Metronorth Railroad

Cybersecurity Officer Manager Identity Operations

Metronorth Railroad$148K — $196K *
Information Technology
Less than 5 years of experience
Job Overview by Ladders

Qualifications

  • Bachelor's Degree in Computer Science or related field, or equivalent experience.
  • 4+ years of relevant experience in cybersecurity domains and leadership.
  • Deep understanding of cybersecurity and technology principles.
  • Proven project and people management abilities.
  • Familiarity with operating systems, cloud, mobile, and applications.

Responsibilities

  • Provide technical leadership for cybersecurity program management.
  • Lead teams in planning and maintaining cybersecurity tools and configurations.
  • Attract and develop a high-performance team to meet evolving demands.
  • Assess and recommend improvements within the IT department.
  • Coordinate consultations with stakeholders for new technology requirements.

Benefits

  • Telework option available (one day per week after 30 days of hire).
  • Opportunities for professional development and leadership training.
  • Work in a prominent organization with significant impact on public safety.
  • Engagement within a skilled and diverse team of professionals.
Full Job Description
Description

Position at MTA Headquarters

JOB TITLE:

Cybersecurity Officer Manager Identity Operations

SALARY RANGE:

$148,784 - $196,730

DEPT/DIV:

Information Technology

SUPERVISOR:

Cybersecurity Dir Ident&Access

LOCATION:

2 Broadway

HOURS OF WORK:

9:00 am - 5:30 pm (7.5 hours/day) or as required

This position is eligible for teleworking, which is currently one day per week. New hires are eligible to apply 30 days after their effective date of hire.

Job Summary:

The purpose of this position is to provide technical leadership and management of MTA's cybersecurity program in one or more technical domains. This role deals with both internal and external threats to the MTA systems which can affect both the safety of employees and customers, system integrity, and availability of operations. As part of managing the program, the Cybersecurity Officer will need expertise in managing a complex program with highly skilled staff, contracts, and processes associated with risk management that are essential to maintaining electronic and physical safety for MTA's business in all areas that utilize technology (Corporate, Customer Facing and Informational, Fare Payment/PCI, Operational Technologies, 3rd Party Managed, Vendors, etc.). The Cybersecurity Officer will be responsible for managing and developing staff, technology, and processes to reduce risk with the evolving cyber threat landscape and changing technology portfolio. This position works across multiple technology and cybersecurity domains to ensure cybersecurity is looked at holistically from user, data, component, and systems perspectives. The position also considers all risk assessments, data-driven analytics, and actively seeks to develop and maintain standards, reference architectures, and reduce risk of the MTA through emerging technologies and trends in the industry. The position is expected to have a level of expertise in one or more domains of technology and effective management. There is a long list of these specialized domains in the cybersecurity field, and this list is growing and ever-changing as the field evolves and as risks and circumstances change.

Responsibilities:

  • Leadership
    • Provide leadership to a strong talent pool of technical professionals
    • Lead a team of multi-functional technical staff planning, building, and maintaining cybersecurity tools, configurations, and risk mitigation to support Information and Operational Technology applications and/or infrastructure products
    • Lead others, as appropriate, and when necessary, that will consist of one or more agile coaches, data analytic researchers, and other cybersecurity personnel
    • Provide leadership in development of inter-team communication and cohesiveness; sustain culture and supporting assigned staff during organizational growth/changes.
    • Provide direction on evaluation, selection, implementation, and maintenance of cybersecurity tools, processes, and techniques for their assigned cyber domains and products, ensuring appropriate investment in strategic and operational systems.
    • Leads teams to complete projects when a project manager has not been assigned.
    • Attain significant achievements managing technical teams, contractors, and vendors.
  • Human Resource Management
    • Attract, develop, coach and retain high-performance team members, empowering them to elevate their level of responsibility, span of control and performance in conjunction with the Cybersecurity Management and IT Workforce Planning & Workload Management office.
    • Build staff expertise and competence to meet evolving demands within the Enterprise Product Management unit.
  • Financial Management
    • Demonstrate consistent understanding of funding, communications and systems; recommend timelines and resources needed to achieve the program goals.
    • Collaborates with IT Business Management Services to identify procurement contracts to support program-related activities.
  • Strategy & Planning
    • Assesses and makes recommendations on the improvement and re-engineering within the IT Department and works with the stakeholders to keep the total cost of ownership down.
    • Promotes the use of employee self -service and mobile connectivity within products to reduce the reliance on paper.
    • Recommends and supports automation of business processes, creating in-line forms and approvals, reducing the reliance on manual approvals that could be untimely.
    • Uses judgment to form conclusions that may challenge conventional wisdom
  • Acquisition & Deployment
    • Coordinates and facilitates consultation with stakeholders to define business and systems requirements for new technology implementations, developing business case and cost justifications for such initiatives.
    • Provides direction on evaluation, selection, implementation and maintenance of information systems, ensuring appropriate investment in strategic and operational systems.
    • Advises MTA IT management, as information becomes available, on changing trends and emerging technology and their potential use within the MTA.
    • Directs the development of the analysis required to determine if Information Technology projects should follow a "Build" (develop with in-house staff) or "Buy" (cloud or packaged solution) methodology.
    • Manages the development and implementation of new modules within assigned products.
    • Advises on the selection, prioritization, development, and implementation on products as they relate to the selection, acquisition, development, and installation of MTA IT and OT Security, applications, and infrastructure.
  • Management and Oversight
    • Participates in overall business planning, bringing current knowledge and future vision of technology and systems as related to the company's goals.
    • Responsible for leading and reporting on various product progress and deliverables, ensuring that the IT/OT needs of the MTA are met on time and within budget, including identifying weekly, monthly and annual performance targets to show progress on IT product work and OT objectives.
    • Ensure continuous delivery of product services through oversight of service level agreements with end users and monitoring of product performance.
    • Responsible for the recruitment, development, motivation, training and retention of a diverse and high-performing multi-level IT/OT team professionals, conforming to budgetary objectives and Human Resources policy and programs in conjunction with the IT Workforce Planning & Workload Management office.
    • Develop business case justifications and cost/benefit analyses for IT spending and initiatives, keeping customizations to a minimum and total cost of ownership down.
  • Cybersecurity Officer-Specific Accountabilities:
    • Planning
      • Manage and plan the future technical architecture, providing insight into the future of their area of technology in order to continually improve effectiveness and efficiency.
      • Manage and plan the development of roadmaps related to their area(s) of expertise to manage and meet identified technology needs.
      • Manage and plan the evaluation of new technologies relative to their domain(s) to determine applicability to and best meet the needs of MTA and constituent agencies.
      • Manage and ensure disaster recovery and contingency plans for their domain(s) to provide users with minimal interruptions in service.
    • Architecture
      • Oversees architectural direction for domains under management to meet senior management and cybersecurity goals.
      • Understands, reviews, and approves Cybersecurity Reference Architectures and Solutions for applying them
      • Revalidates systems to the most recent reference architectures to determine gaps, develop and manage programs to align systems to the newest standards and reference architectures
    • Contracts/Vendor Management
      • Contribute and own technical elements of RFPs and RFIs and negotiates with vendors on technical issues to ensure results are delivered in line with user and organization requirements.
      • Manages contracts and expenses to ensure SLAs and contract renewals are processed timely
      • Provide contract management support to ensure vendor deliverables are met
      • Manage and lead major projects and assigned service providers with technical expertise to address mission-critical issues, evaluate ongoing vendor service levels, and enforce SLAs and penalties.
    • Documentation
      • Ensure detailed and updated documentation is in place for cybersecurity systems and user processes.
      • Participate in the creation of enterprise security documents (policies, standards, baselines, guidelines, and procedures) under the direction of the IT Security Manager, where appropriate.
    • Guidance, Communications and Training Support
      • Provides timely and relevant updates to appropriate stakeholders and decision makers
      • Communicates investigation findings to relevant business units to help improve the information security posture
      • Provides technical guidance to project managers and senior leadership on cybersecurity and technology strategies
      • Ensures quality, review, and guidance on tests of new systems and manages cybersecurity risks and remediation system testing, baseline, and best practices
      • Provide escalation support to project teams in their area of expertise to promote technical understanding and talent development
      • Provide guidance and take input from Analysts, Engineers, Architects, and Technology Subject Matter Experts on cybersecurity and technology best practices, current threat landscape, and a risk management approach for optimal alignment
      • Provide sound cybersecurity recommendations
    • Operations
      • Provide leadership and advisement when necessary during incident response and provide continuous improvement updates to threat model for risks to the business and systems
      • Ensure specific monitoring points are continually updated to assess performance of technologies in their domain(s). Identify and manage the necessary actions to ensure optimal performance and reliability.
    • Research & Analysis
      • Validates and maintains incident response plans and processes to address potential threats
      • Compiles and analyzes data for management reporting and metrics
      • Research emerging technologies and process improvements to stay current and plan for an evolving threat landscape to ensure strategy meets current threats
      • Monitors relevant information sources to stay up to date on current attacks and trends
      • Ensure cybersecurity technology solutions meet strategy and security framework objectives and business objectives
      • Hypothesizes new threats and indicators of compromise
      • Oversee rigorous quality assurance processes to deliver reliability, performance, and safety objectives
  • Performs other duties as assigned
  • Complies with all policies and standards
  • May be required to work hours outside regular work hours, as applicable
  • Observes the work performed by contractors, as applicable
  • Reviews invoices and approves them if the work meets contractual standards, as applicable
  • Addresses performance issues with the contractor when possible, as applicable
  • Escalates issues to other parties when needed, as applicable

Required Qualifications:
  • Bachelor's Degree in Arts/Sciences (BA/BS). Bachelor's degree required in Computer Science or related fields. An equivalent combination of education and experience may be considered in lieu of a degree.
  • Minimum 4 years of relevant experience in one or more.
    • Cybersecurity Domains
    • Leadership ability

Competencies:
  • Must possess a deep understanding of technology and cybersecurity domain principles.
  • Proven ability to manage projects and initiatives.
  • Proven ability to manage people.
  • Proven ability to add value to a team.
  • Understanding of Operating Systems, Cloud, Mobile, and Applications.
  • Understanding of TCP/IP (OSI Layers 1- 4) and Internet and Intranet technologies required (OSI Layers 5-7).
  • Some Scripting or programming skills (PERL, Python, PowerShell, etc.) preferred as needed.
  • Proficient in Productivity Tools (ie., Office 365, G Suite).
  • Experience with Spreadsheets and Data Analysis.
  • Successful track record in design of software systems to meet the current and future needs of a complex organization OR successful track record in design and implementation of IT Infrastructure and related hardware and software technologies to meet the current and future needs of a complex transportation organization.
  • Strong Verbal/written communications skills.
  • Financial/budgeting planning and management experience a plus.
  • Ability to fit in with the constantly shifting needs and demands of the business Department


Core Competency

Proficiency Level

Competency Definition

Collaborates

Expert

Building partnerships and working collaboratively with others to meet shared objectives

Cultivates Innovation

Expert

Creating new and better ways for the organization to be successful

Customer Focus

Expert

Building strong customer relationships and delivering customer-centric solutions

Communicates Effectively

Expert

Developing and delivering multi-mode communications that convey a clear understanding of the unique needs of different audiences

Values Diversity

Expert

Recognizing the value that different perspectives and cultures bring to an organization

Cybersecurity Domains:
  • Active Directory and Directory Services
  • Identity and Access Management
  • Privileged Access Management
  • Cloud Security (PaaS, SaaS Applications)

About Metronorth Railroad

Metro-North Railroad is a commuter railroad that serves the northern suburbs of New York City. The railroad was founded in 1983 and is owned by the Metropolitan Transportation Authority (MTA). Metro-North operates three main lines, the Hudson Line, the Harlem Line, and the New Haven Line, which together serve over 85 million passengers annually. The railroad has a fleet of over 400 rail cars and operates over 700 trains per day. In addition to commuter service, Metro-North also operates several tourist trains, including the popular Fall Foliage and Holiday Express trains.
Learn more about Metronorth Railroad
Size
7,000 employees
Industry
Net Income
$100 million
Founded
1983
5 Year Trend
-5%
Revenue
$1 billion

Similar Jobs

More Jobs at Metronorth Railroad

More Information Technology Jobs

Find similar Cybersecurity Officer Manager Identity Operations jobs: