Position Summary: The IT Security Vendor Risk Management Analyst will perform complex critical functions in the third-party vendor Risk Management discipline. These various functions include providing direct support to the Threat Management team's key verticals, reviewing and analyzing tactical and technical intel, and coordinating with members of the Cyber Security Threat Intelligence and security operations team. This position will work with the New York City Public School (NYCPS) security team to ensure that all DITT-managed locations have the critical resources and support needed to provide the best possible services to the public. The IT Security Vendor Risk Management Analyst maintains the blend of central, school, and public-facing web applications and databases, with over 1 million endpoints for students, faculty, and administrative staff. The activities of this role will be split between day-to-day operations and working on new and existing cybersecurity-related projects. Performs related work.
Reports To: Director – Third Party Risk,
DIIT
Direct Reports: N/A
Key Relationships: Works collaboratively with other NYCPS departments such as the Office of Safety and Youth Development (OSYD). Acts as the point of contact for School Principals, Students, Schools Technical Staff, School Administration. NYPD, FBI, and SCI. Provides consultative services to schools and other DIIT divisions as needed by implementing best practices regarding security standards. Assist with technical relationships with the following strategic partners: Symantec, Rapid 7, and Zscaler, Proofpoint, Cisco.
Responsibilities
- Serves as subject matter expert on characterizing and analyzing network traffic to identify anomalous activity and potential threats to network resources.
- Administers audit and security GRC tools, such as One Trust, to document, maintain, and enhance controls.
- Monitors industry developments, liaises with vendors, and ensures compliance with Citywide and NYCPS security policies and standards.
- Engages in communications with NYCPS’ vendors to assist internal organizations in complying with NYCPS and NYC Citywide Third-Party Risk policies and standards.
- Remains current on cyber security trends and intelligence to enhance the incident response team's security analysis and identification capabilities.
- Evaluates emerging security technologies and provides recommendations to strengthen the information security environment.
- Performs security monitoring, analyzes security alerts and escalates security alters to support teams.
- Assists in presenting cybersecurity risks and gaps to stakeholders as appropriate.
- Collaborates with business and engineering executives to identify and enhance existing control processes.
Qualification Requirements
Minimum
- A baccalaureate degree, from an accredited college including or supplemented by twenty-four (24) semester credits in cyber security, network security, computer science, computer programming, computer engineering, information technology, information science, information systems management, network administration, or a pertinent scientific, technical or related area; or
- A four-year high school diploma or its equivalent approved by a State’s department of education or a recognized accrediting organization and three years of satisfactory experience in any of the areas described in “1” above; or
- Education and/or experience equivalent to “1” or “2”, above. College education may be substituted for up to two years of the required experience in “2” above on the basis that sixty (60) semester credits from an accredited college is equated to one year of experience. In addition, twenty-four (24) credits from an accredited college or graduate school in cyber security, network security, computer science, computer programming, computer engineering, information technology, information science, information systems management, network administration, or a pertinent scientific, technical or related area; or a certificate of at least 625 hours in computer programming from an accredited technical school (post high school), may be substituted for one year of experience.
Preferred
- 3+ years’ experience in governance, risk, and compliance and/or information security or audit.
- Strong knowledge of cybersecurity best practices, cybersecurity risk assessment methodology, vulnerability management, vendor management/Third-Party risk management.
- Knowledge of ServiceNow Ticketing Platform.
- Knowledge of Microsoft Azure Environment within Cybersecurity (Azure Security).
- Knowledge of Amazon Web Services Environment within the context of Cybersecurity AWS Security.
- Expertise in complex business processes and technological risks.
- Prior experience with third-party GRC and vendor management platforms.
- Excellent verbal and written communication skills with technical and non-technical audiences at all organizational levels.
- Candidate must be creative and possess a strong technical background, and familiarity with traditional and emerging security technologies and practices.
- Must be able to work independently with minimal supervision, and interact effectively with IT, Security, and Business leaders as well as school support staff.
- Plus at least one of the certifications listed below:
- CompTIA Security+.
- CompTIA CYSA+.
- International Information System Security Certification Consortium Inc.
- Certified in Cybersecurity (CC).
- International Information System Security Certification Consortium Inc.
- Systems Security Certified Practitioner (SSCP).
- Global Information Assurance Certification (GIAC) Security Essentials Certification (GSEC).
- EC-Council Certified Ethical Hacker (CEH).
Salary: $88,685 - $104,334
(Internal candidates who are selected for this position and who currently hold comparable or less senior positions within the DOE will not earn less than their current salary.)
Please include a resume and cover letter with your application.
NOTE: The filling of all positions is subject to budget availability and/or grant funding.
- New York City Residency is NOT Required *
We encourage all applicants from the New York City tri-state area to apply.
AN EQUAL OPPORTUNITY EMPLOYER
DOE Non- Discrimination Policy
The Department of Education of the City of New York is an inclusive equal opportunity employer committed to recruiting and retaining a diverse workforce and providing a work environment that is free from discrimination and harassment upon any legally protected status or protected characteristic, including but not limited to an individual's actual or perceived sex, race, color, ethnicity, national origin, age, religion, disability, sexual orientation, gender identity, veteran status, or pregnancy. For more information, please refer to the DOE Non-Discrimination Policy.
Public Service Loan Forgiveness As a prospective employee of the City of New York, you may be eligible for federal loan forgiveness programs and state repayment assistance programs. For more information, please visit the U.S. Department of Education's website at https://studentaid.gov/pslf/.