Jobs · Information Technology · California

Assistant Director, Business Information Security Officer

Metrolink · Los Angeles, CA · 2 wk ago
Information TechnologyFull-time

About the role

The Southern California Regional Rail Authority (SCRRA), operator of the METROLINK Commuter Rail System, seeks an Assistant Director, Business Information Security Officer (BISO).

Responsibilities

  • Lead, develop, and implement SCRRA-wide or large-scale business unit information and operational technology security strategies, programs, plans, policies, and procedures designed to protect the integrity and security of the SCRRA network, data resources, operations, and other information assets in accordance with SCRRA policies and industry standards.
  • Evaluate the overall technology portfolio for adherence to security policies and procedures for all SCRRA corporate and operational systems (e.g., positive train control (PTC)).
  • Coordinate auditing and compliance and certification requirements.
  • Lead cyber security training program for the agency, consumers, and partners as needed.
  • Act as the key security resource for IT leadership and the IDTS Business Partners and other local personnel.
  • Partner with all Departments to achieve effective working relationships that can further the effectiveness of the Security program.
  • Lead development of the Information Security Policies and Standards throughout the agency.
  • Lead implementation of cyber security solutions required to meet business objectives.
  • Review and audit technical implementations of physical security solutions required to meet business objectives.
  • Lead information security operations in partnership with all departments.
  • Proactively identify noncompliance and areas of potential improvement, and issue corrective actions to department manager.
  • Engage with clients and customers as needed to assist the business to achieve its objectives by representing our security program, supporting internal and external audits, assisting in customer communication of security incident, etc.).
  • Participate in region/business unit related conferences, client facing engagement, industry forums to represent the Cyber Security program.
  • Provide regular and timely reporting on the status of cyber security throughout the agency.
  • Provide escalation path for security issues, incidents and inquiries.
  • Review work of the Security Incident Response and Crisis Management teams to ensure the effective driving of incidents to acceptable resolution; assist with investigations as needed.
  • Provide Cyber Security Guidance for agency personnel.
  • Drive remediation activities throughout the agency.
  • Work with the Compliance and Information Risk Management team to drive policy and regulatory compliance.
  • Responsible for the PCI-DSS annual compliance submission requirement and develop monitoring program to ensure SCRRA is PCI compliant.

Requirements

  • Bachelor’s degree in Information Systems, Cybersecurity, Auditing or a related field.
  • A minimum of (8) years of relevant work experience.
  • A minimum of (5) years of experience in supervising and monitoring the work of subordinate staff or project managers, including monitoring and evaluating staff.
  • A combination of training, education and or experience that provides the required knowledge, skills and abilities may be considered when determining minimum qualifications.
  • Advanced relevant coursework may also substitute for a portion of required experience.

Qualifications

  • Advanced relevant coursework may also substitute for a portion of required experience.
  • A minimum of five (5) years of experience in business security policy development, metrics capture, and analysis and system authorization.
  • Certification pertaining to information security and data privacy protection (CISSP, CISA, CRISC, CISM, CEH, etc.).
  • Experience in compliance, government or financial industry.
  • Experience in the design and implementation of information security programs.
  • Knowledge and experience with security and governance frameworks: SSAE-18 (SOC-2), HIPPA, PCI-DSS, ISO27991, NIST, Fedramp.
  • Knowledge, Skills, And Abilities:
  • Advanced level understanding of business theory, business processes, management, and business operations.
  • Advanced level understanding of planning, organizing, and developing Information Technology security and physical security system technologies.
  • Extensive experience in enterprise security document creation.
  • Experience in designing and delivering employee security awareness training.
  • Experience in developing Business Continuity Plans and Disaster Recovery Plans.
  • Strong understanding of IP, TCP/IP, and other network administration protocols.
  • Expert level understanding of key network and technical security controls.
  • Security best practices including experience with NIST 800-53, ISO27001 and PCI DSS.
  • Skilled in: Applying IT in solving security problems. Setting and managing priorities. Executive level presentations. Maintaining interpersonal relationships. Ability to: Analyze and solve problems. Apply organizational information security policies at a business unit level. Define and develop security strategies and roadmaps. Facilitate cross-functional team meetings and build consensus. Understand business needs and work collaboratively with business stakeholders and team members. Implement and manage the administration of relevant security systems and solutions. Recommend and implement changes in security policies and practices in accordance with changing needs. Promote and oversee strategic security relationships between internal resources and external entities, including other government agencies, vendors, and partner organizations. Communicate effectively, both orally and in writing. Maintain, and accurately complete records. Establish and maintain effective working relationships with supervisors, fellow employees, and the public.

Physical Requirements

  • Transition between a stationary position at a desk or work location and move about Metrolink facilities or other work site locations.
  • Operate tools to perform the duties of the position, such as computers, office equipment and work-related machinery.
  • Transport equipment or boxes up to 25lbs.
  • Visual acuity to detect, identify and observe employees or train movement and any barriers to movement when working on or near railroad tracks.
  • Hear and perceive the nature of sounds when working on or near railroad tracks.
  • Balance, ascend/descend, climb, kneel, stoop, bend, crouch, or crawl within assigned working conditions and or locations.

Supplemental Information

  • Following a review of resumes and/or applications, the most highly qualified candidates will be invited to continue in the selection process.
  • Eligible applicants will be notified of the exact time and place of assessments and interview.
  • Candidates will be interviewed to determine their relative knowledge, skills and ability in job related areas.
  • Offers of employment may be contingent upon successful completion of a reference check, including degree verification and criminal records check provided through SCRRA.
  • Internal Candidates: Employees with active discipline as defined in the HR Policy No. 5.3 Positive Discipline Program and/or with performance that does not meet the standard for "meets expectations" as defined in the Performance Planning and Appraisal Process may be precluded from consideration and placement in the position.
  • In compliance with the Americans with Disabilities Act, the SCRRA will provide reasonable accommodations to qualified individuals with disabilities and encourages both prospective and current employees to discuss potential accommodations with the employer.
  • The SCRRA is an Equal Opportunity Employer.

Similar jobs