Incident Commander

The Office of Technology and Innovation (OTI) leverages technology to drive opportunity, improve public safety, and help government run better across New York City. From delivering affordable broadband to protecting against cybersecurity threats and building digital government services, OTI is at the forefront of how the city delivers for New Yorkers in the 21st century. Watch our welcome video to see our work in action, follow us on social media NYCOfficeof

Tech, and visit oti.nyc.gov to learn more.

At OTI, we offer great benefits, and the chance to work on projects that have a meaningful impact on millions of people. You'll have the opportunity to work with cutting-edge technology and collaborate with other passionate professionals who share your drive and commitment to making a difference through technology.

The Incident Commander (IC) is responsible for the management, supervision, and coordination of cyber security incidents as part of a 24x7, 365 Security Operations environment, including nights, weekends, and holiday coverage through an on-call rotation or designated duty schedule. Serving as the critical bridge between executive leadership and technical response teams, the IC provides authoritative command and control during incidents, ensures rapid and informed decision-making, and drives continuous improvement of the City's cyber incident response capabilities.

As an experienced leader with deep technical fluency, the IC maintains and evolves incident response playbooks aligned with industry standards (e.g., NIST SP 800-61, NIST CSF) conducts cyber tabletop exercises, acts as a primary liaison for third-party and cross-agency incidents and communicates clearly and confidently with Agency leadership and City Hall stakeholders. The IC identifies operational gaps and maturity improvements to ensure the Security Operations Center (SOC) is staffed and led 24x7 with the authority to take immediate, decisive action upon notification of a cyber security incident.

Responsibilities for the Incident Commander position include, but are not limited to, the following:

* Lead significant, high-impact, or high-visibility cyber security incidents, including validation, prioritization, escalation, and coordination of response activities across multiple City agencies in a 24x7 operational tempo, including nights and weekends as required;

* Serve in an on-call Incident Commander capacity, providing off-hours leadership, decision-making, and executive communication during active incidents;

* Exercise rapid, independent decision-making in high-stress, fluid environments, including incidents affecting critical infrastructure, life-safety systems, and essential City services;

* Provide strategic guidance on, and tracking of, tools, visibility, staffing, and capability gaps impacting the City's overall cyber security posture and response readiness;

* Act as the primary liaison between the SOC and impacted agency business, technical, legal, and executive teams throughout the incident lifecycle;

* Coordinate and direct efforts among SOC analysts, incident responders, threat intelligence, forensics, legal, communications, and external partners using clearly defined command-and-control structures;

* Deliver timely, accurate, and actionable briefings to executive leadership, Agency heads, and other stakeholders during and following incidents;

* Lead and oversee After-Action Reports (AARs) and lessons-learned activities, translating findings into concrete improvements to people, process, and technology;

* Test, maintain, and continuously improve incident response plans, playbooks, and escalation procedures to address emerging threats and evolving attack techniques;

* Build and maintain strong working relationships across City technology, security, legal, privacy, communications, and operational teams;

* Participate in and lead special initiatives, exercises, and strategic projects related to cyber resilience, operational readiness, and incident response maturity.

HOURS/SHIFT

Day - Due to the necessary technical management duties of this position in a 24/7 operation, candidate may be required to be on call and/or to work…