Application Security Risk Analyst

The Fund for Public Health in New York City (FPHNYC) is a 501(c)3 non-profit organization dedicated to advancing the health and well-being of all New Yorkers. To this end, in partnership with the New York City Department of Health and Mental Hygiene (DOHMH), FPHNYC incubates innovative public health initiatives implemented by DOHMH to advance community health throughout the city. It facilitates partnerships, often new and unconventional, between the government and the private sector to develop, test, and launch new initiatives. These collaborations speed the execution of demonstration projects, effect expansion of successful pilot programs, and support rapid implementation to meet the public health needs of individuals, families, and communities across New York City.

Program Overview

The Division of Information Technology aims to align technology solutions with the DOHMH mission by prioritizing resource use and deploying innovations that facilitate the agency’s day-to-day activities and enhance staff productivity and efficiency. Our goal is to provide users with a reliable, stable, and safe computing environment through the collaboration of the Bureau of Technology Strategy & Project Management, which includes business analysis and IT project management services to define and deliver IT solutions that meet all program needs.

POSITION OVERVIEW:

The New York City Department of Health and Mental Hygiene (DOHMH) seeks a qualified consultant for the Application Security Risk Analyst role. The application security analyst will join a team responsible for security assessments of applications and other software to identify vulnerabilities, threats, and risks. The analyst will lead vulnerability assessments and monitoring services across several applications. Develop proactive cybersecurity security strategies and guidance documentation to empower the agency to protect its data, integrity, and reputation.

RESPONSIBILITIES:

• Collaborate with IT project managers and operational teams to conduct thorough cybersecurity risk assessments to develop appropriate information security plans, procedures, and control techniques.
• Ensure adequate and appropriate security controls are in place to protect the agency’s digital assets from unauthorized access by both on-premises and off-premises systems.
• Intake security requests for application deployment, software/hardware use, and changes in access control, including the report of exceptions/risk acceptance for further review and remediation.
• Responsible for generating reports for business and technical managers to evaluate the efficacy of the security controls.
• Continually perform research to strengthen the agency’s digital security, including programs to encrypt/protect data and prevent future hacks and breaches.
• Monitor compliance with information security policies and procedures .

QUALIFICATIONS:

• Bachelor’s degree in Computer Science, Information technology, cybersecurity, or a related field or gain equivalent experience with relevant industry certifications.
• 5+ years of prior relevant IT experience.
• Ability to understand business needs and workflow requirements and translate these requirements into technical requirement documents.
• Familiarity with web application development technologies like .NET, JavaScript, AJAX, JSON, HTML5, and CSS.
• Familiarity with data modeling and relational databases like Oracle, SQL, MySQL, PostgreSQL, etc.
• Knowledge of R, Python, and Data Visualization Tools.
• Experience applying Risk Management frameworks.
• Familiarity with regulatory compliance and standards requirements.
• Knowledge of security controls in various commercial solutions such as Microsoft, Apple, Google, Cisco, and other enterprise network computing products.
• Knowledge of Windows platforms and security configurations for Active Directory, Federation Services, and LDAP.
• Strong written and verbal communication skills.
  

  ---

  APPLY