Vacancy expired!
Job Information
JOB TITLE: Lead IT Security Policy and Guidance SALARY RANGE: Min. $99,757 Mid. $133,010 POINTS: 775 DEPT/DIV: MTA Information Technology/IT Cyber Security Services SUPERVISOR: Director Applications Infrastructure Endpoint Security LOCATION: 2 Broadway, New York, NY 10004 HOURS OF WORK: 8 :30 AM - 5:0 0 PM (7.5 hours) or as required DEADLINE: Open Untill Filled Summary This position is responsible for implementing and continuously improving the MTA IT risk and compliance program and strategy that monitors adherence to IT security requirements and drives remediation of unacceptable risks. It focuses on identifying IT-related directives to which the MTA is obliged to comply as well as ensuring compliance with laws, regulations, and organizational policies among other directives. Responsibilities- Oversee the development and revision of IT security policies, standards and procedures as well as their alignment of general technology policies with security requirements.
- Develop and/or ensure adherence to policy approval and publishing workflow within the GRC system
- Enforce and facilitate the routine review of policies, standards and associated procedures to ensure current, appropriately approved and communicated documentation
- Review staff-produced policies, standards and procedures for accuracy, audience appropriateness and professionalism and ability to communicate intended subject matter.
- Advise management on relevant laws, regulations, and policies and procedures as well as significant changes that may impact security posture.
- Ensure the development and management of information security awareness campaigns that targets both end users and specialized audiences (i.e., PCI/HIPAA managers)
- Attract, develop, coach and retain high performance team members, empowering them to elevate their level of responsibility, span of control and performance.
- Organize and coordinate Agency Cyber Security Awareness Program.
- Support an IT risk and compliance program that monitors adherence to IT security requirements.
- Track and manage MTA Cybersecurity Risk Register.
- Partner with other stakeholders to effectively coordinate execution of Third Party Risk Management (TPRM controls).
- Ensure TPRM assessments and related information is captured in Governance Risk and Compliance (GRC) tool.
- Strong organization skills and attention to detail with the ability to tackle competing priorities
- Strong verbal and written communication skills used to convey to both non-technical business owners and technology personnel
- Working knowledge of general technology and security concepts
- Experience with Governance Risk and Compliance tools
- Business logic and requirements gathering experience
- A Bachelor's degree in Computer Science, Business Administration, Engineering, Finance, Information Services (or the equivalent of education and progressive responsible experience) plus a minimum of 10 years of Information Technology experience with at least 4 years of progressive IT managerial experience.
- One or more relevant certifications: CISSP, CISA, CIPP and/or technical IT security credentials preferred
Vacancy expired!