NYPL Technology provides IT services supporting the library's mission. This includes, desktop, networking, systems, and cybersecurity services. The Cybersecurity team is tasked with maturing NYPL's overall security posture to ensure we safeguard PII and critical systems throughout the library.
The Manager, Cybersecurity will have tactical ownership of all technologies/tools, and will exert significant influence on the maturation of the organizations cybersecurity posture. The Manager will be the main point of contact for cybersecurity related matters and will offer advisory services to clients and peers, aide in prioritization, assists in making business cases, and will keep Senior IT Management up-to-date on relevant issues.
Reporting to the Director, Information Security & Systems Engineering, the Manager will:
* provide cybersecurity advisory services to clients and peers in IT that aim to instill confidence in NYPL's ability to safeguard PII and critical systems * work closely with peers in IT, and partners throughout the Library, to identify gaps and implement cost-effective solutions * lean towards low-cost solutions, including open source software, and possess the technical know-how to deploy, configure, and administer these products * garner support for choices amongst colleagues and facilitate cooperation to implement solutions that require resource allocation from cross-functional teams * hold his/her own in deeply technical conversations across all IT disciplines and support colleagues in prioritizing and addressing issues while keeping business objectives in mind. Do the same in non-technical conversations as it relates to cybersecurity * write opinions, documentation, policies, procedures and other cybersecurity related pieces that will be reviewed as high as the executive level with the intention of org-wide adoption * support the development of a cybersecurity aware culture leveraging assistance from business partners in Learning & Development * have tactical, hands-on, ownership of all cybersecurity tools and significantly influence the cybersecurity roadmap * enhance executive cybersecurity reporting, including ownership of the CISO dashboard * practice a bias towards action and take ownership; you're helpful, curious, and resourceful * mentor one cybersecurity engineer directly and indirectly mentor others in IT with cybersecurity responsibilities.
This role is hands-on and requires a depth of IT knowledge, as such the Manager:
* is not an Application Developer or DBA, but possess adequate skills to write code/scripts (language of your choice) to solve common administration issues and perform data analysis * understands OAuth, LDAP, and REST API well enough to stitch things together. * adapts to changes on the fly, is able to consider and evaluate alternative / competing options, makes tough decisions and follows-through * is able to work through obstacles, negotiate with colleagues, and can handle conflict when necessary * is comfortable discussing legal, financial, and privacy matters as it relates to cybersecurity * commit to execution when consensus is reached
Required Education & Experience
* Bachelor's Degree in Computer Science, Engineering, CIS or MIS * Minimum of 10 years experience in a technology services with 5 years of IT security focus or combination of work and education
* Excellent technical and non-technical verbal and written communication skills * Strong experience with NIST and ISO cybersecurity standards and their application in a real-world business setting * Experience being the lead, or strong influencer, in implementing new policies and procedures across an organization * Proven ability to assess risks while thinking pragmatically about remediation options * Excellent critical thinking skills with proven track record of solving complex problems with difficult budget and resource constraints * Proven ability to adapt to changing circumstances * 3 years experience in building cross-functional relationships to accomplish business objectives, both within the IT dept and with organization's Legal and Privacy practices * 3 years advising clients and peers on system, application, or service designs with a focus on cybersecurity * Broad and strong hands-on experience across all Information Security domains including Anti-Virus, SIEM, Log Aggregation, WAF, Firewalls, MDR, Patch Management, Vulnerability Management, Penetration Testing, etc. * Broad hands-on experience with, or deep technical understanding of concepts, across all Information Technology domains including networking, systems engineering, cloud, application development, mobile, desktops, etc.
* 3-5 years experience as a systems or networking administrator * 1-2 years light application development experience * Certifications - cybersecurity or in other technical IT areas * ITIL knowledge * Experience with IT financials - ROI, Cost/Benefit, Budget Planning; Presentation and Spreadsheet know-how
All team members are expected and encouraged to embody the NYPL Core Values:
* Be Helpful to patrons and colleagues * Be Resourceful in solving problems * Be Curious in all aspects of your work
* Office setting
* Limited physical effort is required
Regular operating hours between 8am and 6pm On-call, after-hours, and weekends as necessary
Union / Non Union
Non Union Associated topics: chief program officer, cpo, manage, manager, management, monitor, product manager, project manager, relationship manager, task