The Fund for Public Health in New York City (FPHNYC) is a 501(c)3 non-profit organization that is dedicated to the advancement of the health and well-being of all New Yorkers. To this end, in partnership with the New York City Department of Health and Mental Hygiene (DOHMH), FPHNYC incubates innovative public health initiatives implemented by DOHMH to advance community health throughout the city. It facilitates partnerships, often new and unconventional, between government and the private sector to develop, test, and launch new initiatives. These collaborations speed the execution of demonstration projects, effect expansion of successful pilot programs, and support rapid implementation to meet the public health needs of individuals, families, and communities across New York City.
The Division of Information Technology aims to align technology solutions with the DOHMH mission by prioritizing resource use and deploying innovations that facilitate the agencys day-to-day activities and enhance staff productivity and efficiency. Our goal is to provide users with a reliable, stable, and safe computing environment, through the collaboration of the Bureau of Technology Strategy & Project Management provides business analysis and IT project management services to define and deliver IT solutions that meet all program needs.
The New York City Department of Health and Mental Hygiene (DOHMH) is seeking a qualified individual to fill its Cloud Risk Analyst role. We are looking for a Risk Analyst to join a team responsible for the assessment of information security practices and posture of commercial Cloud vendors and their delivery models, including IaaS, PaaS, and SaaS. Responsibilities include the research and the analysis to establish tactics, techniques and procedures for vulnerability scanning, remediation, and mitigation, including risk assessments and risk reporting. Document and maintain cybersecurity and privacy policies, legal agreements, vendor vs owner responsibilities, compliance artifacts, standards for compliance, system authentication/authorization, and management in a commercial Cloud environment.
- The selected candidate will work with DOHMH staff to properly capture issues and assist with resolution. They will ensure proper follow-up occurs and that all issues are resolved within an estimated timeframe. In addition, the hire will:
- Keep abreast of the latest security, privacy, and regulatory concerns and best practices impacting third party risk management.
- Advise agency on any changes requested by third parties to security and privacy provisions of agreements or contracts.
- Collaborate with IT project management and operational teams to design secure cloud infrastructure plans and services.
- Perform analysis on the security for all cloud services including but not limited to: AWS, Microsoft Azure, Google, etc.
- Provide subject matter expertise on cloud security, automation and virtualization.
- Develop, document, and validate policies, processes and/or procedures relating to a variety of cloud concepts and standards.
- Develop cloud security metrics to analyze risk and identify potential opportunities to reduce vulnerabilities.
- Collaborate with all parties and city Cyber Command Center to obtain disposition of cloud solution and update agency inventory list.