You are viewing a preview of this job. Log in or register to view more details about this job.

Cyber Audit Manager

NYC Cyber Command
Email
About New York City Cyber Command 
 
Mission. NYC Cyber Command leads the City’s cyber defense efforts, working across more than 100 agencies and offices to prevent, detect, respond, and recover from cyber threats. NYC3 protects NYC infrastructure and critical systems from malicious attacks and safeguards the data, devices, and services of the City. 
 
Culture. Foremost, we serve the people of the City of New York, so earning - and keeping - their trust is paramount. To deserve that trust, we relentlessly focus on facts, provide sound judgment, and maintain a healthy culture. We pride ourselves on having a respectful and inclusive workplace built on kindness, honest intellectual debate, and excellent work. 
 
About the Position 

 The Audit Manager will serve as the deputy lead for the Audit and Compliance unit for NYC3. Under the supervision of the Director of Audit and Compliance, the Audit Manager will help to shape the Audit and Compliance program and enforce policies and procedures with regards to cyber security audits of and compliance of NY City agencies.
 
 Responsibilities include: 
  • Conduct evaluations of cybersecurity programs or their individual components to determine compliance with published policies and standards.
  • Review or conduct audits of cybersecurity programs and projects.
  • Staff, manage, and mentor team members. 
  • Assess and revise client documented information security and technology policies, procedures and practices.
  • Develop and manage internal policies, procedures and process re. compliance and best practices.
  • Provide recommendations for possible improvements to the Audit and Compliance program and upgrades.
  • Review service performance reports identifying any significant issues and variances, initiating, where necessary, corrective actions and ensuring that all outstanding issues are followed up on and remediated.
  • Ensure that cybersecurity requirements are included in contract language and delivered timely.
  • Draft and present audit findings report w. working papers, concise controls assessment and systems testing reports (both narrative and table based).

Minimum Qualification Requirements 
 
1.   A baccalaureate degree from an accredited college and four years of satisfactory full-time experience related to projects and policies required by this position. or 
2.   Education and/or experience which is equivalent to "1" above. 
 
Preferred Skills 

  • BS/BA degree in Business, Management Information Systems, Law, Computer Science, or related field.
  • JD, Master of Business Administration, Master of Public Administration or any other master’s degree in Management of Administration may be substituted for an additional year of general work experience.
  • 4+ years of relevant forensic and/or cyber security related experience.
  • 4+ years’ experience in operational IT and audit/consulting, specifically performing penetration testing and vulnerability assessment engagements.
  • Highly organized, motivated and self-directed professional. 
  • Some knowledge of information technology (IT) architectural concepts and frameworks.
  • Intermediate to Advanced knowledge of Microsoft Office Suite: Word, Excel, PowerPoint, Access.
  • Basic understanding of commonly used operation systems, databases, network structures.
  • Ability to work independently when given specific instructions. 
  • CFE license is a plus.
  • Familiarity with cybersecurity framework(s) (NIST, PCI, ISO 27001/27002, or CIS)
  • Experience in conducting audits or review of technical systems.
  • Experience in implementation of cybersecurity policies and standards and tracking compliance.
  • Strong investigative and analytical skills.
  • Excellent oral and written communication skills, including the ability to explain complex audit issues in plain language.
  • Knowledge of current and evolving cyber threat landscape.
  • Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and information privacy.
  • Preferred certifications include ISACA, CISA, CISM, and CISSP.
  • Knowledge of Supply Chain Risk Management Practices (NIST SP 800-161).

To Apply