attention to detail with a high level of data integrity and accuracy.
- Strong organizational and prioritization skills to handle multiple priorities.
- Exposure to public cloud offerings and building cloud native applications.
- Preferred Education/Skills:
- Bachelor’s degree in information technology or Computer Science.
- Industry recognized certifications within the domains of information security and privacy (e.g., CISSP, GIAC, CISM, CISA, CIPP, CTPRP, CCSP, etc.).
- 5 years of working in an IT computer related field.
- 3 years of hands-on technical experience in cloud administration.
- 1 year of experience with Cloud Cybersecurity efforts and emerging technology aligned with the Risk Management Framework (RMF).
- pressure.
SALARY
- Salary range is $80,000 to $100,000.
WORK SCHEDULE
9 AM – 5 PM
Monday – Friday
In-Office/Hybrid/Remote
Work Location
42-09 28 th Street, Long Island City, New York, 11101
Benefits At a Glance
FPHNYC offers a comprehensive benefits package
- Generous Paid Time Off (PTO) policy
- Medical, dental, and life insurance with low or no employee contribution
- A retirement savings plan with generous employer contribution
- Flexible spending medical and commuter benefits plan
- Meaningful work at an organization striving to advance health equity and social justice
RESIDENCY REQUIREMENT
You must live in New York City Tri-state area (NY, NJ, CT) in order to be considered for a position at FPHNYC.
TO APPLY
To apply, upload Resume, including how your experience relates to this position. Applicants who best match the position needs will be contacted.
The Fund for Public Health in New York City is an Equal Opportunity Employer and encourages a diverse pool of candidates to apply.
Apply Now