Cybersecurity Officer Manager Identity Operations
Metropolitan Transportation Authority · New York, NY · 1 wk ago
On-siteManagement$149k–$197k/yrOther
Responsibilities
- Leadership
- Provide leadership to a strong talent pool of technical professionals
- Lead a team of multi-functional technical staff planning, building, and maintaining cybersecurity tools, configurations, and risk mitigation to support Information and Operational Technology applications and/or infrastructure products
- Provide leadership in development of inter-team communication and cohesiveness; sustain culture and supporting assigned staff during organizational growth/changes
- Provide direction on evaluation, selection, implementation, and maintenance of cybersecurity tools, processes, and techniques for their assigned cyber domains and products, ensuring appropriate investment in strategic and operational systems
- Attain significant achievements managing technical teams, contractors, and vendors
- Human Resource Management
- Attract, develop, coach and retain high-performance team members, empowering them to elevate their level of responsibility, span of control and performance in conjunction with the Cybersecurity Management and IT Workforce Planning & Workload Management office
- Build staff expertise and competence to meet evolving demands within the Enterprise Product Management unit
- Financial Management
- Demonstrate consistent understanding of funding, communications and systems; recommend timelines and resources needed to achieve the program goals
- Collaborates with IT Business Management Services to identify procurement contracts to support program-related activities
- Strategy & Planning
- Affords assessments and makes recommendations on the improvement and re-engineering within the IT Department and works with the stakeholders to keep the total cost of ownership down
- Promotes the use of employee self-service and mobile connectivity within products to reduce the reliance on paper
- Supports automation of business processes, creating in-line forms and approvals, reducing the reliance on manual approvals that could be untimely
- Uses judgment to form conclusions that may challenge conventional wisdom
- Acquisition & Deployment
- Coordinates and facilitates consultation with stakeholders to define business and systems requirements for new technology implementations, developing business case and cost justifications for such initiatives
- Provides direction on evaluation, selection, implementation and maintenance of information systems, ensuring appropriate investment in strategic and operational systems
- Advises MTA IT management, as information becomes available, on changing trends and emerging technology and their potential use within the MTA
- Directs the development of the analysis required to determine if Information Technology projects should follow a “Build” (develop with in-house staff) or “Buy” (cloud or packaged solution) methodology
- Manages the development and implementation of new modules within assigned products
- Advises on the selection, prioritization, development, and implementation on products as they relate to the selection, acquisition, development, and installation of MTA IT and OT Security, applications, and infrastructure
- Management and Oversight
- Participates in overall business planning, bringing current knowledge and future vision of technology and systems as related to the company’s goals
- Responsible for leading and reporting on various product progress and deliverables, ensuring that the IT/OT needs of the MTA are met on time and within budget, including identifying weekly, monthly and annual performance targets to show progress on IT product work and OT objectives
- Ensure continuous delivery of product services through oversight of service level agreements with end users and monitoring of product performance
- Responsible for the recruitment, development, motivation, training and retention of a diverse and high-performing multi-level IT/OT team professionals, conforming to budgetary objectives and Human Resources policy and programs in conjunction with the IT Workforce Planning & Workload Management office
- Develop business case justifications and cost/benefit analyses for IT spending and initiatives, keeping customizations to a minimum and total cost of ownership down
- Cybersecurity Officer-Specific Accountabilities
- Planning
- Manage and plan the future technical architecture, providing insight into the future of their area of technology in order to continually improve effectiveness and efficiency
- Manage and plan the development of roadmaps related to their area(s) of expertise to manage and meet identified technology needs
- Manage and plan the evaluation of new technologies relative to their domain(s) to determine applicability to and best meet the needs of MTA and constituent agencies
- Manage and ensure disaster recovery and contingency plans for their domain(s) to provide users with minimal interruptions in service
- Architecture
- Oversees architectural direction for domains under management to meet senior management and cybersecurity goals
- Understands, reviews, and approves Cybersecurity Reference Architectures and Solutions for applying them
- Revalidates systems to the most recent reference architectures to determine gaps, develop and manage programs to align systems to the newest standards and reference architectures
- Contracts/Vendor Management
- Contributes and owns technical elements of RFPs and RFIs and negotiates with vendors on technical issues to ensure results are delivered in line with user and organization requirements
- Manages contracts and expenses to ensure SLAs and contract renewals are processed timely
- Provide contract management support to ensure vendor deliverables are met
- Manages and leads major projects and assigned service providers with technical expertise to address mission-critical issues, evaluate ongoing vendor service levels, and enforce SLAs and penalties
- Documents ensure detailed and updated documentation is in place for cybersecurity systems and user processes
- Participate in the creation of enterprise security documents (policies, standards, baselines, guidelines, and procedures) under the direction of the IT Security Manager, where appropriate
- Guidance, Communications and Training Support
- Provides timely and relevant updates to appropriate stakeholders and decision makers
- Communicates investigation findings to relevant business units to help improve the information security posture
- Provides technical guidance to project managers and senior leadership on cybersecurity and technology strategies
- Ensures quality, review, and guidance on tests of new systems and manages cybersecurity risks and remediation system testing, baseline, and best practices
- Provides escalation support to project teams in their area of expertise to promote technical understanding and talent development
- Guides and takes input from Analysts, Engineers, Architects, and Technology Subject Matter Experts on cybersecurity and technology best practices, current threat landscape, and a risk management approach for optimal alignment
- Hypothesizes new threats and indicators of compromise
- Oversees rigorous quality assurance processes to deliver reliability, performance, and safety objectives
- Performs other duties as assigned
- Operations
- Provide leadership and advisement when necessary during incident response and provide continuous improvement updates to threat model for risks to the business and systems
- Ensure specific monitoring points are continually updated to assess performance of technologies in their domain(s)
- Identify and manage the necessary actions to ensure optimal performance and reliability
- Research & Analysis
- Validates and maintains incident response plans and processes to address potential threats
- Compiles and analyzes data for management reporting and metrics
- Research emerging technologies and process improvements to stay current and plan for an evolving threat landscape to ensure strategy meets current threats
- Maintains cybersecurity technology solutions meet strategy and security framework objectives and business objectives
- Bachelor’s Degree in Arts/Sciences (BA/BS)
- Minimum 4 years of relevant experience in one or more Cybersecurity Domains
- Leadership ability
- Competencies Must possess a deep understanding of technology and cybersecurity domain principles. Proven ability to manage projects and initiatives. Proven ability to manage people. Proven ability to add value to a team.
- Understanding of Operating Systems, Cloud, Mobile, and Applications
- Understanding of TCP/IP (OSI Layer)