Senior Auditor, Bureau of Audit Services

The nation’s leading public health agency, The New York City Department of Health and Mental Hygiene (DOHMH) is seeking a Cybersecurity Senior Auditor. This position will report to the Cybersecurity Audit Manager who reports to the Assistant Commissioner of Audit Service and Medicaid Compliance Officer.

Duties will include but not be limited to:

Conduct internal reviews of the Department’s general system controls (e.g., access security, change management, system development life cycle, disaster recovery, data center operations etc.), evaluate IT infrastructure in terms of risk to the Department and recommend controls to mitigate the risk • Assess Department’s compliance with federal requirements such as HIPAA Security and Privacy rules and other federal IT standards for local governments.

Perform reviews and testing of programs’ application controls as part of performance and fiscal audits (integrated audits) and assist Audit Management in drafting IT related findings and recommendations • Maintain on going and open communication with the Department’s programs on general and application control issues and implementation of corrective actions.

Prepare and maintain complete work paper documentation. • Research and stay up-to-date on IT risk management and relevant audit concepts and methods.

1. A baccalaureate degree, from an accredited college including or supplemented by twenty-four (24) semester credits in cyber security, network security, computer science, computer programming, computer engineering, information technology, information science, information systems management, network administration, or a pertinent scientific, technical or related area; or

2. A four-year high school diploma or its equivalent approved by a State’s department of education or a recognized accrediting organization and three years of satisfactory experience in any of the areas described in “1” above; or

3. Education and/or experience equivalent to “1” or “2”, above. College education may be substituted for up to two years of the required experience in “2” above on the basis that sixty (60) semester credits from an accredited college is equated to one year of experience. In addition, twenty-four (24) credits from an accredited college or graduate school in cyber security, network security, computer science, computer programming, computer engineering, information technology, information science, information systems management, network administration, or a pertinent scientific, technical or related area; or a certificate of at least 625 hours in computer programming from an accredited technical school (post high school), may be substituted for one year of experience.