Cybersecurity Officer- Data Protection

Description

JOB TITLE: Cybersecurity Officer- Data Protection
SALARY RANGE: $144,450.00 - $191,000.00
HAY POINTS: 805
DEPT/DIV: Information Technology / Cybersecurity
SUPERVISOR: Cybersecurity Director
LOCATION: Vario 2 Broadway New York, NY 10004
HOURS OF WORK: 9:00 am - 5:30 pm (7.5 hours or as required)

This position is eligible for telework which is currently two day per week. New hires are eligible to apply 30 days after their effective date of hire.

About Us

The MTA transportation network has very large systems and infrastructure for financial, business, automated train, transportation, power, and physical security. The MTA IT Department is centrally responsible for providing a full range of Information and Operational Technology, and cybersecurity services to the MTA agencies and administrative units through its operating and support units.

MTA Cybersecurity is empowered, multi-functional teams focused on the protection of MTA's assets from both internal and external cybersecurity threats which can affect both safety of employees and customers, system integrity, and availability of operations.

The purpose of this position is to provide technical leadership and management of MTA's cyber security program in one or more technical domains as well as maintain secure environments for information systems to support MTA goals and priorities.

As part of managing the program, this role will require expertise in managing a complex program with highly skilled staff, contracts, and processes associated with risk management that are essential to maintaining electronic and physical safety for MTA's business in all areas that utilize technology (Corporate, Customer Facing and Informational, Fare Payment/PCI, Operational Technologies, 3rd Party Managed, Vendors, etc.).

The Cybersecurity Manager will be responsible for managing and developing staff, technology, and processes to reduce risk with the evolved cyber threat landscape and changing technology portfolio. This position works across multiple technology and cybersecurity domains to ensure cybersecurity is looked at holistically from user, data and component, and systems perspectives.

The position also considers all risk assessments, data driven analytics, and actively seeks to develop and maintain standards, reference architectures, and reduce risk of the MTA through emerging technologies and trends in the industry.

Summary of Job

This role is critical to the MTA Business and ongoing MTA IT/Cybersecurity initiatives to manage the ongoing program of Data Security in partnership with the MTA Business (corporate and operations) to support their use cases, Enterprise Architecture, Product, Infrastructure and Security groups. MTA's Data Security program requires dedicated focus to support the numerous Business Processes, improve user handling of all types of data, manage and monitor data security platforms, and assist Product Teams and Business in securely managing various datasets hosted in systems, data warehouses, data lakes, devices, or collaboration platforms. Specific expertise and skillset in Data Classification, Protection, Systems, Transformation, and Storage, Transmission, Retention, and Collaboration Suites are required for this role.

To improve MTA service and decision making, MTA use of data through analytics and collaboration has dramatically increased, and knowledge of Analytics platforms is essential to ensure the business units are processing the data in a secure manner with the correct oversight and monitored guardrails. Furthermore, the program of Data Protection, involves enhancing the security of sensitive information, both structured (i.e. databases) and unstructured (i.e. files) data used across many agencies and departments such as Construction & Development, Strategic Initiatives, etc.

The candidate we are seeking needs to have up-to-date security skills in the data protection domain and a broad expertise and knowledge in various technologies to be able to help MTA enhance and further mature processes and data governance activities.

This recruitment will ensure that resources are available for timely delivery to various departments to minimize operational and business impact.

Responsibilities

• Lead the development and execution of data security strategies aligned with the organization's maturity goals and objectives.
• Oversee the implementation of data security tools, serving as the primary administrator and subject matter expert for data security platforms.
• Drive implementation of data security maturity efforts, identify areas for improvement, and develop actionable plans to enhance MTA's data security posture.
• Assist in data classification efforts, including the identification and categorization of sensitive data, and implement access controls to ensure appropriate data usage and protection.
• Collaborate with cross-functional teams to understand existing business processes, suggest strategies to augment and integrate data security measures into business processes, products, and services that protects MTA data.
• Collaborate with business units and IT teams to facilitate data security initiatives, including data standardization, data quality improvement, and data security training and awareness programs.
• Lead assessment of data exchange requests with external entities, including reviewing of data sharing agreements, privacy requests, and regulatory inquiries, ensuring compliance with MTA's cybersecurity standards.
• Collaborate with risk management, cyber security, and compliance teams to establish and maintain data governance policies, procedures, and controls in alignment with regulatory requirements and MTA's cybersecurity objectives.
• Provide strategic guidance and recommendations to senior leadership on data security matters, including emerging threats and vulnerabilities that impact MTA's resources and assets.
• Collaborate with DBAs to secure and harden databases configurations to minimize risk and vulnerabilities, ensuring compliance with industry standards.
• Establish key performance indicators (KPIs) and metrics to measure the effectiveness of data cybersecurity initiatives and drive continuous improvement.
• Stay abreast of industry trends and emerging best practices in data governance, and data security, incorporating relevant advancements into the organization's data strategy and roadmap.
• Monitor and report on key data metrics and KPIs, providing insights and recommendations to senior management for continuous improvement.
• Lead and mentor a team of security professionals, fostering a culture of excellence, collaboration, and innovation.

Knowledge & Skills:

• In-depth understanding of cybersecurity concepts, including threat landscape, attack vectors, and risk assessment.
• Familiarity with security frameworks and standards such as NIST, ISO 27001, CIS, and GDPR.
• Knowledge of encryption techniques, network security, and role-based access control.
• Proficiency in data classification, data masking, and data anonymization techniques.
• Strong knowledge of data retention policies and data lifecycle management.
• Ability to develop and enforce data access controls and Data Loss Prevention (DLP) measures.
• Expertise in using cybersecurity tools such as firewalls, intrusion detection/prevention systems, antivirus software, data security, and encryption tools.
• Knowledge of database security and encryption methods for protecting sensitive data.
• Sufficient experience and exposure to Data Analytics platforms and securing transformed data
• Experience and exposure to Structured and Unstructured data security and management.
• Expertise with a variety of Relational Databases.
• Experience with file-based encryption technology (manual and automated) solutions while adapting it to workflow.
• Capability to identify and assess security risks, vulnerabilities, and potential threats.
• Skill in conducting business and cyber risk assessments and developing risk mitigation strategies.
• Knowledge of digital forensics to investigate data security breaches.
• Understanding of incident response and disaster recovery planning.
• Familiarity with relevant data protection laws and industry-specific compliance requirements.
• Ability to ensure the organization's adherence to regulatory standards and privacy laws.
• Strong leadership and management skills to lead a team of cybersecurity professionals effectively.
• Effective communication skills to convey security policies, procedures, and incidents to both technical and non-technical stakeholders.
• Ability to collaborate with other departments to implement security measures and promote a security-conscious culture.
• Critical thinking skills to analyze complex security issues and develop effective solutions.
• Capacity to respond quickly and decisively to security incidents and breaches.
• Ability to build the necessary knowledge for the organization's business processes and objectives to align security measures with business goals.
• Budgeting and resource management skills to allocate resources efficiently.
• Ability to evaluate products against business and cybersecurity value requirements.
• Stay updated with the latest threats, technologies, and best practices in Data and Cyber Security.
• Ability to work independently.
• Demonstrated experience in leading Data Security initiatives and/or program while driving a strategic direction for business use cases.
• Excellent communication and writing skills for stakeholder engagement and senior management reporting with the ability to explain and present complex topics in easy to consume methods while maintaining the objectives of the program and business goals.

Preferred Qualifications:

• CISSP, CISM, or other advanced security-related certification preferred
• Certifications in technology subdomains preferred (i.e., Cloud, Applications, Infrastructure, Security Technology, etc.).

Preferred Technical Skills:

• Requires prior experience with installing, maintaining, and troubleshooting technology systems
• Experience in Project Management Principles (Waterfall and Agile) preferred.

• Cloud Computing - infrastructure as a Service, Platform as a Service
• Experience with file collaboration tools preferred (i.e. SharePoint, Sharefile, Box, SFTP, etc.)
• Experience with Relational Databases preferred (i.e. Oracle, MS SQL, Postgres, MySQL, etc.)
• Experience with Data Governance and Security Tools preferred

Leadership

• Provide leadership to a strong talent pool of technical professionals.

• Lead others, as appropriate, and when necessary, that will consist of one or more agile coaches, data analytic researchers and other cybersecurity personnel.
• Provide leadership in development of inter-team communication and cohesiveness; sustain culture and supporting assigned staff during organizational growth/changes.
• Provide direction on evaluation, selection, implementation, and maintenance of cybersecurity tools, processes, and techniques for their assigned cyber domains and products, ensuring appropriate investment in strategic and operational systems.

• Leads teams to complete projects when a project manager has not been assigned.

• Attain significant achievements managing technical teams, contractors and vendors.

Human Resource Management

• Attract, develop, coach and retain high-performance team members, empowering them to elevate their level of responsibility, span of control and performance in conjunction with the Cybersecurity Management and IT Workforce Planning & Workload Management office.
• Build staff expertise and competence to meet evolving demands within the Enterprise Product Management unit.

Financial Management

• Demonstrate consistent understanding of funding, communications and systems; recommend timelines and resources needed to achieve the program goals.
• Collaborates with IT Business Management Services to identify procurement contracts to support program related activities.

Strategy & Planning

• Assesses and makes recommendations on the improvement and re-engineering within the IT Department and work with the stakeholders at keeping the total cost of ownership down.
• Promote the use of employee self -service and mobile connectivity within products to reduce the reliance of paper.
• Recommends and supports automation of business process creating in-line forms and approvals, reducing the reliance on manual approvals that could be untimely.

• Uses judgment to form conclusions that may challenge conventional wisdom

Acquisition & Deployment

• Coordinates and facilitates consultation with stakeholders to define business and systems requirements for new technology implementations, developing business case and cost justifications for such initiatives.
• Provides direction on evaluation, selection, implementation and maintenance of information systems, ensuring appropriate investment in strategic and operational systems.
• Advises MTA IT management, as information becomes available, in the changing trends and emerging technology and their potential use within the MTA.
• Directs the development of the analysis required to determine if Information Technology projects should follow a "Build" (develop with in-house staff) or "Buy" (cloud or packaged solution) methodology.
• Manages the development and implementation of new modules within assigned products.
• Advises on the selection, prioritization, development and implementation on products as they relate to the selection, acquisition, development, and installation of MTA IT and OT Security, applications and infrastructure.

Management and Oversight

• Participates in overall business planning bringing a current knowledge and future vision of technology and systems as related to the company's goals.
• Responsible for leading and reporting on various product progress and deliverables ensuring that the IT/OT needs of the MTA are met on time and within budget, including identifying weekly, monthly and annual performance targets to show progress on IT product work and OT objectives.
• Ensure continuous delivery of product services through oversight of service level agreements with end users and monitoring of product performance.
• Responsible for the recruitment, development, motivation, training and retention of a diverse and high performing multi-level IT/OT team professionals, conforming to budgetary objectives and Human Resources policy and programs in conjunction with the IT Workforce Planning & Workload Management office.
• Develop business case justifications and cost/benefit analyses for IT spending and initiatives keeping customizations to a minimum and total cost of ownership down.

Cybersecurity Officer-Specific Accountabilities

Planning

• Manage and plan the future technical architecture, providing insight into the future of their area of technology in order to continually improve effectiveness and efficiency.
• Manage and plan the development of roadmaps related to their area(s) of expertise to manage and meet identified technology needs.
• Manage and plan the evaluation of new technologies relative to their domain(s) to determine applicability to and best meet the needs of MTA and constituent agencies.
• Manage and ensure disaster recovery and contingency plans for their domain(s) to provide users with minimal interruptions in service.

Architecture

• Oversees architectural direction for domains under management to meet senior management and cybersecurity goals.

• Understand, review, and approve Cybersecurity Reference Architectures and Solutions for applying them

Revalidates systems to most recent reference architectures to determine gaps, develop and manage programs to align systems to newest standards and reference architectures

Contracts/Vendor Management

• Contribute and own technical elements of RFPs and RFIs and negotiates with vendors on technical issues to ensure results are delivered in line with user and organization requirements.

• Manages contracts and expenses to ensure SLAs and contract renewals are processed timely

• Provide contract management support to ensure vendor deliverables are met
• Manage and lead major projects and assigned service providers with technical expertise to address mission critical issues, evaluates ongoing vendor service level and enforces SLAs and penalties.

Documentation

• Ensure detailed and updated documentation is in place for cybersecurity systems and user processes.
• Participate in the creation of enterprise security documents (policies, standards, baselines, guidelines, and procedures) under the direction of the IT Security Manager, where appropriate.

Guidance, Communications and Training Support

• Provides timely and relevant updates to appropriate stakeholders and decision makers.
• Communicates investigation findings to relevant business units to help improve the information security posture.
• Provides technical guidance to project managers and senior leadership on cybersecurity and technology strategies.
• Ensure quality and review and guidance on tests of new systems and manage cybersecurity risks and remediation system testing, baseline, and best practices.
• Provide escalation support to project teams in their area of expertise to promote technical understanding and talent development.
• Provide guidance and take input from Analysts, Engineers, Architects and Technology Subject Matter Experts on cybersecurity and technology best practices, current threat landscape, and a risk management approach for optimal alignment.
• Provides sound cybersecurity recommendations.

Operations

• Provide leadership and advisement when nec5ssary during incident response and provide continuous improvement updates to threat model for risks to the business and systems
• Ensure specific monitoring points are continually updated to assess performance of technologies in their domain(s). Identify and manage the necessary actions to ensure optimal performance and reliability.

Research & Analysis

• Validates and maintains incident response plans and processes to address potential threats
• Compiles and analyzes data for management reporting and metrics
• Research emerging technologies and process improvements to stay current and plan for evolving threat landscape to ensure strategy meetings current threats
• Monitors relevant information sources to stay up to date on current attacks and trends

• Ensure cybersecurity technology solutions meet strategy meets security framework objectives and business objectives
• Hypothesizes new threats and indicators of compromise

Qualifications:

Experience

• Bachelor's Degree in Computer Science or related fields or equivalent experience. An equivalent combination of education and experience may be considered in lieu of degree.
• CISSP, CISM, or other advanced security-related certification preferred
• Certifications in technology subdomains preferred (ie. Cloud, Applications, Infrastructure, Security Technology, etc.).
• A minimum of 4 plus years of relevant experience.
• Requires prior experience with installing, maintaining and troubleshooting technology systems.
• Experience in Project Management Principles (Waterfall and Agile) preferred.

Competencies

• Must possess a deep understanding of technology and cybersecurity domain principles.
• Solid understanding of data management principles, processes, and tools, as well as data security and privacy technologies and methods.

• Proven ability to manage projects and initiatives.
• Proven ability to manage people.
• Proven ability to add value to a team.

• Understanding of Operating Systems, Cloud, Mobile, and Applications.
• Understanding of TCP/IP (OSI Layers 1- 4) and Internet and Intranet technologies required (OSI Layers 5-7) required.
• Some Scripting or programming skills (PERL, Python, PowerShell, etc.) preferred as needed.
• Proficient in Productivity Tools (ie. Office 365, Gsuite).
• Experience with Spreadsheets and Data Analysis.
• Successful track record in design of software systems to meet the current and future needs of a complex organization OR successful track record in design and implementation of IT Infrastructure and related hardware and software technologies to meet the current and future needs of a complex transportation organization.
• Strong Verbal/written communications skills.
• Financial/budgeting planning and management experience a plus.
• Ability to fit in with the constant shifting needs and demands of the business Departments.

GENERAL:

• May need to work outside of normal work hours (i.e., evenings and weekends)
• Travel may be required to other MTA locations or other external sites

Pursuant to the New York State Public Officers Law & the MTA Code of Ethics, all employees who hold a policymaking position must file an Annual Statement of Financial Disclosure (FDS) with the NYS Commission on Ethics and Lobbying in Government (the "Commission"). MTA and its subsidiary and affiliated agencies are Equal Opportunity Employers, including with respect to veteran status and individuals with disabilities.

The MTA encourages qualified applicants from diverse backgrounds, experiences, and abilities, including military service members, to apply.

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.