ONLY PERMANENT EMPLOYEES IN THE TITLE AND THOSE THAT ARE REACHABLE ON THE CYBER SECURITY ANALYST CIVIL SERVICE LIST ARE ELIGIBLE TO APPLY.
Division/Program Summary:
Audit Services plays a leading role in risk-based assessments of the Department’s operational efficiencies, control effectiveness and compliance with federal laws, such as the Health Insurance Portability and Accountability Act (HIPAA), Citywide policies, and New York City Comptroller’s directives.
Position Summary:
This position will report to the Cyber Security IT Audit Manager in the Bureau of Audit Services, Office of the Chief Operating Officer.
Job Duties and Responsibilities:
- Plan and execute advisory, assessment and audit projects using information technology (IT) Governance, Risk and Compliance (GRC) best practices, methodologies and tools.
- Conduct research and analysis of the agency’ systems, IT hardware and network infrastructure, programs, IT contracts and procurement, IT professional services, and compliance with the City’s and Agency’s policies and procedures and in comparison, to federal and industry recommended standards, frameworks and controls.
- Assist in the development of cybersecurity audit plans, test plans, system analyses and IT system controls.
- Document and present IT advisory, assessment and audit reports – including test results – to all levels of management.
- Perform cybersecurity IT audits, security risk assessments, IT system integrity testing, IT controls reviews and integrated audits with fiscal auditors.
- Research, analyze and evaluate risks and controls relevant to cybersecurity and provide risk assessment and risk mitigation recommendations.
- Document project lessons learned and help identify risk management and performance improvement opportunities.
- Support Audit Management in conducting internal reviews of the Department’s general IT system controls (e.g., access control, audit and accountability, configuration management, contingency planning, incident response and disaster recovery, physical and environmental protection, data center operations, supply chain risk management, etc.), and recommend controls to mitigate risks.
- Support the assessment of Department’s compliance with federal requirements such as HIPAA Security and Privacy rules.
- Maintain ongoing and open communication with the Department’s programs – including the Division of Information Technology Office of Cybersecurity on general and application control issues and implementation of corrective actions.
- Prepare and maintain complete work paper documentation, memos, and letters.
- Act as the agency’s representative during external audits/ reviews, and as a liaison between the Comptroller’s Office, third party auditors/reviews and the division/bureau be