Vacancy expired!
- The Lead ICS Security Assessment & Mitigation will be collaborating with the agency Operating departments who are the stakeholders of the SCADA/ICS systems at the MTA to build a security conscious environment by performing risk assessment and implementing a mitigation plan while imparting the real and active threat from foreign states, terrorist organization and internal threats to the agency.
- Organize and manage agency wide penetration testing, incident response and table top exercises.
- Develop standards, guidelines and procedures to enhance ICS/SCAD systems security.
- Manage the ICS security risk assessment and mitigation implementation for all Agencies Supervisory Control and Data Acquisition / Industrial Control System (SCADA/ICS) to coordinate the efforts in the preparation of and response to cyber incidents that may significantly impact the critical infrastructure of the agency and constituent agencies.
- Identify all agency SCADA/ICS critical infrastructure on a risk-based approach to where cyber security incident could reasonably result in a catastrophic effect on the agency and the public.
- Provide and update senior management analysis of agency SCADA/ICS portfolio current risk based methodologies for security assessments and recommend security solutions for SCADA/ICS systems.
- Manage a threat and vulnerability assessment, identify the mitigation impact of cyber security framework with associated security measures or controls on business confidentially, availability to protect agency from unauthorized access ensuring agency assets are protected.
- Manage a cyber security framework to provide a prioritized, flexible performance based assessment, risk mitigation and cost effective approach, including information security measures and controls to assist Industrial Control Systems and (SCADA/ICS) owners to identify, assess and manage cyber security.
- Manage process to coordinate improvements to the cyber security of critical infrastructure in a collaborative process with critical infrastructure owners to determine if current cyber security requirements are sufficient given current and projected risks.
- Develop and manage the agency-IT SCADA/ICS preparedness, in a standardized coordinated approach through the agencies critical SCADA/ICS systems as directed by NYS, FRA, APTA, etc. cyber security procedures escalation, funding and resources to develop uniformity by agencies on cyber security preparedness and incident response.
- Oversee incident response planning and implementation as well as the investigation and monitoring of security breaches, Internet/Intranet security intrusion assessment while assisting with investigative and legal matters associated with such breaches as necessary as required by NYS, APTA and Executive Order.
- Work with senior staff and SCADA/ICS owners to prioritize security initiatives and spending based on appropriate risk management and/or financial methodology.
- Maintain internal and external relationships including other related government agencies to disseminate icritical SCADA/ICS nformation to operating agencies.
- Maintain on-going communication with all MTA-IT Directors, Senior Managers, Managers and security staff to provide vital input for the planning of new SCADA/ICS applications, hardware, rolling stock in support of the agency operating system strategy to ensure future SCADA/ICS initiatives are protected.
- Knowledge and experience of a broad range of policy, standards and common risk management methodologies - for example, NIST, ISO 2700X, PCI/DSS, COBIT, ITIL, ISO 2000, etc.
- Strong leadership and communication skills.
- Good problem solving skills and techniques.
- Extensive technical and analytical abilities.
- Strong human relations skills with the ability to select motivate and develop personnel.
- Represent and act for the Director SCADA/ICS in their absence.
- Ability to communicate effectively with all levels of the organization.
- Ability to manage highly technical personnel.
- Ability to interpret complex information and provide appropriate technological solutions.
- Well-organized and highly motivated with strong technical skills.
- The incumbent in the position is required to be "on call" in the 24-hour, 365-day operating environment to ensure the availability and delivery of technology services in support of agency corporate business goals and objectives.
- Bachelor's degree in Computer Science, Engineering, Business Administration with minor in Information Services or IT Security related field (or the equivalent of education and progressively responsible experience) plus a minimum of 10 years of Information Technology experience.
- 4 to 6 years of direct experience in risk assessment especially ICS systems and penetration testing is highly preferred.
- Experienced with performing network security administration such as firewalls, IPS, Proxy, VPN, Wireless Security, NAC, security event correlation tools etc are a plus.
- 4 years of progressive IT managerial or leadership experience.
- IT Security Certifications (CISSP, CISA, SANS, etc ) are a plus.
- An advanced degree and/or professional certification is desirable.
Vacancy expired!