Associate Director, Cybersecurity

Associate Director, CybersecurityDepartment: Information TechnologyEmployment Type: Full TimeLocation: Crystal Building 40 W20th StReporting To: Jay HaqueCompensation: $145,000 - $175,000 / yearDescriptionOverviewNYPL Technology supports the Library’s mission through robust IT services, including business applications, desktop support, networking, systems, and cybersecurity. The Cybersecurity team safeguards personally identifiable information (PII) and critical systems across the Library.The Associate Director, Cybersecurity is a hands-on technical leader responsible for NYPL’s cybersecurity operations and team. This role requires both strategic oversight and direct execution — from managing security tools and incident response to communicating risks and building cross-functional alignment. The role also partners closely with the IT Policy and Strategy team to embed cybersecurity awareness and operational practices across the organization.We are looking for someone we can count on to:Own:Leadership of NYPL’s cybersecurity team and daily operationsTechnical architecture and administration of the cybersecurity ecosystemRelationships with business partners, vendors, and government entitiesCommunication of cybersecurity posture to senior leadershipCybersecurity KPIs, OKRs, and roadmap planningTeach:Mentor cybersecurity staff and build organization-wide awarenessGuide teams in understanding and balancing riskPartner with IT and business units to promote security-by-designLearn:The Library’s unique public-sector responsibilities and dynamicsEvolving regulatory and community expectationsHow to right-size tools and processes for transparency, scale, and resilienceImprove:Operational efficiency and incident response maturityCross-functional collaboration and communicationPublic trust in NYPL’s cybersecurity leadershipSome expectations for this role are that within:1 month, this person will:Directly review current network topology, configurations, and circuit health across 90+ sitesLog into and inspect FortiManager, FortiAnalyzer, and FortiGate firewall policiesValidate AWS networking setup including VPN tunnels, security groups, and routing tablesShadow the team during real-time incident response and review escalated network ticketsAssess monitoring and alerting workflows (SolarWinds, Cacti, etc.) for gaps or noise3 months, this person will:Personally lead a review and cleanup of legacy switch/router configs and firewall rulesOptimize alert thresholds and performance dashboards across network monitoring toolsAudit AWS VPC structure and VPN connectivity for resiliency and best practicesIntroduce configuration or automation improvements based on early observationsReport on baseline network health, ticket trends, and team responsiveness with recommendations6 months and beyond, this person will:Architect and implement targeted improvements (e.g., circuit upgrades, core switch refresh, AWS route tuning)Lead technical planning for capital projects, wiring closet rebuilds, and site expansionsServe as Tier-3 hands-on escalation for complex or recurring network incidentsValidate network security controls (segmentation, NAC, remote access) across all layersDeliver measurable gains in uptime, response time, and documentation maturityResponsibilitiesCore ResponsibilitiesDevelop and enforce cybersecurity policies, procedures, and standardsLead threat detection, investigation, and response efforts across the organizationAdminister and optimize NYPL’s cybersecurity tools, including EDR, NDR, and phishing defense platformsAnalyze security alerts and threat intel to drive real-time response and containmentConduct hands-on technical reviews of security events, response workflows, and emerging risksCoordinate audits, tabletop exercises, and maturity assessmentsReport on cybersecurity posture, risk trends, and incidents to senior leadershipCollaboration & CommunicationBuild alignment with stakeholders to balance security and operationsLiaise with NYC Cyber Command, Physical Security, and law enforcementAdvance cybersecurity awareness across the organizationPartner with IT and business leads to close security gapsLead complex, cross-functional cybersecurity initiativesMaintain trust through clear, timely communication during incidentsRequired Education, Experience & SkillsRequired Education & CertificationsBachelor's degree or combination of education and work experienceRequired Experience8+ years administering technology in widely distributed or decentralized organizations5+ years in a cybersecurity leadership role with direct stakeholder engagement responsibilities5+ years managing teams in complex, cross-functional environmentsDemonstrated experience operating in public sector, non-profit, or highly regulated settingsProven ability to lead and influence implementation of new cybersecurity policies and procedures across diverse teamsStrong hands-on experience with vulnerability management, network security, and systems securityFamiliarity with building and scaling cybersecurity programs from both strategic and operational perspectivesDeep knowledge of NIST, ISO, or similar cybersecurity frameworks and how to apply them in real-world business contextsExperience navigating regulatory compliance, public sector governance, and politically sensitive environmentsTrack record of leading cross-functional initiatives with multiple stakeholders, including boards, government agencies, and community partnersRequired SkillsExceptional written and verbal communication skills; able to tailor complex security topics for technical teams, business stakeholders, and executive leadershipStrong critical thinking and problem-solving abilities, with a track record of delivering solutions under tight budget and resource constraintsDeep understanding of risk management with pragmatic, business-aligned remediation strategiesDemonstrated ability to influence without authority across complex organizational structuresHigh emotional intelligence and the ability to navigate organizational dynamics and manage changeSkilled at building consensus among diverse stakeholder groups with competing prioritiesExperience translating technical risk into business impact for non-technical audiences, including executives and board membersFamiliarity with public sector environments, including political and community considerationsBroad hands-on expertise across core Information Security domains, including:Incident ResponseBCP/DREndpoint protection (AV/MDR)Security monitoring and SIEMLog aggregationWAF and firewall managementPatch and vulnerability managementPenetration testing and incident response coordinationManagerial/Supervisory ResponsibilitiesDirect management of a team with focus on developing both technical and soft skills. This position reports to the Senior Director, ITIO & Cybersecurity and coordinates executive communications through established IT leadership and communication channels.More...Core ValuesAll team members are expected and encouraged to embody the NYPL Core Values:Be Helpful to patrons and colleaguesBe Resourceful in solving problemsBe Curious in all aspects of your workBe Welcoming and InclusiveWork EnvironmentOffice setting with significant stakeholder interactionHybrid 3-on / 2-off as workload permitsPhysical DutiesLift equipment up to 25 lbsPre-Placement Physical Required?NoUnion/Non UnionNon-UnionFLSA StatusExemptScheduleAvailable on-call after hours and weekendsHybrid 3-on / 2-off as workload permitsTravel to NYPL sites as neededAvailability for stakeholder meetings and community events as requiredThis job description represents the types and levels of responsibilities that will be required of the position and shall not be construed as a declaration of all of the specific duties and responsibilities for the role. Job duties may change if Library priorities change. Employees may be directed to perform job-related tasks other than those specifically presented in this description as needed.The New York Public LibrarySalary StatementAt the Library, we believe that pay transparency and pay equity are important to ensuring we source the best candidates and keep the best employees. When making a determination as to the appropriate salary for a candidate, we consider a variety of factors such, including, but not limited to, the position requirements, the skills, prior experience, and educational background required or preferred for the job, the scope and impact of the role within the organization, internal peer equity, and the candidate's specific training, experience, education level, and skills. No single factor is conclusive; the Library reserves the right to consider any and all relevant factors and make a decision consistent with its policies.Union Salaries are determined by collective bargaining agreement(s). #J-18808-Ljbffr

Created: 2025-09-17