Cloud Risk Analyst
Job Details
LIC - Central DOHMH - Long Island City, NY
Full Time
Cloud Risk Analyst

The Fund for Public Health in New York City (FPHNYC) is a 501(c)3 non-profit organization that is dedicated to the advancement of the health and well-being of all New Yorkers. To this end, in partnership with the New York City Department of Health and Mental Hygiene (DOHMH), FPHNYC incubates innovative public health initiatives implemented by DOHMH to advance community health throughout the city. It facilitates partnerships, often new and unconventional, between government and the private sector to develop, test, and launch new initiatives. These collaborations speed the execution of demonstration projects, effect expansion of successful pilot programs, and support rapid implementation to meet the public health needs of individuals, families, and communities across New York City.



The Division of Information Technology aims to align technology solutions with the DOHMH mission by prioritizing resource use and deploying innovations that facilitate the agencys day-to-day activities and enhance staff productivity and efficiency. Our goal is to provide users with a reliable, stable, and safe computing environment, through the collaboration of the Bureau of Technology Strategy & Project Management provides business analysis and IT project management services to define and deliver IT solutions that meet all program needs.



The New York City Department of Health and Mental Hygiene (DOHMH) is seeking a qualified individual to fill its Cloud Risk Analyst role. We are looking for a Risk Analyst to join a team responsible for the assessment of information security practices and posture of commercial Cloud vendors and their delivery models, including IaaS, PaaS, and SaaS. Responsibilities include the research and the analysis to establish tactics, techniques and procedures for vulnerability scanning, remediation, and mitigation, including risk assessments and risk reporting. Document and maintain cybersecurity and privacy policies, legal agreements, vendor vs owner responsibilities, compliance artifacts, standards for compliance, system authentication/authorization, and management in a commercial Cloud environment.



  • The selected candidate will work with DOHMH staff to properly capture issues and assist with resolution. They will ensure proper follow-up occurs and that all issues are resolved within an estimated timeframe. In addition, the hire will:
    • Keep abreast of the latest security, privacy, and regulatory concerns and best practices impacting third party risk management.
    • Advise agency on any changes requested by third parties to security and privacy provisions of agreements or contracts.
    • Collaborate with IT project management and operational teams to design secure cloud infrastructure plans and services.
    • Perform analysis on the security for all cloud services including but not limited to: AWS, Microsoft Azure, Google, etc.
    • Provide subject matter expertise on cloud security, automation and virtualization.
    • Develop, document, and validate policies, processes and/or procedures relating to a variety of cloud concepts and standards.
    • Develop cloud security metrics to analyze risk and identify potential opportunities to reduce vulnerabilities.
    • Collaborate with all parties and city Cyber Command Center to obtain disposition of cloud solution and update agency inventory list.


  • Broad knowledge of information security and privacy fundamentals.
  • Knowledge on applying risk management frameworks such as NIST, FISMA, or ISO 27000.
  • Knowledge in SSAE 16, SOC 2, Shared Assessments, FedRAMP, and other vender risk assessment methodologies.
  • Knowledge on Governance, Risk, and Compliance (GRC) and vendor risk management tools.
  • Excellent oral and written communication, ability to convey technical and security related concepts to people at all levels of the organization.
  • Proficient in the design and implementation of effective information security controls with minimal oversight.
  • Acute attention to detail with a high level of data integrity and accuracy.
  • Strong organizational and prioritization skills to handle multiple priorities.
  • Exposure to public cloud offerings and building cloud native applications.


Preferred Education/Skills:

  • Bachelors degree in information technology or Computer Science.
  • Industry recognized certifications within the domains of information security and privacy (e.g., CISSP, GIAC, CISM, CISA, CIPP, CTPRP, CCSP, etc.).
  • 5 years of working in an IT computer related field.
  • 3 years of hands-on technical experience in cloud administration.
  • 1 year of experience with Cloud Cybersecurity efforts and emerging technology aligned with the Risk Management Framework (RMF).



FPHNYC offers a comprehensive benefits package. The salary range for this position is commensurate with experience.



There is potential for this position to transition to DOHMH and therefore candidates must meet DOHMH eligibility requirement including NYC residency.



To apply, send Resume, with Cover Letter, including how your experience relates to this position. We ask that you do not contact our staff directly and no phone inquiries please. Applicants who best match the position needs will be contacted.



The Fund for Public Health in New York City is an Equal Opportunity Employer and encourages a diverse pool of candidates to apply.