Deputy Chief Information Security Officer (Operating Technology)

08 May 2024

Vacancy expired!

Description

Job Title: Deputy Chief Information Security Officer (Operating Technology)

Salary Range: $184,138 - $231,110

Hay Points: 1142

Dept/Div: MTA IT CISO

Supervisor: Chief, IT Security Tech Officer

Location: 2 Broadway and other locations as required

Hours of Work: 9:00 AM -5:30 PM (7.5 hours/day) or as required

This position is eligible for telework. New Hires are eligible to apply 30 days after their effective date of hire.

The Deputy Chief Information Security Officer (Deputy CISO) works directly for the Chief Information Security Officer ("CISO") to provide strategic leadership for enterprise cybersecurity strategy across all MTA Cybersecurity Strategic Projects and Initiatives, Cybersecurity departmental directors, Operational Technology Management, Technology Infrastructure and Applications, and Senior Business Leaders. The role deals with both internal and external threats to the MTA systems which can affect both safety of employees and customers, system integrity and availability of operations. Also, the position provides recommendations and direction for enterprise-wide technical architecture, provide strategic and tactical support to the CISO, oversee human capital resource strategies to maintain a viable cyber security department, evaluation of emerging technologies, monitoring, and enforcing information security standards and policies.

The Deputy CISO position is responsible for planning, designing, implementing and managing cybersecurity program related to rail systems such as CBTC, PTC, Signaling, Communications, Power, rolling stock, traffic management and other safety systems across all MTA agencies.

The Deputy CISO positions will also plan and budget with the CISO the Operating and Capital Operating Budgets in addition to planning and managing the Federal and Short-Term Security Grant funding. The Deputy Chief Cybersecurity Officer is required to have a solid understanding of information security best practices, regulatory, and compliance requirements that impact the security of the organization.

The Deputy Chief Cybersecurity Officer positions will partner with the Chief Information Security Officer and other Deputy CISOs and be responsible for leading and managing multiple teams and/or cybersecurity domains, oversee the overall strategy effectiveness, develop people, technology, and processes to reduce risk with the evolved cyber threat landscape and changing technology portfolio.

The Deputy CISO will partner with Federal, State, external Transportation, and cybersecurity related entities to enhance security for the MTA. The Deputy CISO will also work with other strategic internal and external stakeholders to provide guidance to increase the security posture and protect known information assets as best as possible.

Each Deputy CISO position will also provide technical leadership and management of MTA's cyber security program in one or more focused technical domains. As part of managing the program, the Deputy Chief Cybersecurity Officer(s) will need expertise in managing a complex program with highly skilled Directors and leaders, contracts, and processes associated with risk management that are essential to maintaining electronic and physical safety for MTA's business in all areas that utilize technology (Corporate, Customer Facing and Informational, Fare Payment/PCI, Operational Technologies, 3rd Party Managed, Vendors, etc.).

This position works across multiple technology and cybersecurity domains to ensure cybersecurity is looked at holistically from user, data and component, and systems perspectives for both Information Technology and Operational Technology Systems (both internally and 3rd Party Managed).

The position also considers all risk assessments, data driven analytics, and actively seeks to develop and maintain standards, reference architectures, and reduce risk of the MTA through emerging technologies and trends in the industry.

Each position is expected to have a level of expertise in one or more domains of technology effective management. There is a long list of these specialized domains in the cybersecurity field and this list is growing and everchanging as the field evolves and as risks and circumstances change.

Leadership
  • Provide leadership in development of inter-team communication and cohesiveness; sustain culture and supporting assigned staff during organizational growth/changes.
  • Lead a team of multi-functional technical staff planning, building, and maintaining cybersecurity tools, configurations and risk mitigation to support Information and Operational Technology applications and/or infrastructure products
  • Lead others, as appropriate, and when necessary, that will consist of one or more agile coaches, data analytic researchers and other cybersecurity personnel
  • Provide direction on evaluation, selection, implementation, and maintenance of cybersecurity tools, processes, and techniques for their assigned cyber domains and products, ensuring appropriate investment in strategic and operational systems.

Human Resource Management
  • Attract, develop, coach and retain high-performance team members, empowering them to elevate their level of responsibility, span of control and performance in conjunction with the Cybersecurity Management and IT Workforce Planning & Workload Management office.
  • Build staff expertise and competence to meet evolving demands within the Enterprise Product Management unit.

Financial Management
  • Demonstrate consistent understanding of funding, communications and systems; recommend timelines and resources needed to achieve the program goals.
  • Collaborates with IT Business Management Services to identify procurement contracts to support program related activities.

Strategy & Planning
  • Assesses and makes recommendations on the improvement and re-engineering within the IT Department and work with the stakeholders at keeping the total cost of ownership down.
  • Promote the use of employee self -service and mobile connectivity within products to reduce the reliance of paper.
  • Automation of business process creating in-line forms and approvals, reducing the reliance on manual approvals that could be untimely.

Acquisition & Deployment
  • Coordinates and facilitates consultation with stakeholders to define business and systems requirements for new technology implementations, developing business case and cost justifications for such initiatives.
  • Provides direction on evaluation, selection, implementation and maintenance of information systems, ensuring appropriate investment in strategic and operational systems.
  • Advises MTA IT management, as information becomes available, in the changing trends and emerging technology and their potential use within the MTA.
  • Directs the development of the analysis required to determine if Information Technology projects should follow a "Build" (develop with in-house staff) or "Buy" (cloud or packaged solution) methodology.
  • Manages the development and implementation of new modules within assigned products.
  • Advises on the selection, prioritization, development and implementation on products as they relate to the selection, acquisition, development, and installation of MTA IT and OT Security, applications and infrastructure.

Management and Oversight
  • Participates in overall business planning bringing a current knowledge and future vision of technology and systems as related to the company's goals.
  • Responsible for leading and reporting on various product progress and deliverables ensuring that the IT needs of the MTA are met on time and within budget, including identifying weekly, monthly and annual performance targets to show progress on IT product work.
  • Ensure continuous delivery of product services through oversight of service level agreements with end users and monitoring of product performance.
  • Responsible for the recruitment, development, motivation, training and retention of a diverse and high performing multi-level IT team professionals, conforming to budgetary objectives and Human Resources policy and programs in conjunction with the IT Workforce Planning & Workload Management office.
  • Develop business case justifications and cost/benefit analyses for IT spending and initiatives keeping customizations to a minimum and total cost of ownership down.

Deputy Chief Cybersecurity Officer-Specific Accountabilities

Planning
  • Lead and facilitate the plan for the future technical architecture, providing insight into the future of their area of technology in order to continually improve effectiveness and efficiency.
  • Lead and plan the development of roadmaps related to their area(s) of expertise to manage and meet identified technology needs.
  • Provide strategic direction and plan the evaluation of new technologies relative to their domain(s) to determine applicability to and best meet the needs of MTA and constituent agencies.
  • Provide strategy and portfolio direction for technology domains in collaboration with CISO to provide overall MTA Cybersecurity Strategy

Architecture
  • Oversees architectural direction for domains under management to meet senior management and cybersecurity goals.
  • Understand, review, and approve Cybersecurity Reference Architectures and Solutions for applying them. Revalidates systems to most recent reference architectures to determine gaps, develop and manage programs to align systems to newest standards and reference architectures

Contracts/Vendor Management
  • Contribute and own technical elements of RFPs and RFIs and negotiates with vendors on technical issues to ensure results are delivered in line with user and organization requirements.
  • Provides leadership and oversight over contracts and expenses to ensure SLAs and contract renewals are processed timely
  • Provide contract management support to ensure vendor deliverables are met
  • Manage and lead major projects and assigned service providers with technical expertise to address mission critical issues, evaluates ongoing vendor service level and enforces SLAs and penalties.

Documentation
  • Ensure detailed and updated documentation is in place for cybersecurity systems and user processes.
  • Participate in the creation of enterprise security documents (policies, standards, baselines, guidelines, and procedures) under the direction of the IT Security Manager, where appropriate.

Guidance, Communications and Training Support

  • Provides timely and relevant updates to appropriate stakeholders and decision makers
  • Communicates investigation findings to relevant business units to help improve the information security posture
  • Provides technical guidance to project managers and senior leadership on cybersecurity and technology strategies
  • Ensure quality and review and guidance on tests of new systems and manage cybersecurity risks and remediation system testing, baseline, and best practices
  • Provide escalation support to project teams in their area of expertise to promote technical understanding and talent development
  • Provide guidance and take input from Analysts, Engineers, Architects and Technology Subject Matter Experts on cybersecurity and technology best practices, current threat landscape, and a risk management approach for optimal alignment
  • Provides sound cybersecurity recommendations

Operations

  • Provide leadership and advisement when necessary during incident response and provide continuous improvement updates to threat model for risks to the business and systems
  • Ensure specific monitoring points are continually updated to assess performance of technologies in their domain(s). Identify and manage the necessary actions to ensure optimal performance and reliability.

Research & Analysis

  • Validates and maintains incident response plans and processes to address potential threats
  • Compiles and analyzes data for management reporting and metrics
  • Research emerging technologies and process improvements to stay current and plan for evolving threat landscape to ensure strategy meetings current threats
  • Monitors relevant information sources to stay up to date on current attacks and trends
  • Ensure cybersecurity technology solutions meet strategy meets security framework objectives and business objectives
  • Hypothesizes new threats and indicators of compromise

Qualifications:
  • Minimum 10 years for senior level managerial experience in Rail Operations with 2-5 years' experience supporting cybersecurity activities.
  • Proven track record of managing a large-scale program, with strong project delivery experience.
  • Technical experience train controls, CBTC, PTC, Signaling, Power, rolling stock and Communications preferred.
  • Knowledge of legal and regulatory requirements pertaining to MTA and its agencies
  • Detailed knowledge of IEC 62443, TS50701, SAE 21434, NIST CSF and Industrial Control Systems security frameworks and standards
  • CISS, CISM and other comparable security certifications are desired.
  • Strong risk analysis, risk management, and proven experience in reducing risk to the organization
  • Strong business analysis skills and experience, including development of business vision and strategies, functional decomposition, requirements analysis, data and process modeling
  • Strong knowledge of design and architectural patterns such as Purdue, TS5701, etc.
  • Must possess a deep understanding of technology and cybersecurity domain principles.
  • Proven ability to manage projects, programs, and initiatives.
  • Proven ability to add value to a team.
  • Understanding of Operating Systems, Cloud, Mobile, and Applications
  • Understanding of TCP/IP (OSI Layers 1- 4) and Internet and Intranet technologies required (OSI Layers 5-7) required.
  • Some Scripting or programming skills (PERL, Python, PowerShell, etc.) preferred as needed.
  • Proficient in Productivity Tools (ie. Office 365, Gsuite).
  • Experience with Spreadsheets and Data Analysis.
  • Successful track record in design of software systems to meet the current and future needs of a complex organization OR
  • Successful track record in design and implementation of IT Infrastructure and related hardware and software technologies to meet the current and future needs of a complex transportation organization.
  • Strong Verbal/written communications skills.
  • Financial/budgeting planning and management experience a plus
  • Ability to fit in with the constant shifting needs and demands of the business Department.

Education and Experience:
  • Bachelor's degree in computer science or related fields. An equivalent combination of education and experience may be considered in lieu of degree.
  • CISSP, CISM. or other advanced security-related certification preferred.
  • Certifications in technology subdomains preferred (ie. Cloud, Applications, Infrastructure, Security Technology, etc.)
  • A minimum of 10 years of relevant experience with a minimum of six years supervisory/management experience. Highly specialized and relevant security domain experience may be substituted for years of experience.
  • Requires prior experience with installing, maintaining and troubleshooting technology systems.
  • Experience in Project Management Principles (Waterfall and Agile) preferred.

Other Information

As an employee of MTA Headquarters you may be required to complete an annual financial disclosure statement with the State of New York, if your position earns more than $105,472 (this figure is subject to change) per year or if the position is designated as a policy maker.

How to Apply

MTA employees must apply via My MTA Portal. You can submit an online application by logging into My MTA Portal, clicking the My Job Search ribbon, and selecting the "Careers" link. Logging in through My MTA Portal will link your BSC ID number to your job application to identify you as an internal applicant.

Equal Employment Opportunity

MTA and its subsidiary and affiliated agencies are Equal Opportunity Employers, including with respect to veteran status and individuals with disabilities.

The MTA encourages qualified applicants from diverse backgrounds, experiences, and abilities, including military service members, to apply.

  • ID: #49884926
  • State: New York New york city 10001 New york city USA
  • City: New york city
  • Salary: USD TBD TBD
  • Job type: Permanent
  • Showed: 2023-05-08
  • Deadline: 2023-07-06
  • Category: Et cetera