Cybersecurity Officer -It & Ot Zero Trust, Directory, Privileged

Description

Job Title: Cybersecurity Officer - IT & OT Zero Trust, Directory, Privileged
Salary Range: $144,450.12 - $191,000
Hay points: 805
Dept/Div: MTA Information Technology/ Office of IT Cyber Security Services
Supervisor: Director, Identity and Access Management
Location: 2 Broadway, New York, NY 10004
Hours of Work: 9:00am-5:30pm (7.5 hours/day)

This position is eligible for telework. New Hires are eligible to apply 30 days after their effective date of hire.

The purpose of this position is to provide technical leadership and management of MTA’s cyber security program within Identity and Access Management as well as other technical domains.

An MTA Cybersecurity Officer is responsible for implementing and maintaining IT and OT Zero Trust, Directory, and Privileged Identity, Entitlement Management security protocols. This role focuses on ensuring that only authorized individuals have access to sensitive information and systems through the use of Identity Governance and Administration (IGA) techniques.

This role deals with both internal and external threats to the MTA systems which can affect both safety of employees and customers, system integrity, and availability of operations.

As part of managing the program, the Cybersecurity Officer will need expertise in managing a complex program with highly skilled staff, contracts, and processes associated with risk management that are essential to maintaining electronic and physical safety for MTA’s business in all areas that utilize technology (Corporate, Customer Facing and Informational, Fare Payment/PCI, Operational Technologies, 3rd Party Managed, Vendors, etc.).

The Cybersecurity Officer will be responsible for managing and developing staff, technology, and processes to reduce risk with the evolved cyber threat landscape and changing technology portfolio.

Leadership

• Lead a team of multi-functional technical staff planning, building, and maintaining cybersecurity tools, configurations and risk mitigation to support Information and Operational Technology applications and/or infrastructure products
• Attain significant achievements managing technical teams, contractors and vendors.
• Provide direction on evaluation, selection, implementation, and maintenance of cybersecurity tools, processes, and techniques for their assigned cyber domains and products, ensuring appropriate investment in strategic and operational systems.
• Lead others, as appropriate, and when necessary, that will consist of one or more agile coaches, data analytic researchers and other cybersecurity personnel
• Provide leadership in development of inter-team communication and cohesiveness; sustain culture and supporting assigned staff during organizational growth/changes.
• The ability to identify, assess, and prioritize potential security threats and vulnerabilities, and to develop and implement effective mitigation strategies.
• Provide leadership to a strong talent pool of technical professionals
• Leads teams to complete projects when a project manager has not been assigned.

Human Resource Management

• Build staff expertise and competence to meet evolving demands within the Enterprise Product Management unit.
• Attract, develop, coach and retain high-performance team members, empowering them to elevate their level of responsibility, span of control and performance in conjunction with the Cybersecurity Management and IT Workforce Planning & Workload Management office.

Financial Management

• Demonstrate consistent understanding of funding, communications and systems; recommend timelines and resources needed to achieve the program goals.
• Collaborates with IT Business Management Services to identify procurement contracts to support program related activities.

Strategy & Planning

• Promote the use of employee self -service and mobile connectivity within products to reduce the reliance of paper.
• Assesses and makes recommendations on the improvement and re-engineering within the IT Department and work with the stakeholders at keeping the total cost of ownership down.
• Uses judgment to form conclusions that may challenge conventional wisdom
• Recommends and supports automation of business process creating in-line forms and approvals, reducing the reliance on manual approvals that could be untimely.

Acquisition & Deployment

• Advises on the selection, prioritization, development, and implementation on products as they relate to the selection, acquisition, development, and installation of MTA IT and OT Security, applications, and infrastructure.
• Provides direction on evaluation, selection, implementation and maintenance of information systems, ensuring appropriate investment in strategic and operational systems.
• Coordinates and facilitates consultation with stakeholders to define business and systems requirements for new technology implementations, developing business case and cost justifications for such initiatives.
• Advises MTA IT management, as information becomes available, in the changing trends and emerging technology and their potential use within the MTA.
• Directs the development of the analysis required to determine if Information Technology projects should follow a “Build” (develop with in-house staff) or “Buy” (cloud or packaged solution) methodology.
• Manages the development and implementation of new modules within assigned products.

Management and Oversight

• Develop business case justifications and cost/benefit analyses for IT spending and initiatives keeping customizations to a minimum and total cost of ownership down.
• Ensure continuous delivery of product services through oversight of service level agreements with end users and monitoring of product performance.
• Participates in overall business planning bringing a current knowledge and future vision of technology and systems as related to the company’s goals.
• Responsible for leading and reporting on various product progress and deliverables ensuring that the IT/OT needs of the MTA are met on time and within budget, including identifying weekly, monthly, and annual performance targets to show progress on IT product work and OT objectives.
• Responsible for the recruitment, development, motivation, training, and retention of a diverse and high performing multi-level IT/OT team professionals, conforming to budgetary objectives and Human Resources policy and programs in conjunction with the IT Workforce Planning & Workload Management office.

Cybersecurity Officer-Specific Accountabilities

Planning

• Manage and plan the future technical architecture, providing insight into the future of their area of technology in order to continually improve effectiveness and efficiency.
• Plan and design identity management systems and access control policies, procedures, and controls that meet the organization's needs and comply with industry standards and regulations.
• Plan and design processes for identity provisioning, access request, access certification, risk assessment, data governance, and stakeholder management, to ensure the efficient, secure, and compliant management of identities.
• Manage and plan the evaluation of new technologies relative to their domain(s) to determine applicability to and best meet the needs of MTA and constituent agencies.
• Manage and ensure disaster recovery and contingency plans for their domain(s) to provide users with minimal interruptions in service.
• Manage and plan the development of roadmaps related to their area(s) of expertise to manage and meet identified technology needs.

Architecture

• Design and implement secure and scalable infrastructure for identity management, including the use of virtualization, cloud computing, and microservices, to ensure the efficient and effective management of identities across the organization.
• Oversees architectural direction for domains under management to meet senior management and cybersecurity goals.
• Develop and maintain an architectural design for the organization's identity management system, including the design of identity repositories, authentication mechanisms, and access control systems.
• Understand, review, and approve Cybersecurity Reference Architectures and Solutions for applying them

Revalidates systems to most recent reference architectures to determine gaps, develop and manage programs to align systems to newest standards and reference architectures

Contracts/Vendor Management

• Provide contract management support to ensure vendor deliverables are met
• Manage contracts and relationships with vendors and third-party providers of identity management and access control solutions, to ensure compliance with the organization's security standards, and to negotiate and manage service level agreements, maintenance and support arrangements and evaluate vendors performance.
• Contribute and own technical elements of RFPs and RFIs and negotiates with vendors on technical issues to ensure results are delivered in line with user and organization requirements.
• Manages contracts and expenses to ensure SLAs and contract renewals are processed timely
• Manage and lead major projects and assigned service providers with technical expertise to address mission critical issues, evaluates ongoing vendor service level and enforces SLAs and penalties.

Documentation

• Participate in the creation of enterprise security documents (policies, standards, baselines, guidelines, and procedures) under the direction of the IT Security Manager, where appropriate.
• Ensure the implementation of internal controls to monitor the effectiveness of the organization's identity management and access control systems, and conduct regular internal and external audits to validate compliance with relevant laws, regulations, and industry standards, and to identify and remediate any deficiencies in the organization's IGA systems.
• Develop and maintain detailed documentation of the organization's identity management and access control systems, policies, procedures, and controls, including system diagrams, configuration guides, user manuals, and compliance reports, to ensure that the organization's IGA systems are well understood and can be easily audited and maintained.
• Ensure detailed and updated documentation is in place for cybersecurity systems and user processes.

Guidance, Communications and Training Support

• Provides sound cybersecurity recommendations
• Provide escalation support to project teams in their area of expertise to promote technical understanding and talent development
• Train and report staff on the use of IGA systems and the organization's policies and procedures, to ensure compliance and effective use of the systems
• Provides technical guidance to project managers and senior leadership on cybersecurity and technology strategies
• Communicates investigation findings to relevant business units to help improve the information security posture
• Provide guidance and take input from Analysts, Engineers, Architects and Technology Subject Matter Experts on cybersecurity and technology best practices, current threat landscape, and a risk management approach for optimal alignment
• Provides timely and relevant updates to appropriate stakeholders and decision makers
• Ensure quality and review and guidance on tests of new systems and manage cybersecurity risks and remediation system testing, baseline, and best practices

Operations

• Assess and report on IGA metrics, and create dashboards to provide visibility into the organization's identity management and access control performance
• Ensure specific monitoring points are continually updated to assess performance of technologies in their domain(s). Identify and manage the necessary actions to ensure optimal performance and reliability.
• Onboard and evaluate authentication/authorization controls for SailPoint IdentityIQ application controls and related systems, to support the organization's IGA processes and access control policies
• Provide leadership and advisement when necessary, during incident response and provide continuous improvement updates to threat model for risks to the business and systems

Research & Analysis

• Monitors relevant information sources to stay up to date on current attacks and trends
• Research emerging technologies and process improvements to stay current and plan for evolving threat landscape to ensure strategy meetings current threats
• Hypothesizes new threats and indicators of compromise
• Validates and maintains incident response plans and processes to address potential threats
• Compiles and analyzes data for management reporting and metrics
• Ensure cybersecurity technology solutions meet strategy meets security framework objectives and business objectives

• Strong Verbal/written communications skills.
• Advanced skills and experience with content creation tools and strategies preferred.
• Ability to fit in with the constant shifting needs and demands of the business Departments.
• Successful track record in design of software systems to meet the current and future needs of a complex organization OR successful track record in design and implementation of IT Infrastructure and related hardware and software technologies to meet the current and future needs of a complex transportation organization.
• Financial/budgeting planning and management experience a plus.

• Certifications in technology subdomains preferred (ie. Cloud, Applications, Infrastructure, Security Technology, etc.).
• Bachelor’s Degree in Computer Science or related fields or equivalent experience. An equivalent combination of education and experience may be considered in lieu of degree.
• CISSP, CISM, or other advanced security-related certification preferred
• A minimum of 4 plus years of relevant experience.
• Requires prior experience with installing, maintaining, and troubleshooting technology systems.
• Experience in Project Management Principles (Waterfall and Agile) preferred.

Other Information:

As an employee of MTA Headquarters, you may be required to complete an annual financial disclosure statement with the State of New York, if your position earns more than $108,638 (this figure is subject to change) per year or if the position is designated as a policy maker.

How to Apply:

Qualified individuals interested in MTA Headquarters employment opportunities must apply through the MTA's online application and recruitment system. Please visit our website at http://www.mta.info/mta/employment/.

Equal Employment Opportunity:

MTA and its subsidiary and affiliated agencies are Equal Opportunity Employers, including with respect to veteran status and individuals with disabilities.

The MTA encourages qualified applicants from diverse backgrounds, experiences, and abilities, including military service members, to apply.