Job Details

ID #40921514
State New York
City New york city
Job type Permanent
Salary USD TBD TBD
Source MTA New York City Transit
Showed 2022-05-15
Date 2022-05-14
Deadline 2022-07-13
Category Security
Create resume

Lead ICS Security Assessment & Mitigation

New York, New york city, 10004 New york city USA

Vacancy expired!

Job Information

JOB TITLE: Lead ICS Security Assessment & Mitigation

SALARY MIN: $103,746 MID: $138,327.50 MAX: $172,909

POINTS: 775DEPT/DIV: MTA Information Technology/IT Cyber Security ServicesSUPERVISOR: Dir IT Security ICS / SCADA

LOCATION: 2 BroadwayHOURS OF WORK: 9:00 AM - 5:30 PM (7 1/2 hours)

APPLICATION DEADLINE: Posted Until Filled

In order to protect our employees and continue to provide safe and reliable service to our communities, as of November 14, 2021 we are requiring all new MTA hires to be fully vaccinated against COVID-19 prior to their start date. MTA will consider exceptions for religious and medical reasons, where appropriate. "Fully vaccinated" means you must have both doses of a 2-dose vaccine and two weeks have elapsed since the second dose, or have received 1 dose of a 1-dose vaccine and two weeks have elapsed since the dose. Proof of your vaccination status in the form of a CDC vaccine card must be submitted prior to your start date.

Summary

The Lead ICS Security Assessment & Mitigation will be collaborating with the MTA Operating departments who are the stakeholders of the SCADA/ICS systems at the MTA to build a security conscious environment by performing risk assessment and implementing a mitigation plan while imparting the real and active threat from foreign states, terrorist organization and internal threats to the MTA.

Responsibilities

  • Organize and manage MTA wide penetration testing, incident response and table top exercises.
  • Develop standards, guidelines and procedures to enhance ICS/SCAD systems security.
  • Manage the ICS security risk assessment and mitigation implementation for all MTA Agencies Supervisory Control and Data Acquisition / Industrial Control System (SCADA/ICS) to coordinate the efforts in the preparation of and response to cyber incidents that may significantly impact the critical infrastructure of the MTA and constituent agencies.
  • Identify all agency SCADA/ICS critical infrastructure on a risk-based approach to where cyber security incident could reasonably result in a catastrophic effect on the MTA and the public.
  • Provide and update senior management analysis of MTA SCADA/ICS portfolio current risk based methodologies for security assessments and recommend security solutions for SCADA/ICS systems.
  • Manage a threat and vulnerability assessment, identify the mitigation impact of cyber security framework with associated security measures or controls on business confidentially, availability to protect MTA from unauthorized access ensuring MTA assets are protected.
  • Manage a cyber security framework to provide a prioritized, flexible performance based assessment, risk mitigation and cost effective approach, including information security measures and controls to assist Industrial Control Systems and (SCADA/ICS) owners to identify, assess and manage cyber security.
  • Manage process to coordinate improvements to the cyber security of critical infrastructure in a collaborative process with critical infrastructure owners to determine if current cyber security requirements are sufficient given current and projected risks .
  • Develop and manage the MTA-IT SCADA/ICS preparedness, in a standardized coordinated approach through the agencies critical SCADA/ICS systems as directed by NYS, FRA, APTA, etc. cyber security procedures escalation, funding and resources to develop uniformity by agencies on cyber security preparedness and incident response.
  • Oversee incident response planning and implementation as well as the investigation and monitoring of security breaches, Internet/Intranet security intrusion assessment while assisting with investigative and legal matters associated with such breaches as necessary as required by NYS, APTA and Executive Order.
  • Work with senior staff and SCADA/ICS owners to prioritize security initiatives and spending based on appropriate risk management and/or financial methodology. Maintain internal and external relationships including other related government agencies to disseminate icritical SCADA/ICS nformation to operating agencies.
  • Maintain on-going communication with all MTA-IT Directors, Senior Managers, Managers and security staff to provide vital input for the planning of new SCADA/ICS applications, hardware, rolling stock in support of the MTA operating system strategy to ensure future SCADA/ICS initiatives are protected.
Qualifications

  • Knowledge and experience of a broad range of policy, standards and common risk management methodologies - for example, NIST, ISO 2700X, PCI/DSS, COBIT, ITIL, ISO 2000, etc.
  • Strong leadership and communication skills.
  • Good problem solving skills and techniques.
  • Extensive technical and analytical abilities.
  • Strong human relations skills with the ability to select motivate and develop personnel.
  • Represent and act for the Director SCADA/ICS in their absence.
  • Ability to communicate effectively with all levels of the organization.
  • Ability to manage highly technical personnel.
  • Ability to interpret complex information and provide appropriate technological solutions.
  • Well-organized and highly motivated with strong technical skills.
The incumbent in the position is required to be "on call" in the 24-hour, 365-day operating environment to ensure the availability and delivery of technology services in support of MTA corporate business goals and objectives.

Education and Experience

  • Bachelor's degree in Computer Science, Engineering, Business Administration with minor in Information Services or IT Security related field (or the equivalent of education and progressively responsible experience) plus a minimum of 10 years of Information Technology experience.
  • 4 to 6 years of direct experience in risk assessment especially ICS systems and penetration testing is highly preferred. Experienced with performing network security administration such as firewalls, IPS, Proxy, VPN, Wireless Security, NAC, security event correlation tools etc are a plus.
  • 4 years of progressive IT managerial or leadership experience.
  • IT Security Certifications (CISSP, CISA, SANS, etc) are a plus.
  • An advanced degree and/or professional certification is desirable.
Other Information

As an employee of MTA Headquarters you may be required to complete an annual financial disclosure statement with the State of New York, if your position earns more

than $101,379 (this figure is subject to change) per year or if the position is designated as a policy maker.

How To Apply

Qualified applicants can submit an online application by clicking on the 'APPLY NOW' button from either the CAREERS page or from the JOB DESCRIPTION page.

If you have previously applied on line for other positions, enter your User Name and Password. If it is your first registration, click on the CLICK HERE TO REGISTER hyperlink and enter a User Name and Password; then click on the REGISTER button.

Equal Employment Opportunity

MTA and its subsidiary and affiliated agencies are Equal Opportunity Employers, including with respect to veteran status and individuals with disabilities.

The MTA encourages qualified applicants from diverse backgrounds, experiences, and abilities, including military service members, to apply.

Vacancy expired!

Subscribe Report job