DIRECTOR OF CYBERSECURITY AND BUSINESS CONTINUITY (City of Syracuse)

Spec # 03375

Competitive

DISTINGUISHING FEATURES OF THE CLASS: 

The work involves responsibility for developing and maintaining comprehensive cybersecurity frameworks, business continuity strategies, and overseeing specials projects that improve business operations.  An employee in this class serves in an advisory capacity, providing specialized expertise on cybersecurity, risk mitigation, business continuity, and process optimization. This position collaborates closely with the Director of Enterprise Technology Solutions, who maintains final implementation authority for recommended measures.  The Director independently researches, evaluates and recommends security solutions, continuity frameworks, and business process enhancements with general direction from executive leadership.  Work is reviewed through regular reports, conferences, and effectiveness of implemented measures. Does related work as required.

TYPICAL WORK ACTIVITIES:

Develops comprehensive cybersecurity frameworks, policies, and standards for the organization.

Creates and maintains business continuity and disaster recovery plans for critical technology systems.

Conducts regular security assessments, vulnerability scans, and penetration testing across technology infrastructure.

Researches emerging security threats and develops remediation strategies.

Develops and delivers security awareness training programs for staff at all levels.

Establishes incident response procedures and leads security incident investigations.

Coordinates with external security partners, consultants, and vendors on security solutions.

Manages special projects related to business efficiency, operational excellence, and technology optimization.

Advises on security implications and business impacts of technology initiatives and implementations.

Ensures regulatory compliance for information security across technology operations.

Conducts business process analysis to identify inefficiencies and recommend technology operations.

Recommends security controls, integration approaches to improve operational workflows, and risk management strategies related to technology systems.

Develops metrics and key performance indicators for security posture and business operations.

Performs business impact analysis to identify critical systems and processes.

Evaluates new business applications for operational fit, security, and integration potential.

Coordinates cross-departmental needs assessments and recommends technology solutions.

Designs and recommends security architecture improvements.

Collaborates on technology procurement to ensure security requirements are addressed.

FULL PERFORMANCE KNOWLEDGE, SKILLS, ABILITIES AND/OR PERSONAL CHARACTERISTICS:

Comprehensive knowledge of cybersecurity principles, frameworks, and best practices.

Thorough knowledge of business continuity planning and disaster recovery methodologies.

Thorough knowledge of information security standards and regulatory requirements.

Thorough knowledge of network security architecture and infrastructure protection.

Thorough knowledge of business process analysis and improvement methodologies.

Thorough knowledge of risk assessment methodologies and security controls.

Good knowledge of project management and business operations frameworks.

Good knowledge of change management principles for technology implementations.

Ability to analyze security threats and complex business processes for improvement opportunities.

Ability to communicate complex concepts to technical and non-technical audiences.

Ability to establish and maintain effective working relationships with officials and colleagues.

Ability to develop comprehensive policies and documentation for security and business systems.

Ability to prioritize initiatives based on risk levels and business impact.

Ability to stay current with evolving security threats and business technology trends.

MINIMUM QUALIFICATIONS:

Open-competitive

1. Graduation from a regionally accredited college or university with a Bachelor’s degree in Information Security, Computer Science, Information Systems or closely related technical field, and seven (7) years of progressive experience in cybersecurity, information security, or related fields; or,
2. Graduation from a regionally accredited college or university with an Associate’s degree in Information Security, Computer Science, Information Systems or closely related technical field, and nine (9) years of progressive experience in cybersecurity, information security, or related fields.

Possession of relevant professional certifications (such as CISSP, CISM, CRISC, or CBCP) may be substituted for up to one (1) year of the required experience.

Created: 12/2025