Sr. Governance, Risk & Compliance Security Analyst

SUMMARY

Responsible for the oversight of the Governance, Risk and Compliance (GRC) program and cybersecurity activities of the Authority. Develops and implement strategies to ensure that sustainable business controls and processes are in place to protect the information infrastructure of the Authority. This position will assist with designing, reviewing, and implementing critical security solutions to support the Azure public cloud infrastructure. Reviews and defines security requirements for projects. Evaluates security and compliance risks to ensure that internal policies follow government guidelines, regulatory requirements and security best practices. Develops and maintains information security policies and procedures.

ESSENTIAL DUTIES AND RESPONSIBILITIES

1. Provides oversight of the Authority-wide Information Security Risk programs (i.e. Governance, Risk and Compliance program, Vendor Risk Management program, etc.) and cyber security functions of the Authority.

2. Develops and maintains the Authority’s risk register which contains a listing of all identified risks and their potential impact to the Authority.

3. Creates, tracks and manages repository for all risk letters. Ensures that security protocols are in place and followed for each identified risk in efforts to eliminate or reduce the Authority’s exposure to security risks, threats and vulnerabilities.

4. Establishes and maintains cybersecurity polices, processes and controls. Ensures that cybersecurity efforts are adequately designed to address information security protocols and governmental compliance in a timely manner.

5. Evaluates information systems, data processes and communications for security risks.

6. Conducts IT security risk assessments for technology, information security frameworks and Industrial Control Systems (ICS)/ SCADA.

7. Participates in strategic planning efforts for the deployment of ICS technologies and program enhancements ensuring successful and secure implementations.

8. Works in close collaboration with stakeholders to identify, validate, and mitigate security risks with appropriate solutions and security controls (including but not limited to cybersecurity, enterprise governance, risk management services, compliance reporting and vulnerability management, etc.).

9. Ensures that risks are mitigated and reported within a timely manner. Validates that required security controls are included with new products.

10. Performs in-depth assessments of IT security related processes and systems.

11. Identifies and anticipates system limitations that could lead to regulatory risks with new products and services. Develops and implements strategies to mitigate security compliance risks.

12. Provides technical vision, direction, and guidance to leadership team on best practice in the support of the design and implementation of Azure cloud-based infrastructure.

EDUCATION and/or EXPERIENCE

Bachelor’s degree in Information Technology, Computer Science or a related technical field. Must have seven years of progressively responsible experience in information security/technology, risk management or governance risk control serving in a lead/senior capacity is required. Must have three years of demonstrated Azure and cloud security experience managing multiple security domains. Experience should encompass business continuity planning, auditing, and contract/vendor negotiations. Must have advanced knowledge of information security procedures, hardware, software, and best practices. Must be able to make technical recommendations to ensure systems are designed and implemented securely. Must have working knowledge of one or more of the following frameworks: ICS/SCADA, NIST 800 series, PCI, ISO27001, CIS top 20 security controls and Cyber Security Framework.

MARTA is an Equal Opportunity Employer and does not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, religion, sexual orientation, gender identity and/or expression, status as a veteran, and basis of disability or any other federal, state or local protected class.