The Director of Information and Cyber Security (Director) for the New York State Executive Chamber will represent the Chamber’s interests with respect to the security of its information and information systems and have a senior role in decisions affecting information security and assurance, and third-party risk management. The Director is responsible for implementing, enhancing, monitoring, and enforcing all Executive Chamber and State information security policies and standards. They recommend and approve agency security policies, standards, processes, third party risk, and education and awareness programs to verify that appropriate safeguards are implemented; and facilitate compliance with those policies, standards, and processes. The Director oversees the investigation and response to alleged information security violations, incidents, and events.
The Director is responsible for serving as the Executive Chamber’s main subject matter expert on information and cyber security practices. They will ensure industry-standard best practices are used to protect all information technology assets within the Executive Chamber’s network.
Routine travel between NYC and Albany offices required.
Specific Duties Include:
- Oversees and/or directs all cybersecurity activities for the Executive Chamber within the Computer Services Unit, including supervision of (Information Security) and lower-level information security positions.
- Identifies and assists supporting agencies in classifying and protecting information assets that support critical business functions and managing related cybersecurity risks.
- Develops, drafts, oversees and/or facilitates the implementation of information security policies and standards.
- In conjunction with executive management, will manage cybersecurity risk by ensuring compliance with cybersecurity policies and relevant laws.
- Leads, develops, and directs problem solving initiatives, and anticipates information security needs, based on research of industry trends.
- Coordinates information security risk management initiatives across information technology and business teams.
- Reviews the framework for all information security initiatives including budgets, staff resources, hardware, software, and cloud needs and procurements, and ensures that agencies’ business needs are considered.
- Identifies, evaluates, reports, and advises executive management on cybersecurity risks, with consideration for business needs, legal compliance, and regulatory requirements.
- Oversees and/or manages cybersecurity threat and vulnerability analysis and develops and updates information security strategic plans.
- Manages vendor and third-party risk, as well as sets forth security standards for hardware, software, cloud, and other information technology products.
- Develops disaster recovery plans, continuity plans, and incident response plans.
- Works with executive management to determine acceptable levels of risk for the Chamber.
- Develops and/or guides the development and implementation of safeguards to ensure system resiliency; coordinates the protection of critical infrastructure services; directs detection, containment, and cybersecurity incident response activities.
- Oversees and/or directs the development and management of the Computer Services cyber security incident response and technical services program.
- Manages and conducts incident response, cyber security network scans, penetration testing and cyber threat and vulnerability analysis, and makes recommendations for mitigating cyber risks to stakeholders.