Posted Jan 27

Information Security – Application Risk Analyst

NYC Department of Health
New York, NY Full Time

Information Security – Application Risk Analyst

$75,000.00 - $ 75,000.00 (Annual)

42-09 28th Street

The nation's leading local health department seeks an Application Risk Analyst join its award-winning, innovative technology team in revolutionizing public health IT. The New York City Department of Health and Mental Hygiene (DOHMH) uses the latest technologies and enterprise wide application solutions in its groundbreaking work to promote and protect New Yorkers' health and improve DOHMH's business operations.


• Foster an environment of regulatory awareness and ensure regulatory compliance.

• Identify security risks, exposures, and areas for improvement of existing application security solutions.

• Work directly with project manager to facilitate information risk analysis and risk management processes, identify acceptable levels of risk, and establish roles and responsibilities with regards to information risk management.

• Manage the vendor risk assessment program, serve as a contact to participants across the agency.

• Review vendor materials (e.g. questionnaires, security documentation, SSAE 16 reports), identify potential issues and follow up for unresolved issues.

• Participate in project work sessions and assist in developing solutions leveraging core risk and security policies as they relate to Infrastructure security.

• Proactively work with product development teams to identify security requirements.

• Perform application vulnerability assessments.

• Perform assessments of SDLC processes.

• Perform code review across a variety of programming languages.

• Develop testing scripts and procedures.

Minimum Qualification Requirements

1. A baccalaureate degree from an accredited college and four years of satisfactory full-time experience related to projects and policies required by the particular position; or

2. Education and/or experience which is equivalent to "1" above.

Preferred Skills

• Proficient English language written and oral communication skills

• Ability to work independently and within a team

• Strong time management and organizational skills to manage multiple tasks and changing priorities

• Exceptional influencing, consulting, interpersonal, and presentation skills

• Strong ethics and understanding of ethics in business and information security

• Experience with Vendor Management and Cloud Services (SaaS, PaaS, IaaS)

• Knowledge of OWASP tools and methodologies

• Knowledge of risk frameworks (ORM, NIST, ISO, COBIT)

• Knowledge of standard SDLC and ITIL practices

• Understanding and familiarity with common code review methods and standards

• Experience with web application vulnerability scanning tools (IBM AppScan, HP Webinspect, Accunetix, NTO Spider, Burpsuite Pro)

• Experience with web application development (ASP.NET, ASP, PHP, J2EE, JSP)

• Experience with high level programming languages (Java, C, C++, .NET (C#, VB)).

Additional Information


Please note: If you are called for an interview you will be required to bring to your interview copies of original documentation, such as:

• A document that establishes identity for employment eligibility, such as: A Valid U.S. Passport, Permanent Resident Card/Green Card, or Driver’s license.

• Proof of Education according to the education requirements of the civil service title.

• Current Resume

• Proof of Address/NYC Residency dated within the last 60 days, such as: Recent Utility Bill (i.e. Telephone, Cable, Mobile Phone)

Additional documentation may be required to evaluate your qualification as outlined in this posting’s “Minimum Qualification Requirements” section. Examples of additional documentation may be, but not limited to: college transcript, experience verification or professional trade licenses.

If after your interview you are the selected candidate you will be contacted to schedule an on-boarding appointment. By the time of this appointment you will be asked to produce the originals of the above documents along with your original Social Security card.


The federal government provides student loan forgiveness through its Public Service Loan Forgiveness Program (PSLF) to all qualifying public service employees. Working with the DOHMH qualifies you as a public service employee and you may be able to take advantage of this program while working full-time and meeting the program’s other requirements.

Please visit the Public Service Loan Forgiveness Program site to view the eligibility requirements:

Apply online with a cover letter to In the Job ID search bar, enter: job ID number #277541

Sign up for Job Alerts

Latest Jobs

Latest from the web

jobs by Indeed Job Search

Share this Job

Similar Jobs