Business Information Security Officer, Senior Manager - Metrolink - Pomona, CA
Apply On Employer's Website
PURPOSE OF POSITION
The BISO will understand the key assets and processes, identify and evaluate risks and controls, and suggest incremental controls or risk mitigation strategies where necessary. Additionally, the BISO will ensure business compliance with Information Security Policies and Standards while continuously monitoring and reporting on risks and documented exceptions. The BISO helps the business achieve their objectives while not compromising the security posture. The BISO will work under the general direction of SCRRA’s Chief of Safety, Security, and Compliance and the position will have specific auditing requirements and general oversight to ensure compliance with SCRRA’s cyber security procedures and industry standards. The position will work closely with the Chief Technology Officer and Information Technology staff to help ensure the most efficient and pragmatic cyber security program possible.
TO APPLY: This is a continuous recruitment with the first review of applications beginning May 26, 2021. Interested applicants are encouraged to apply immediately.
SUPERVISION EXERCISED AND RECEIVED
- Receive general oversight from director or executive level management.
- This position will have no direct reports.
ESSENTIAL DUTIES AND RESPONSIBILITIES
The duties listed below are intended to describe the general nature and level of work being performed and are not to be interpreted as an exhaustive list of responsibilities.
- Develop and maintain in depth understanding of region/business unit processes, systems, technologies, data, customers, consumers, partners
- Act as the local security resource for the IT leadership and the IT Business Partners, IT Infrastructure, IT Architecture, HR, Finance, Legal and other local personnel
- Partner with all Departments to achieve effective working relationships that can further the effectiveness of the Security program
- Review and audit the Information Security Policies and Standards throughout the agency
- Review and audit technical implementations of security solutions required to meet business objectives
- Proactively identify noncompliance and areas of potential improvement, and issue corrective actions to department manager
- Engage with clients and customers as needed to assist the business to achieve its objectives by representing our security program, supporting internal and external audits, assisting in customer communication of security incident, etc.)
- Participate in region/business unit related conferences, client facing engagement, industry forums to represent the Cyber Security program
- Provide regular and timely reporting on the status of cyber security throughout the agency.
- Provide escalation path for security issues, incidents and inquiries
- Review work of the Security Incident Response and Crisis Management teams to ensure effectively driving incidents to acceptable resolution; assist with investigations as needed
- Provide Cyber Security Guidance for agency personnel.
- Drive remediation activities throughout the agency.
- Work with the Compliance and Information Risk Management team to drive policy and regulatory compliance.
- Review the implementation and translation of information security policies.
- Ensure via audit process the Service Level Management for Cyber security and Assurance.
MINIMUM JOB QUALIFICATIONS
EDUCATION AND EXPERIENCE
- Bachelor’s degree in Information Systems, Cybersecurity, Auditing or a related field.
- A minimum of (5) years of relevant experience.
- Experience in compliance, government or financial industry.
- Experience in the design and implementation of information security programs
- A combination of training, education and or experience that provides the required knowledge, skills and abilities may be considered when determining minimum qualifications. Advanced relevant coursework may also substitute for a portion of required experience.
- Valid Class C Driver's License with a satisfactory driving record of no more than three moving violations and no DUI's within the last three years.
- A minimum of (3) years of experience in business security policy development, metrics capture and analysis and system authorization.
- Certification pertaining to information security and data privacy protection (CISSP, CISA, CRISC, CISM, etc.)
KNOWLEDGE, SKILLS AND ABILITIES
- Microsoft Windows CE Operating System.
- Zebra programming language.
- Data Warehouse table layout and relationships.
- Expert level understanding of key network and technical security controls.
- Security best practices including experience with NIST 800-53, ISO27001 and PCI DSS. P
- Incident response and coordinating activities.
- Analyze and solve problems.
- Apply organizational information security policies at a business unit level.
- Stay up to date in BI technology trends and provide solutions.
- Apply organizational information security policies at a business unit level
- Effectively communicate relevant IT-related information to superiors and peers across the organization.
- Manage and organize timely and materials.
- Transition between a stationary position at a desk or work location and move about Metrolink facilities or other work site locations.
- Operate tools to perform the duties of the position; such as computers, office equipment and work-related machinery.
- Transport equipment or boxes up to 25lbs.
- Exchange ideas by means of communication.
- Visual acuity to detect, identify and observe employees or train movement and any barriers to movement when working on or near railroad tracks.
- Hear and perceive the nature of sounds when working on or near railroad tracks.
- Balance, ascend/descend, climb, kneel, stoop, bend, crouch or crawl within assigned working conditions and or locations.
Position requires work in a normal office environment with little exposure to excessive noise, dust, or temperature. Work may also be conducted in outdoor environments, at construction sites, Railroad Track and Right-of-Way environments, and warehouse environments, with possible exposure to individuals who are hostile or irate, moving mechanical parts, and loud noises (85+ decibels, such as heavy trucks, construction, etc.). Telecommuting may be available for this classification.
Southern California Regional Rail Authority is an Equal Opportunity Employer. In compliance with the Americans with Disabilities Act, the Authority will provide reasonable accommodations to qualified individuals with disabilities and encourages both prospective and current employees to discuss potential accommodations with the employer.
This job is currently active.