GOVERNANCE, RISK

APPLICANTS MUST BE PERMANENT IN THE COMPUTER SPECIALIST (SOFTWARE) CIVIL SERVICE TITLE.The DSS Accountability Office (DSS-AO) is responsible for protecting the integrity of social services programs administered by the New York City Department of Social Services (DSS) and ensuring that DSS complies with all statutory, regulatory, and contractual standards.Within DSS-AO, the Office of Data Security Management (ODSM) is responsible for the implementation and management of the Agency’s cyber security program. ODSM is tasked with continuously improving the Agency's risk posture by ensuring that appropriate security controls are in place to protect the confidentiality, integrity and availability of Agency information resources.The ODSM is recruiting for Computer Specialist Software II to function as a Governance, Risk and Compliance Lead who will: -Develop, implement and maintain cybersecurity programs, policies, plans and processes which align with Citywide and regulatory cybersecurity policies.- Identify, manage and maintain the work products required to implement cybersecurity programs, policies, plans and processes.- Flag and communicated Agency compliance issues and areas of risk ODSM management.- Work with CISO, allocate and manage funding for all information security activities.- Work with GRC Manager measure and monitor cost, schedule performance against the information security plan.- Work with AO staff on internal and external security audit responses.- Work with GRC manager to develop track and manage Agency Cybersecurity Training and awareness.- Develop and expand Agency vendor third party risk process.- Liaise between Agency Privacy Officer and Legal Offices.- Aid in incident response for compliance related issues and flag areas which may be beyond the Agency risk appetite. Hours/Shift: Monday to Friday 9 am - 5 pmWork Location: W BroadwayCOMPUTER SPECIALIST (SOFTWARE) - Minimum Qualifications A baccalaureate degree from an accredited college, including or supplemented by twenty-four semester credits in computer science or a related computer field and two years of satisfactory full-time software experience in designing, programming, debugging, maintaining, implementing, and enhancing computer software applications, systems programming, systems analysis and design, data communication software, or database design and programming, including one year in a project leader capacity or as a major contributor on a complex project; or A four-year high school diploma or its educational equivalent and six years of full-time satisfactory software experience as described in “1" above, including one year in a project leader capacity or as a major contributor on a complex project; or A satisfactory combination of education and experience that is equivalent to or above. College education may be substituted for up to two years of the required experience in above on the basis that sixty semester credits from an accredited college is equated to one year of experience. A masters degree in computer science or a related computer field may be substituted for one year of the required experience in or above. However, all candidates must have a four year high school diploma or its educational equivalent, plus at least one year of satisfactory full-time software experience in a project leader capacity or as a major contributor on a complex project. NOTE: In order to have your experience accepted as Project Leader or Major Contributor experience, you must explain in detail how your experience qualifies you as a project leader or as a major contributor. Experience in computer operations, technical support, quality assurance (QA), hardware installation, help desk, or as an end user will not be accepted for meeting the minimum qualification requirements. Special Note To be eligible for placement in Assignment Level IV, in addition to the Qualification Requirements stated above, individuals must have one year of satisfactory experience in a project leader capacity or as a major contributor on a complex project in data administration, database management systems, operating systems, data communications systems, capacity planning, and/or on-line applications programming.Preferred Skills- Strong knowledge of compliance frameworks and standards including but not limited to SOC 2 Type 1 and 2, ISO and ISO , CISA and NIST -53, PCI, FTI and HIPPA. - Experience or knowledge of compliance and regulatory environment related across industries and geographies such as SOC, PCI, ISO , HIPAA, SOX. - Experience developing, championing, and managing internal compliance and security awareness programs. - Knowledge of risks, vulnerabilities, controls and how risks impact production environment and ways to mitigate such risks. - Excellent communication and interpersonal skills. - Experience identifying, quantifying, assessing, and mitigating potential risk. - Knowledge of general IT security and IT acceptable use policies. - Cybersecurity auditing55a ProgramThis position is also open to qualified persons with a disability who are eligible for the 55-a Program. Please indicate at the top of your resume and cover letter that you would like to be considered for the position through the 55-a Program.Public Service Loan ForgivenessAs a prospective employee of the City of New York, you may be eligible for federal loan forgiveness programs and state repayment assistance programs. For more information, please visit the U.S. Department of Education’s website at class="jobad-residencyRequirement">Residency RequirementNew York City Residency is not required for this position