Job Description
Description Duties Description The New York State Department of Financial Services seeks to build an equitable, transparent, and resilient financial system that benefits individuals and supports business. Through engagement, data-driven regulation and policy, and operational excellence, the Department and its employees are responsible for empowering consumers and protecting them from financial harm; ensuring the health of the entities we regulate; driving economic growth in New York through responsible innovation; and preserving the stability of the global financial system. Duties The Department of Financial Services is seeking candidates for the position of Financial Services Specialist 2 (Cybersecurity) in Cybersecurity. Duties include, but are not limited to, the following: Conducts the supervision (e.g., cadence meetings, ad hoc supervisory engagements) and examination (e.g., desk-based and onsite exams, horizontal thematic reviews) work of assigned higher-risk Banking and Insurance chartered institutions and other DFS-regulated entities, to assess compliance with applicable laws, regulations, guidance, and supervisory expectations; Conducts peer reviews and supports team members in carrying out licensing reviews, ongoing supervision, and periodic examinations; Maintains a thorough understanding of the business models of assigned Licensees; identifies and assesses current and emerging risks; and presents recommendations for supervisory actions as appropriate; Stays informed on industry best practices and evolving trends, including developments in cybersecurity, blockchain, and other emerging technologies; Conducts risk-based assessments of Licensees, including evaluations of cybersecurity and information technology practices, and assesses compliance with 23 NYCRR Part 500 to support determinations related to safety and soundness from a technology risk perspective; Meets with Licensees’ management teams for examinations and periodic updates; requests and reviews supervisory materials; and maintains a current understanding of operations, scale, and scope of business activities; Prepares comprehensive Reports of Examination (ROEs), as well as supervisory memos, correspondence, presentations, and guidance documents for both internal and external stakeholders; Reviews the ROEs of junior examiners and direct reports for quality, consistency, and adherence to established supervisory standards and procedures; Supports the development and continuous improvement of internal policies, procedures, examination materials, and best-practice guides related to the supervisory process; Communicates effectively with senior and executive management, both internally within the Department and externally with regulated entities, through verbal briefings, written memoranda, reports, and formal presentations; Follows documented supervisory procedures and completes examination work programs in accordance with Departmental guidance and regulatory standards; Manages and provides training to a team of examiners, as needed and aligned with organizational priorities; and Completes all other duties as assigned. Preferred Qualifications Minimum Qualifications Experience conducting or supporting cybersecurity and information technology examinations or audits of financial institutions; Working knowledge of 23 NYCRR Part 500, FFIEC IT Examination Handbooks, NIST Cybersecurity Framework, CIS Controls, and related regulatory guidance; Familiarity with emerging technologies, cybersecurity risks, and control frameworks, including third-party/vendor risk management, cloud security, incident response, and access control; Possession of or progress toward relevant certifications from organizations such as: ISACA (e.g., Certified Information Systems Auditor – CISA) (ISC)² (e.g., CISSP, CCSP) CompTIA (e.g., Security+, CySA+) Cloud Security Alliance (e.g., CCSK) Strong analytical, organizational, and problem-solving skills, with the ability to assess and communicate complex technical issues clearly; Demonstrated ability to draft well-structured and concise examination reports, memoranda, and other formal documentation for both internal and external audiences; Excellent interpersonal and communication skills, with experience engaging with executive leadership, peers, and cross-functional teams; One year of experience at a supervisory level; Ability to work independently, manage multiple assignments and competing deadlines, and travel of up to 40% for on-site examinations and supervision. Appointment Method Candidates must meet the minimum qualifications listed below in order to