• Develop and implement a technology risk assessment process that is designed to identify, evaluate, prioritizes the top technology threats and Cyber security vulnerabilities to DOHMH.
• Analyze and evaluate technical, administrative and governance controls relevant to cyber security, identity and access security, web applications security, mobile applications, data sharing, third-party contractors etc. and provide risk reduction recommendations.
• Perform system control audits, general control reviews and audits coordinated with operational and financial auditors.
• Assess Department's compliance with the Health Insurance Portability and Accountability Act (HIPAA), evaluate Department's IT governance, policies and procedures using NIST framework, and other professional standards, including citywide Office of Technology and Innovation's policies.
• Recommend solutions to improve effectiveness and efficiencies and enhance Department’s IT policies and procedures.
• Develop summary reports of findings, and recommendations.
• Manage, supervise, and mentor the Cyber audit staff.
• Maintain ongoing and open communication with the Department's IT leadership.
• Validate the implementation of corrective actions.
• Research and stay up to date on technological advancements, Cyber security risk management Artificial Intelligence/Gen AI and relevant audit concepts and methods.

Required Qualifications:

1. A master's degree in computer science from an accredited college or university and three (3) years of progressively more responsible, full-time, satisfactory experience in Information Technology (IT) including applications development, systems development, data communications and networking, database administration, data processing, or user services. At least eighteen (18) months of this experience must have been in an administrative, managerial or executive capacity in the areas of applications development, systems development, data communications and networking, database administration, data processing or in the supervision of staff performing these duties; or
2. A baccalaureate degree from an accredited college or university and four (4) years of progressively more responsible, full-time, satisfactory experience as described in "1" above; or
3. A four-year high school diploma or its educational equivalent, and six (6) years of progressively more responsible, full-time, satisfactory experience as described in "1" above; or
4. A satisfactory combination of education and experience equivalent to "1", "2" or "3" above. However, all candidates must have at least a four-year high school diploma or its educational equivalent and must possess at least three (3) years of experience as described in "1" above, including the eighteen (18) months of administrative, managerial, executive or supervisory experience as described in "1" above.

In the absence of a baccalaureate degree, undergraduate credits may be substituted for a maximum of two (2) years of the required experience in IT on the basis of 30 semester credits for six (6) months of the required experience. Graduate credits in computer science may be substituted for a maximum of one (1) year of the required experience in IT on the basis of 30 graduate semester credits in computer science for one (1) year of the required IT experience. However, undergraduate and/or graduate credits may not be substituted for the eighteen (18) months of experience in an administrative, managerial, executive, or supervisory capacity as described in "1" above.

Preferred Skills:

• 5+ years of IT risk management and proficient understanding of Cybersecurity threats and IT systems
• 2+ years managing information security assessments
• Proficient knowledge of enterprise class networks, data center, virtualization, storage, backup, disaster recovery, high availability, encryption, mobile and cloud systems
• Experience or proficient knowledge of with Microsoft Endpoint Configuration Manager, Microsoft Windows administration such as Active Directory.
• Experienced in the application of COBIT and/or NIST frameworks

NA