Incident Commander

Job Description

The Office of Technology and Innovation (OTI) leverages technology to drive opportunity, improve public safety, and help government run better across New York City. From delivering affordable broadband to protecting against cybersecurity threats and building digital government services, OTI is at the forefront of how the city delivers for New Yorkers in the 21st century. Watch our welcome video to see our work in action, follow us on social media NYCOfficeofTech, and visit oti.nyc.gov to learn more.

At OTI, we offer great benefits, and the chance to work on projects that have a meaningful impact on millions of people. You'll have the opportunity to work with cutting-edge technology and collaborate with other passionate professionals who share your drive and commitment to making a difference through technology.

The Incident Commander (IC) is responsible for the management, supervision, and coordination of cyber security incidents as part of a 24x7, 365 Security Operations environment, including nights, weekends, and holiday coverage through an on-call rotation or designated duty schedule. Serving as the critical bridge between executive leadership and technical response teams, the IC provides authoritative command and control during incidents, ensures rapid and informed decision-making, and drives continuous improvement of the City's cyber incident response capabilities. As an experienced leader with deep technical fluency, the IC maintains and evolves incident response playbooks aligned with industry standards (e.g., NIST SP 800-61, NIST CSF) conducts cyber tabletop exercises, acts as a primary liaison for third-party and cross-agency incidents and communicates clearly and confidently with Agency leadership and City Hall stakeholders. The IC identifies operational gaps and maturity improvements to ensure the Security Operations Center (SOC) is staffed and led 24x7 with the authority to take immediate, decisive action upon notification of a cyber security incident.

Responsibilities for the Incident Commander position include, but are not limited to, the following:
- Lead significant, high-impact, or high-visibility cyber security incidents, including validation, prioritization, escalation, and coordination of response activities across multiple City agencies in a 24x7 operational tempo, including nights and weekends as required;
- Serve in an on-call Incident Commander capacity, providing off-hours leadership, decision-making, and executive communication during active incidents;
- Exercise rapid, independent decision-making in high-stress, fluid environments, including incidents affecting critical infrastructure, life-safety systems, and essential City services;
- Provide strategic guidance on, and tracking of, tools, visibility, staffing, and capability gaps impacting the City's overall cyber security posture and response readiness;
- Act as the primary liaison between the SOC and impacted agency business, technical, legal, and executive teams throughout the incident lifecycle;
- Coordinate and direct efforts among SOC analysts, incident responders, threat intelligence, forensics, legal, communications, and external partners using clearly defined command-and-control structures;
- Deliver timely, accurate, and actionable briefings to executive leadership, Agency heads, and other stakeholders during and following incidents;
- Lead and oversee After-Action Reports (AARs) and lessons-learned activities, translating findings into concrete improvements to people, process, and technology;
- Test, maintain, and continuously improve incident response plans, playbooks, and escalation procedures to address emerging threats and evolving attack techniques;
- Build and maintain strong working relationships across City technology, security, legal, privacy, communications, and operational teams;
- Participate in and lead special initiatives, exercises, and strategic projects related to cyber resilience, operational readiness, and incident response maturity.

HOURS/SHIFT
Day - Due to the necessary technical management duties of this position in a 24/7 operation, candidate may be required to be on call and/or to work various shifts such as weekends and/or nights/evenings.

WORK LOCATION
Brooklyn, NY

TO APPLY
Special Note: Taking and passing civil service exams are necessary to maintain employment with the City of New York. Please check the Department of Citywide Administrative Services (DCAS) website (_monthly.shtml) for important exam filing information. Please ensure that you are either a permanent employee in the civil service title listed on this posting, or that you file for the examination when there is an open filing period. For more information regarding the civil service process, please visit the DCAS website at:

* Interested applicants with other civil service titles who meet the preferred requirements should also submit a resume for consideration

Please go to www.cityjobs/jobs/search and search for Job ID #770047

SUBMISSION OF A RESUME IS NOT A GUARANTEE THAT YOU WILL RECEIVE AN INTERVIEW
APPOINTMENTS ARE SUBJECT TO OVERSIGHT APPROVAL

NOTE: This position is open to qualified persons with a disability who are eligible for the 55-a Program.
Please indicate in your cover letter that you would like to be considered for the position under the 55-a program.

OTI participates in E-Verify

TELECOMMUNICATION MANAGER - 82984

Minimum Qualifications

1. A baccalaureate degree from an accredited college including or supplemented by 24 credits in the field of voice and/or data telecommunications or in a pertinent scientific, technical, electronic or related area, and four years of satisfactory fulltime experience in the performance of analytical, planning, operational, technical, or administrative duties in a voice and/or data telecommunications or closely related electronics planning, management, and/or service organization, one year of which must have been in a highly specialized capacity and 18 months must have been in an executive, managerial, or administrative capacity or in the supervision of staff performing work in the voice and/or data telecommunications field; or
2. An associate degree from an accredited college including or supplemented by 12 credits in the field of voice and/or data telecommunications or in a pertinent, scientific, technical, electronic or related area and five years of experience as described in "1" above; or
3. Education and/or experience equivalent to "1" above. However, all candidates must have at least a four-year high school diploma or its educational equivalent and one year of the specialized experience as described in "1" above and must possess the 18 months of executive, managerial, administrative or supervisory experience as described in "1" above.

Preferred Skills

The preferred candidate should possess the following: - 7+ years of experience in information security incident handling and/or security operations - 6+ years of supervisory or managerial experience, leading technical teams during high- pressure operational events - Demonstrated experience managing large-scale and complex incidents, including but not limited to APT activity, DDoS, ransomware, malicious insiders, web and mobile application attacks, and data exfiltration events - Proven ability to independently analyze complex problems, determine root causes, and drive remediation in ambiguous or incomplete information environments - Strong knowledge of enterprise technologies, systems, and networks, including common detection and response gaps affecting SOC effectiveness - Deep understanding of adversary tactics, techniques, and procedures (TTPs) and how they manifest in real-world incidents - Familiarity with industry frameworks and best practices, including NIST CSF, NIST SP 800-61, and incident command methodologies - Bachelor's degree in Information Technology, Cybersecurity, or a related discipline, or equivalent professional experience - Exceptional written and verbal communication skills, with the ability to translate complex technical issues into clear, authoritative guidance for executive and non-technical audiences - Demonstrated ability to influence decision-making and drive consensus across diverse stakeholders during high-stakes situations - Strong organizational skills with the ability to manage multiple high-visibility incidents or initiatives simultaneously - Relevant professional certifications such as CISSP, GCIA, GCIH, GCFA, GHFI, GNFA, GREM (highly desirable) - Willingness and availability to support after-hours, weekend, and emergency incident response as part of a 24x7 leadership model.

55a Program

This position is also open to qualified persons with a disability who are eligible for the 55-a Program. Please indicate at the top of your resume and cover letter that you would like to be considered for the position through the 55-a Program.

Public Service Loan Forgiveness

As a prospective employee of the City of New York, you may be eligible for federal loan forgiveness programs and state repayment assistance programs. For more information, please visit the U.S. Department of Education's website at ;br>
Residency Requirement

New York City residency is generally required within 90 days of appointment. However, City Employees in certain titles who have worked for the City for 2 continuous years may also be eligible to reside in Nassau, Suffolk, Putnam, Westchester, Rockland, or Orange County. To determine if the residency requirement applies to you, please discuss with the agency representative at the time of interview.

Additional Information

The City of New York is an inclusive equal opportunity employer committed to recruiting and retaining a diverse workforce and providing a work environment that is free from discrimination and harassment based upon any legally protected status or protected characteristic, including but not limited to an individual's sex, race, color, ethnicity, national origin, age, religion, disability, sexual orientation, veteran status, gender identity, or pregnancy.