Cybersecurity Officer OT OperationsnnJob ID: 9707nnBusiness Unit: MTA HeadquartersnnLocation: New York, NY, United StatesnnRegular/Temporary: RegularnnDepartment: IT CISOnnDate Posted: Nov 27, 2024nnDescriptionnnJOB TITLE: Cybersecurity Officer OT OperationsnnSALARY RANGE: $144,450.00 - $191,000.00nnHAY POINTS: 805nnDEPT/DIV: Information Technology / CybersecuritynnSUPERVISOR: Cybersecurity DirectornnLOCATION: Various/ 2 Broadway New York, NY 10004nnHOURS OF WORK: 9:00 am - 5:30 pm (7.5 hours or as required)nnThis position is eligible for telework which is currently two day per week. New hires are eligible to apply 30 days after their effective date of hire.nnSummary of JobnnThe purpose of this position is to provide technical leadership and management of MTA’s cyber security program in one or more technical domains.nnThis role deals with both internal and external threats to the MTA systems which can affect both safety of employees and customers, system integrity, and availability of operations.nnAs part of managing the program, the Cybersecurity Officer will need expertise in managing a complex program with highly skilled staff, contracts, and processes associated with risk management that are essential to maintaining electronic and physical safety for MTA’s business in all areas that utilize technology (Corporate, Customer Facing and Informational, Fare Payment/PCI, Operational Technologies, 3rd Party Managed, Vendors, etc.).nnThe Cybersecurity Officer will be responsible for managing and developing staff, technology, and processes to reduce risk with the evolved cyber threat landscape and changing technology portfolio.nnThis position works across multiple technology and cybersecurity domains to ensure cybersecurity is looked at holistically from user, data and component, and systems perspectives.nnThe position also considers all risk assessments, data driven analytics, and actively seeks to develop and maintain standards, reference architectures, and reduce risk of the MTA through emerging technologies and trends in the industry.nnThe position is expected to have a level of expertise in one or more domains of technology effective management. There is a long list of these specialized domains in the cybersecurity field and this list is growing and everchanging as the field evolves and as risks and circumstances change.nnPreferred Skills:nnControl Systems Security : Secure PTC, signaling, and SCADA systems.nnNetwork Security : Implement firewalls, IDS/IPS, and secure architectures.nnAccess Control : Knowledge/Experience with MFA and secure remote access.nnSystem Hardening : Network/Server/ End Point hardeningnnRegulatory Compliance : Familiarity with NIST SP 800-82, IEC 62443, and railway standards.nnRisk Assessment : Familiarity with conducting Cybersecurity Risk assessment.nnVulnerability Management : Identify and manage OT vulnerabilities.nnMonitoring & Logging : Ability to analyze and respond to alerts.nnVendor Risk Management : Assess cybersecurity of new technologies.nnCollaboration : Work with engineering and IT for integrated security solutions.nnResponsibilitiesnnLeadershipnnProvide leadership to a strong talent pool of technical professionalsnnLead a team of multi-functional technical staff planning, building, and maintaining cybersecurity tools, configurations and risk mitigation to support Information and Operational Technology applications and/or infrastructure productsnnLead others, as appropriate, and when necessary, that will consist of one or more agile coaches, data analytic researchers and other cybersecurity personnelnnprovide leadership in development of inter-team communication and cohesiveness; sustain culture and supporting assigned staff during organizational growth/changes.nnProvide direction on evaluation, selection, implementation, and maintenance of cybersecurity tools, processes, and techniques for their assigned cyber domains and products, ensuring appropriate investment in strategic and operational systems.nnLeads teams to complete projects when a project manager has not been assigned.nnAttain significant achievements managing technical teams, contractors and vendors.nnHuman Resource ManagementnnAttract, develop, coach and retain high-performance team members, empowering them to elevate their level of responsibility, span of control and performance in conjunction with the Cybersecurity Management and IT Workforce Planning & Workload Management office.nnBuild staff expertise and competence to meet evolving demands within the Enterprise Product Management unit.nnFinancial ManagementnnDemonstrate consistent understanding of funding, communications and systems; recommend timelines and resources needed to achieve the program goals.nnCollaborates with IT Business Management Services to identify procurement contracts to support program related activities.nnStrategy & PlanningnnAssesses and makes recommendations on the improvement and re-engineering within the IT Department and work with the stakeholders at keeping the total cost of ownership down.nnPromote the use of employee self -service and mobile connectivity within products to reduce the reliance of paper.nnRecommends and supports automation of business process creating in-line forms and approvals, reducing the reliance on manual approvals that could be untimely.nnUses judgment to form conclusions that may challenge conventional wisdomnnAcquisition & DeploymentnnCoordinates and facilitates consultation with stakeholders to define business and systems requirements for new technology implementations, developing business case and cost justifications for such initiatives.nnProvides direction on evaluation, selection, implementation and maintenance of information systems, ensuring appropriate investment in strategic and operational systems.nnAdvises MTA IT management, as information becomes available, in the changing trends and emerging technology and their potential use within the MTA.nnDirects the development of the analysis required to determine if Information Technology projects should follow a “Build” (develop with in-house staff) or “Buy” (cloud or packaged solution) methodology.nnManages the development and implementation of new modules within assigned products.nnAdvises on the selection, prioritization, development and implementation on products as they relate to the selection, acquisition, development, and installation of MTA IT and OT Security, applications and infrastructure.nnManagement and OversightnnParticipates in overall business planning bringing a current knowledge and future vision of technology and systems as related to the company’s goals.nnResponsible for leading and reporting on various product progress and deliverables ensuring that the IT/OT needs of the MTA are met on time and within budget, including identifying weekly, monthly and annual performance targets to show progress on IT product work and OT objectives.nnEnsure continuous delivery of product services through oversight of service level agreements with end users and monitoring of product performance.nnResponsible for the recruitment, development, motivation, training and retention of a diverse and high performing multi-level IT/OT team professionals, conforming to budgetary objectives and Human Resources policy and programs in conjunction with the IT Workforce Planning & Workload Management office.nnDevelop business case justifications and cost/benefit analyses for IT spending and initiatives keeping customizations to a minimum and total cost of ownership down.nnCybersecurity Officer-Specific AccountabilitiesnnPlanningnnManage and plan the future technical architecture, providing insight into the future of their area of technology in order to continually improve effectiveness and efficiency.nnManage and plan the development of roadmaps related to their area(s) of expertise to manage and meet identified technology needs.nnManage and plan the evaluation of new technologies relative to their domain(s) to determine applicability to and best meet the needs of MTA and constituent agencies.nnManage and ensure disaster recovery and contingency plans for their domain(s) to provide users with minimal interruptions in service.nnArchitecturennOversees architectural direction for domains under management to meet senior management and cybersecurity goals.nnUnderstand, review, and approve Cybersecurity Reference Architectures and Solutions for applying themnnRevalidates systems to most recent reference architectures to determine gaps, develop and manage programs to align systems to newest standards and reference architecturesnnContracts/Vendor ManagementnnContribute and own technical elements of RFPs and RFIs and negotiates with vendors on technical issues to ensure results are delivered in line with user and organization requirements.nnManages contracts and expenses to ensure SLAs and contract renewals are processed timelynnProvide contract management support to ensure vendor deliverables are metnnManage and lead major projects and assigned service providers with technical expertise to address mission critical issues, evaluates ongoing vendor service level and enforces SLAs and penalties.nnDocumentationnnEnsure detailed and updated documentation is in place for cybersecurity systems and user processes.nnParticipate in the creation of enterprise security documents (policies, standards, baselines, guidelines, and procedures) under the direction of the IT Security Manager, where appropriate.nnGuidance, Communications and Training SupportnnProvides timely and relevant updates to appropriate stakeholders and decision makersnnCommunicates investigation findings to relevant business units to help improve the information security posturennProvides technical guidance to project managers and senior leadership on cybersecurity and technology strategiesnnEnsure quality and review and guidance on tests of new systems and manage cybersecurity risks and remediation system testing, baseline, and best practicesnnProvide escalation support to project teams in their area of expertise to promote technical understanding and talent developmentnnProvide guidance and take input from Analysts, Engineers, Architects and Technology Subject Matter Experts on cybersecurity and technology best practices, current threat landscape, and a risk management approach for optimal alignmentnnProvides sound cybersecurity recommendationsnnOperationsnnProvide leadership and advisement when necessary during incident response and provide continuous improvement updates to threat model for risks to the business and systemsnnEnsure specific monitoring points are continually updated to assess performance of technologies in their domain(s). Identify and manage the necessary actions to ensure optimal performance and reliability.nnResearch & AnalysisnnValidates and maintains incident response plans and processes to address potential threatsnnCompiles and analyzes data for management reporting and metricsnnResearch emerging technologies and process improvements to stay current and plan for evolving threat landscape to ensure strategy meetings current threatsnnMonitors relevant information sources to stay up to date on current attacks and trendsnnEnsure cybersecurity technology solutions meet strategy meets security framework objectives and business objectives.nnHypothesizes new threats and indicators of compromisennQualifications:nnExperiencennBachelor’s Degree in Computer Science or related fields or equivalent experience. An equivalent combination of education and experience may be considered in lieu of degree.nnCISSP, CISM, or other advanced security-related certification preferrednnCertifications in technology subdomains preferred (ie. Cloud, Applications, Infrastructure, Security Technology, etc.).nnA minimum of 4 plus years of relevant experience.nnRequires prior experience with installing, maintaining and troubleshooting technology systems.nnExperience in Project Management Principles (Waterfall and Agile) preferred.nnCompetenciesnnMust possess a deep understanding of technology and cybersecurity domain principles.nnProven ability to manage projects and initiatives.nnProven ability to manage people.nnProven ability to add value to a team.nnUnderstanding of Operating Systems, Cloud, Mobile, and Applications.nnUnderstanding of TCP/IP (OSI Layers 1– 4) and Internet and Intranet technologies required (OSI Layers 5-7) required.nnSome Scripting or programming skills (PERL, Python, PowerShell, etc.) preferred as needed.nnProficient in Productivity Tools (ie. Office 365, Gsuite).nnExperience with Spreadsheets and Data Analysis.nnSuccessful track record in design of software systems to meet the current and future needs of a complex organization OR successful track record in design and implementation of IT Infrastructure and related hardware and software technologies to meet the current and future needs of a complex transportation organization.nnStrong Verbal/written communications skills.nnFinancial/budgeting planning and management experience a plus.nnAbility to fit in with the constant shifting needs and demands of the business Departments.nnCore CompetencynnProficiency LevelnnCompetency DefinitionnnCollaboratesnnExpertnnBuilding partnerships and working collaboratively with others to meet shared objectivesnnCultivates InnovationnnExpertnnCreating new and better ways for the organization to be successfulnnCustomer FocusnnExpertnnBuilding strong customer relationships and delivering customer-centric solutionsnnCommunicates EffectivelynnExpertnnDeveloping and delivering multi-mode communications that convey a clear understanding of the unique needs of different audiencesnnTech SavvynnN/AnnAnticipating and adopting innovations in business-building digitalnnand technology applicationsnnTechnical SkillsnnN/AnnSpecialized knowledge and expertise on tools, programs, domains, platforms, and products used for specific tasksnnValues DiversitynnExpertnnRecognizing the value that different perspectives and cultures bring to an organizationnnGENERAL:nnMay need to work outside of normal work hours (i.e., evenings and weekends)nnTravel may be required to other MTA locations or other external sitesnnPursuant to the New York State Public Officers Law & the MTA Code of Ethics, all employees who hold a policymaking position must file an Annual Statement of Financial Disclosure (FDS) with the NYS Commission on Ethics and Lobbying in Government (the “Commission”). MTA and its subsidiary and affiliated agencies are Equal Opportunity Employers, including with respect to veteran status and individuals with disabilities.nnThe MTA encourages qualified applicants from diverse backgrounds, experiences, and abilities, including military service members, to apply.