Assistant Director, Business Information Security Officer

MetroLINK

Los Angeles, California

JOB DETAILS
SALARY
$129,971–$201,455 Per Year
JOB TYPE
Full-time
SKILLS
Analysis Skills, Auditing, Best Practices, Business Continuity Planning (BCP), Business Operations, Business Plan, Business Process Management, Business Processes, CISA - Certified Information Systems Auditor, CISM - Certified Information Security Manager, CISSP - Certified Information Systems Security Professional, Communication Skills, Communications Security (COMSEC), Computer Security, Conferences, Construction, Corrective Action, Crisis Management, Cross-Functional, Customer Relations, Customer Support/Service, Disaster Recovery, Disciplinary Action, Employee Orientation, Enterprise Protection, Establish Priorities, External Audit, Finance, Government, HIPAA (Health Insurance Portability and Accountability Act), Heavy Equipment/Vehicles, IP (Internet Protocol), ISO (International Organization for Standardization), Incident Response, Industry Standards, Information Assets, Information Technology & Information Systems, Information/Data Security (InfoSec), Internal Audit, Internet Security, Interpersonal Skills, Maintain Compliance, Metrics, Needs Assessment, Network Administration/Management, Network Protocols, Network Security, Office Equipment, Online Training, Operational Strategy, Operations Security (OPSEC), PCI, PCI-DSS, Performance Reviews, Physical Demands, Physical Security, Policy Development, Privacy Controls, Problem Solving Skills, Program Planning, Project/Program Management, Railroad Construction, Record Keeping, Regulatory Compliance, Risk Analysis, Risk Management, Security Compliance, Security Monitoring, Security Policy, Staff Training, Strategic Planning, Systems Administration/Management, TCP/IP (Transmission Control Protocol/Internet Protocol), Technical Leadership, Technical Operations, Time Management, Training Program, U.S. National Institute of Standards and Technology (NIST), Warehousing, Work From Home
LOCATION
Los Angeles, California
POSTED
10 days ago

Job Title/Classification: Assistant Director (Various)

Working/Posting Title: Assistant Director, Business Information Security Officer


PURPOSE OF POSITION

The Southern California Regional Rail Authority (SCRRA), operator of the METROLINK Commuter Rail System, is seeking a Assistant Director, Business Information Security Officer (BISO) who will understand the key assets and processes, define and evolve cybersecurity strategy, identify and evaluate risks and controls, and suggest incremental controls or risk mitigation strategies where necessary. Additionally, the Assistant Director, BISO will ensure business compliance with Information Security Policies and Standards while continuously monitoring and reporting on risks and documented exceptions. The Assistant Director, BISO helps the business achieve their objectives while not compromising the security posture. The Assistant Director, BISO will work under the general direction of SCRRA’s Chief Technology Officer, and the position will collaborate with internal and external auditors to ensure compliance with SCRRA’s cyber security procedures and industry standards.


DISTINGUISHING CHARACTERISTICS

This job description is not part of a job series.


SUPERVISION EXERCISED AND RECEIVED

  • Receive general oversight from executive level management.
  • This position will have no direct reports.

The duties listed below are intended to describe the general nature and level of work being performed and are not to be interpreted as an exhaustive list of responsibilities.

  • Lead, develop, and implement SCRRA-wide or large-scale business unit information and operational technology security strategies, programs, plans, programs, policies, and procedures designed to protect the integrity and security of the SCRRA network, data resources, operations, and other information assets in accordance with SCRRA policies and industry standards.
  • Develop and maintain in-depth understanding of region/business unit processes, systems, technologies, data, customers, consumers, partners.
  • Evaluate the overall technology portfolio for adherence to security policies and procedures for all SCRRA corporate and operational systems (e.g.  positive train control (PTC)).
  • Coordinate auditing and compliance and certification requirements.
  • Leads cyber security training program for the agency, consumers, and partners as needed.
  • Act as the key security resource for IT leadership and the IDTS Business Partners and other local personnel.
  • Partner with all Departments to achieve effective working relationships that can further the effectiveness of the Security program.
  • Lead development of the Information Security Policies and Standards throughout the agency.
  • Lead implementation of cyber security solutions required to meet business objectives.
  • Review and audit technical implementations of physical security solutions required to meet business objectives.
  • Lead information security operations in partnership with all departments.
  • Proactively identify noncompliance and areas of potential improvement, and issue corrective actions to department manager.
  • Engage with clients and customers as needed to assist the business to achieve its objectives by representing our security program, supporting internal and external audits, assisting in customer communication of security incident, etc.).
  • Participate in region/business unit related conferences, client facing engagement, industry forums to represent the Cyber Security program.
  • Provide regular and timely reporting on the status of cyber security throughout the agency.
  • Provide escalation path for security issues, incidents and inquiries.
  • Review work of the Security Incident Response and Crisis Management teams to ensure the effective driving of incidents to acceptable resolution; assist with investigations as needed.
  • Provide Cyber Security Guidance for agency personnel.
  • Drive remediation activities throughout the agency.
  • Work with the Compliance and Information Risk Management team to drive policy and regulatory compliance.
  • Responsible for the PCI-DSS annual compliance submission requirement and develop monitoring program to ensure SCRRA is PCI compliant.
  • The responsibilities outlined above are representative of the role but not exhaustive. Additional duties may be assigned as needed, and reasonable accommodation will be provided to qualified individuals with disabilities in accordance with applicable laws.

Education and Experience

  • Bachelor’s degree in Information Systems, Cybersecurity, Auditing or a related field.
  • A minimum of (8) years of relevant work experience.
  • A minimum of (5) years of experience in supervising and monitoring the work of subordinate staff or project managers, including monitoring and evaluating staff.
  • A combination of training, education and or experience that provides the required knowledge, skills and abilities may be considered when determining minimum qualifications. Advanced relevant coursework may also substitute for a portion of required experience. 


PREFERRED QUALIFICATIONS

  • A minimum of five (5) years of experience in business security policy development, metrics capture, and analysis and system authorization.
  • Certification pertaining to information security and data privacy protection (CISSP, CISA, CRISC, CISM, CEH, etc.)
  • Experience in compliance, government or financial industry.
  • Experience in the design and implementation of information security programs.
  • Knowledge and experience with security and governance frameworks: SSAE-18 (SOC-2), HIPPA, PCI-DSS, ISO27991, NIST, Fedramp.


Knowledge, Skills, and Abilities

Knowledge of:

  • Advanced level understanding of business theory, business processes, management, and business operations.
  • Advanced level understanding of planning, organizing, and developing Information Technology security and physical security system technologies.
  • Extensive experience in enterprise security document creation.
  • Experience in designing and delivering employee security awareness training.
  • Experience in developing Business Continuity Plans and Disaster Recovery Plans.
  • Strong understanding of IP, TCP/IP, and other network administration protocols.
  • Expert level understanding of key network and technical security controls. 
  • Security best practices including experience with NIST 800-53, ISO27001 and PCI DSS.P

Skilled in:

  • Applying IT in solving security problems.
  • Setting and managing priorities.
  • Executive level presentations.
  • Maintaining interpersonal relationships.

Ability to:

  • Analyze and solve problems.
  • Apply organizational information security policies at a business unit level.
  • Develop conceptual frameworks and apply sound principles for the secure operation of SCRRA technology resources.
  • Define and develop security strategies and roadmaps.
  • Facilitate cross-functional team meetings and build consensus.
  • Understand business needs and work collaboratively with business stakeholders and team members.
  • Implement and manage the administration of relevant security systems and solutions.
  • Recommend and implement changes in security policies and practices in accordance with changing needs.
  • Promote and oversee strategic security relationships between internal resources and external entities, including other government agencies, vendors, and partner organizations.
  • Communicate effectively, both orally and in writing.
  • Maintain, and accurately complete records.
  • Establish and maintain effective working relationships with supervisors, fellow employees, and the public

PHYSICAL REQUIREMENTS

  • Transition between a stationary position at a desk or work location and move about Metrolink facilities or other work site locations.
  • Operate tools to perform the duties of the position, such as computers, office equipment and work-related machinery.
  • Transport equipment or boxes up to 25lbs.
  • Visual acuity to detect, identify and observe employees or train movement and any barriers to movement when working on or near railroad tracks. 
  • Hear and perceive the nature of sounds when working on or near railroad tracks.
  • Balance, ascend/descend, climb, kneel, stoop, bend, crouch, or crawl within assigned working conditions and or locations.

Working Conditions

Position requires work in a normal office environment with little exposure to excessive noise, dust, or temperature. Work may also be conducted in outdoor environments, at construction sites, Railroad Track and Right-of-Way environments, and warehouse environments, with possible exposure to individuals who are hostile or irate, moving mechanical parts, and loud noises (85+ decibels, such as heavy trucks, construction, etc.). Telecommuting may be available for this classification.

Southern California Regional Rail Authority is an Equal Opportunity Employer. In compliance with the Americans with Disabilities Act, the Authority will provide reasonable accommodations to qualified individuals with disabilities and encourages both prospective and current employees to discuss potential accommodations with the employer. 

SUPPLEMENTAL INFORMATION:

Following a review of resumes and/or applications, the most highly qualified candidates will be invited to continue in the selection process. Eligible applicants will be notified of the exact time and place of assessments and interview. Candidates will be interviewed to determine their relative knowledge, skills and ability in job related areas. Offers of employment may be contingent upon successful completion of a reference check, including degree verification and criminal records check provided through SCRRA.

Internal Candidates: Employees with active discipline as defined in the HR Policy No. 5.3 Positive Discipline Program and/or with performance that does not meet the standard for "meets expectations" as defined in the Performance Planning and Appraisal Process may be precluded from consideration and placement in the position.
 
In compliance with the Americans with Disabilities Act, the SCRRA will provide reasonable accommodations to qualified individuals with disabilities and encourages both prospective and current employees to discuss potential accommodations with the employer.
 
The SCRRA is an Equal Opportunity Employer. EEO/ADA

About the Company

M

MetroLINK

METROLINK CAREERS

 

JOIN OUR TEAM

With a shared purpose and commitment to excellence, we strive to motivate and challenge our employees to explore the limits of their potential. We promote a culture of innovation, safety, team-work, collaboration, and respect. We strongly encourage candidates from diverse backgrounds,skills and experiences and actively eliminate disparities through inclusive hiring practices, that acknowledge the contributions and potential of all candidates.
 

WHO WE ARE

Advancing the well-being of our riders, our communities, and our planet, one ride at a time.

Metrolink is Southern California’s regional passenger rail service. As a leader in sustainable transportation and a force for equity and economic prosperity, we work hard every day to make our region more accessible by train. We improve the quality of life for all of our communities by empowering riders to choose how they travel and connecting people to greater opportunity and new experiences. As a result, our riders get where they need to go without worrying about access to transportation or sitting in traffic. Metrolink counts nearly 12 million annual boardings, removes an estimated 9.3 million vehicles from the road and reduces greenhouse gas emissions by 130,000 metric tons with our fleet of Tier 4 clean technology locomotives each year.

 
Metrolink Employee in Safety Gear

WHAT'S IT LIKE WORKING AT METROLINK?

Our employees stand at the very heart of our success – they devote their ideas, creativity, knowledge and entrepreneurial spirit to ensuring a great customer experience. We support and develop our employees through targeted, customized, professional development and a healthy work-life balance, a culture focused on innovation and connecting people to opportunity.

 

OUR VALUES

People & Safety

Safety is foundational. Everything we do demonstrates an appreciation for quality of life, and every act values the lives of our employees, contractors, co-workers, customers, and communities.

Quality

We operate on best practices and principles with a continued focus on providing high-quality service to our customers every day on every ride.

Efficiency

As responsible stewards of public funds, we embrace innovative solutions and continuous improvement for the lowest cost and most efficient operations.

Growth

We continuously seek creative, progressive, and collaborative solutions to promote investment, develop partnerships, and increase capacity to improve the mobility of Southern Californians.

 

EMPLOYEE BENEFITS

Invest In Wellness

  • Medical, Dental, Vision, Disability & Life Insurance
  • Accessible Health Coaching
  • Flexible Savings Account
  • Employee Assistance Program
  • Work-life balance

 

Access Greater Opportunity

  • Network & Connection
  • Professional Development
  • Tuition reimbursement
  • Community Volunteer
  • Opportunities

 

Plan for The Future

  • Retirement Planning
  • CalPERS
  • Railroad Retirement Board
  • 457 Plan
  • Transportation pass
  • Paid Time Off

 

The Metrolink Internship programs are a unique opportunity for current college students, recent grads and those enrolled in specialized program, to gain real world experience, work with industry leaders and exercise practical application of academic studies. Our interns work closely with our team members on agency wide projects to advance their technical, personal, and leadership skills, while enhancing mobility of Southern Californians.

INTERNSHIPS & PROGRAMS

The Metrolink Internship programs are a unique opportunity for current college students, recent grads and those enrolled in specialized program, to gain real world experience, work with industry leaders and exercise practical application of academic studies. Our interns work closely with our team members on agency wide projects to advance their technical, personal, and leadership skills, while enhancing mobility of Southern Californians.

 

 
COMPANY SIZE
1,000 to 1,499 employees
INDUSTRY
Travel, Transportation and Tourism
EMPLOYEE BENEFITS
Paid Sick Days, Parking, Professional Development, Subsidized Commuting, Employee Referral Program, Employee Events, Retirement / Pension Plans, Transportation Allowance, Tuition Reimbursement, Vehicle Allowance, Work From Home, Life Insurance, Merchandise Discounts
FOUNDED
1992
WEBSITE
http://www.metrolinktrains.com/