The New York City Comptroller’s Office seeks a creative, detail-oriented, and hands-on IT and Information Security Specialist to assist with specialized IT and cybersecurity audits and act as subject matter expert in analyzing complex information systems, IT architectures, platforms, operating systems, storage & database solutions, virtualization configuration, encryption, digital certificates, directory services, communication components, networks, network security appliances, and servers.
The Audit Bureau’s IT Division plans and executes a wide variety of information technology and cybersecurity audits of New York City government IT systems, projects, and contracts, in accordance with the New York City Charter and generally accepted government auditing standards. Under the supervision of the Manager of IT and Security Audits and the general direction of the Director, the IT Security Specialist’s responsibilities include, but are not limited to, the following:
– Conducts research and analysis of City agencies’ IT systems and cybersecurity posture, including software, hardware architecture and overall IT infrastructure to determine risks to the agency and report findings; reviews measures and controls, and provide a technical assessment; assess digital files and information systems against established City and industry standards, and latest security best practices;
– Conducts tests of internal controls for audits and investigations of IT, cybersecurity, telecommunications, and other projects involving technical services; performs audit procedures and security tests necessary to meet audit objectives or assigned tasks in compliance with Generally Accepted Government Auditing Standards including Information Technology and Security standards; assists the IT Auditors and supervisors during audits by providing specialized technical and IT cyber security training or orientation, as required;
– Prepares audit work papers, drafts audit findings and recommendations and discusses them with auditors and supervisors; assists in the development, updating, revising, and improving of IT audit testing procedures and programs and assists in creating technical cyber security audit programs;
– Reviews internal and external security controls including from outside vendors; reviews network, intrusion detection and prevention configuration systems, and vulnerability reports; analyzes weaknesses and deviations from best practices or published standards and recommends countermeasures;
– Acts as the IT Audit Division’s representative in the field and as liaison between the Comptroller’s Office and the agency/entity being audited, and,
– Performs other related work or special studies as may be required.
The NYC Comptroller’s Office is an Equal Opportunity Employer