The Fund for Public Health in New York City (FPHNYC) is a 501(c)3 non-profit organization that is dedicated to the advancement of the health and well-being of all New Yorkers. To this end, in partnership with the New York City Department of Health and Mental Hygiene (DOHMH), FPHNYC incubates innovative public health initiatives implemented by DOHMH to advance community health throughout the city. It facilitates partnerships, often new and unconventional, between government and the private sector to develop, test, and launch new initiatives. These collaborations speed the execution of demonstration projects, effect expansion of successful pilot programs, and support rapid implementation to meet the public health needs of individuals, families, and communities across New York City.
PROGRAM OVERVIEW:
The Division of Information Technology aims to align technology solutions with the DOHMH mission by prioritizing resource use and deploying innovations that facilitate the agencys day-to-day activities and enhance staff productivity and efficiency. Our goal is to provide users with a reliable, stable, and safe computing environment, through the collaboration of the Bureau of Technology Strategy & Project Management provides business analysis and IT project management services to define and deliver IT solutions that meet all program needs.
POSITION OVERVIEW:
The New York City Department of Health and Mental Hygiene (DOHMH) is seeking a qualified individual to fill the Application Security Risk Analyst role. The application security analyst will join a team responsible for security assessments of applications and other software to identify vulnerabilities, threats, and risk. The analyst will lead vulnerability assessments and monitoring services across several applications. They will also develop proactive cybersecurity security strategies and guidance documentation to empower the agency to better protect its data, integrity, and reputation.
RESPONSIBILITIES:
- Collaborate with IT project managers and operational teams to conduct thorough cybersecurity risk assessments to develop appropriate information security plans, procedures, and control techniques.
- Ensure adequate and appropriate security controls are in place to ensure the agency's digital assets are protected from unauthorized access for both on-premises and off-premises systems.
- Intake security requests for application deployment, software/hardware use, and changes in access control including the report of exceptions/risk acceptance for further review and remediation.
- Responsible for generating reports for business and technical managers to evaluate the efficacy of the security controls in place.
- Continually perform research to strengthen the agencys digital security including programs designed to encrypt/protect data and to prevent future hacks and breaches.
- Monitor compliance with information security policies and procedures.