The New York City Housing Authority (NYCHA), the largest public housing authority in North America, provides decent, affordable housing for low- and moderate-income New Yorkers. NYCHA is home to 1 in 17 New Yorkers, providing affordable housing to over 500,000 authorized residents through public housing and Permanent Affordability Commitment Together (PACT) programs as well as Section 8 housing. NYCHA has nearly 200,000 apartments in over 2,400 buildings across 335 conventional public housing and PACT developments. In addition, NYCHA connects residents to critical programs and services from external and internal partners, with a focus on economic opportunity, youth, seniors, and social services. With a housing stock that spans all five boroughs, NYCHA is a city within a city.
Are you a cybersecurity leader looking to make a real difference? The New York City Housing Authority is seeking a dynamic and experienced Chief Information Security Officer to join our team. This isn't just another corporate gig – it's a chance to protect vital information and systems that impact the lives of hundreds of thousands of New Yorkers. As our CISO, you'll lead a diverse team of security professionals, drive innovation in our cybersecurity practices, and play a crucial role in safeguarding the largest public housing system in North America. We're looking for someone who can blend technical expertise with strategic vision, communicate effectively with both IT teams and executive leadership, and navigate the unique challenges of securing a large public organization. If you're passionate about cybersecurity, public service, and making a tangible impact on your community, we want to hear from you. Bring your skills, your creativity, and your commitment to excellence. Help us build a safer digital future for NYCHA and the residents we serve.
Roles and Responsibilities
- Strategic Leadership: Provide strategic direction and leadership for NYCHA's cybersecurity program. Align cybersecurity strategies with NYCHA objectives and regulatory requirements. Report to senior leadership and the board on cybersecurity risks, initiatives, and performance. Manage and mentor leaders of the Security Governance, Security Engineering, and Security Operations teams. Collaborate with other departments to ensure integration of security practices across the organization. Develop, mentor, and retain cybersecurity talent across NYCHA.
- Risk Management and Compliance: Lead enterprise-wide risk assessments and oversee the implementation of risk mitigation strategies. Ensure compliance with industry standards and regulatory requirements relevant to NYCHA. Oversee internal and external security audits and penetration testing. Support additional functions such as Privacy, Disaster Recovery, Legal Compliance, and cybersecurity insurance protection.
- Security Governance Oversight: Develop and refine the security program with innovative strategies and tactical plans, leveraging the latest industry research, threat analysis, and lessons learned from internal practices. Ensure security strategies align with NYCHA objectives and comply with relevant regulations. Review and approve security policies, standards, and procedures. Oversee the development and reporting of security metrics such as OKRs and KPIs to enable data-driven decision making. Guide the development and implementation of end-user security training and awareness programs.
- Security Engineering Oversight: Direct the planning, design, and implementation of security technologies and processes. Oversee the evaluation and integration of new security technologies. Ensure the team provides appropriate guidance on security controls to other NYCHA departments. Review and approve security architecture designs for protecting NYCHA data, applications, and infrastructure.
- Security Operations Oversight: Direct the continuous monitoring, detection, and response to cyber threats. Oversee the partnership with OTI Cyber Command for coordinated responses to Citywide cyber threats. Review and approve the incident response plan and its implementation. Guide security remediation efforts across teams.
- Budget and Resource Management: Develop and manage the information security budget across all of NYCHA IT. Justify security investments and demonstrate ROI to senior management.
- Vendor and Partner Management: Oversee the security aspects of vendor relationships and contracts. Manage relationships with external security partners and service providers.
- Continuous Improvement and Innovation: Stay informed about emerging threats and technologies in the cybersecurity landscape. Drive innovation in security practices across all of NYCHA.
NOTE: Due to the existence of a civil service list, candidates must have permanent civil service status in the title of Computer Systems Manager to be considered.
NOTE: This position is open to qualified persons with a disability who are eligible for the 55-a Program. Please indicate in your cover letter that you would like to be considered for the position under the 55-a Program. For detailed information regarding the 55-a Program, click on the link below:
https://bit.ly/55aProgram
Additional Information
1. INTERAGENCY TRANSFERS INTO NYCHA OF THOSE PERMANENT IN TITLE ARE NOT PERMITTED IN THE FACE OF AN ACTIVE AND VIABLE NYCHA PROMOTION LIST OR PREFERRED LIST FOR THE SAME TITLE.
2. NYCHA employees applying for promotional, title or level change opportunities must have served a period of one year at current location and in current title and level (if applicable).
3. NYCHA residents are encouraged to apply.
Please read this posting carefully to make certain you meet the minimum qualification requirements before applying to this position.
1. A master's degree in computer science from an accredited college or university and three (3) years of progressively more responsible, full-time, satisfactory experience in Information Technology (IT) including applications development, systems development, data communications and networking, database administration, data processing, or user services. At least eighteen (18) months of this experience must have been in an administrative, managerial or executive capacity in the areas of applications development, systems development, data communications and networking, database administration, data processing or in the supervision of staff performing these duties; or
2. A baccalaureate degree from an accredited college or university and four (4) years of progressively more responsible, full-time, satisfactory experience as described in "1" above; or
3. A four-year high school diploma or its educational equivalent, and six (6) years of progressively more responsible, full-time, satisfactory experience as described in "1" above; or
4. A satisfactory combination of education and experience equivalent to "1", "2" or "3" above. However, all candidates must have at least a four-year high school diploma or its educational equivalent and must possess at least three (3) years of experience as described in "1" above, including the eighteen (18) months of administrative, managerial, executive or supervisory experience as described in "1" above.
In the absence of a baccalaureate degree, undergraduate credits may be substituted for a maximum of two (2) years of the required experience in IT on the basis of 30 semester credits for six (6) months of the required experience. Graduate credits in computer science may be substituted for a maximum of one (1) year of the required experience in IT on the basis of 30 graduate semester credits in computer science for one (1) year of the required IT experience. However, undergraduate and/or graduate credits may not be substituted for the eighteen (18) months of experience in an administrative, managerial, executive, or supervisory capacity as described in "1" above.
The City of New York is an inclusive equal opportunity employer committed to recruiting and retaining a diverse workforce and providing a work environment that is free from discrimination and harassment based upon any legally protected status or protected characteristic, including but not limited to an individual's sex, race, color, ethnicity, national origin, age, religion, disability, sexual orientation, veteran status, gender identity, or pregnancy.