Cybersecurity Lead in New York City, NY (9 Months Contract) ONSITE

Overview

On Site
Depends on Experience
Contract - W2
Contract - Independent
Contract - 9 Month(s)
No Travel Required
Able to Provide Sponsorship

Skills

Cloud Cybersecurity
RMF
CISA
CISM
CISSP
Cisco Certifications
FISMA
SIEM
SAP GRC
SAS 70
Servers
ISO/IEC 27000-series
Amazon Web Services

Job Details

Job Title: Cybersecurity Assessment Lead
Location: New York City, NY
Duration: 9 Months
Work Arrangement: Onsite, with potential for some remote or hybrid work

Job Description:
NYC Parks is seeking a qualified contractor to lead a comprehensive cybersecurity vulnerability assessment. The selected contractor will evaluate the agency’s current security posture, identify and validate vulnerabilities, and develop a remediation roadmap aligned with OTI’s Cyber Command and industry best practices (NIST CSF, HIPAA, ISO/IEC).

Key Responsibilities:

  • Review and assess NYC Parks’ current information security processes, personnel, and technology.

  • Identify all IT assets, including hardware, software, and IoT devices, and conduct vulnerability scans.

  • Establish inherent risk profiles and conduct business impact analyses for all critical business units.

  • Perform a NIST CSF-based risk assessment, considering evolving threats, business demands, and regulatory requirements.

  • Identify areas for improvement and develop recommendations and a remediation roadmap.

  • Provide baseline hardening guidelines for Windows 10/11 Servers and Desktops.

  • Produce key deliverables: project plan, BIA/risk profile report, NIST assessment gap report, remediation roadmap, and system hardening guidance.

  • Maintain regular communication with NYC Parks’ project owner, including weekly meetings and status updates.

Mandatory Minimum Qualifications:

  • At least 10 years of cybersecurity skills and practices for practitioners, architects, and CISO-level staff.

  • Lead practitioners must hold CISA and CISSP certifications (or equivalent).

  • Demonstrated familiarity with NIST CSF and Center for Security Fundamentals Framework.

  • Experience working with senior executive-level management.

  • Proven track record of conducting comprehensive cybersecurity vulnerability assessments, including references from at least two prior clients.

  • Ability to deliver digital project artifacts and reports as specified.

  • Must comply with Local Law 34 (Campaign Finance Law) and the Iran Divestment Act, including required certifications and forms.

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.

About Zaass Consulting, LLC