This job is closed

We regret to inform you that the job you were interested in has been closed. Although this specific position is no longer available, we encourage you to continue exploring other opportunities on our job board.

Advanced Cybersecurity Governance Risk & Compliance Analyst

Metropolitan Transportation Authorityposted 7 days ago
$136,727 - $161,382/Yr
Full-time - Mid Level
Remote - New York, NY
Executive, Legislative, and Other General Government Support

About the position

The MTA transportation network has very large systems and infrastructure for financial, business, automated train, transportation, power, and physical security. The MTA IT Department is centrally responsible for providing a full range of Information and Operational Technology services to the MTA agencies and administrative units through its operating and support units. These services are provided on a 24/7/365 basis to support the MTA organization and its ridership. This role is responsible for prioritizing, leading and delivering cybersecurity initiatives to reduce, mitigate and remediate cybersecurity risks that impact both the Information Technology (IT) department and all the MTA agencies. This role facilitates compliance with regulatory requirements (e.g., TSA directives) and information security policies from the MTA and New York State. This role also partners and collaborates with MTA's Enterprise Risk Management team to address cybersecurity risk impacts to non-IT areas throughout the organization. This role is responsible for providing critical expertise and guidance to less experienced colleagues on managing and analyzing cybersecurity risks, including risk identification, mitigation, and management. The analysis is conducted through technology risk assessments, data analytics tools, and business processes reviews. This role is responsible for collaborating with security engineers, architects, developers, vendors, and business units to continuously reduce the overall security risk to the MTA. This role must possess knowledge of cybersecurity risk frameworks and best practices.

Responsibilities

  • Analyzes and interprets industry standards, regulations, and best practices to develop risk management tools to identify cyber risk trends, gap analysis, or maturity opportunities.
  • Utilizes risk profiles and dynamic reporting mechanisms to incorporate cybersecurity risk information into the organization's enterprise risk management program, providing a fully integrated, prioritized, enterprise-wide view of risks to drive strategic and business decisions.
  • Facilitates the remediation of control gaps and escalates cyber risk management activities to the C-suite by leveraging the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) 2.0 and incorporates the activities into the organization's broader enterprise risk management programs.
  • Identifies ATT&CK techniques (e.g., malware, ransomware, intrusion, etc.) and streamlines compliance efforts by leveraging Cybersecurity best practices, such as CIS Critical Security Controls.
  • Oversees research of adversary techniques against enterprise IT networks and cloud by leveraging relevant risk identification tools and knowledge bases, such as MITRE ATT&CK.
  • Enhances cyber risk management processes across the MTA by providing thought leadership, oversight, and coordination with other risk management activities across the organization.
  • Monitors the cyber environment for new risks and reviews the effectiveness of risk mitigation strategies, ensuring that the organization adapts to evolving threat landscapes.
  • Guides less experienced colleagues on analyzing information to proactively identify risks, trends, and process improvements, supporting reporting on risk topics to management and compliance-related collateral.
  • Drives risk project and program delivery, including project and process management, reporting, engagement in senior leadership meetings, and drafting and reviewing materials for senior management and other governance activities.
  • Continuously evaluates the effectiveness of the cyber risk program by developing, monitoring, gathering, and analyzing metrics for management.
  • Builds successful relationships with IT, Cybersecurity, and Enterprise Risk to understand the impact of cyber risk on business processes.
  • Co-leads and participates in risk and other management forums, contributing to continuous improvement of risk and project or program management practices.
  • Co-develops the agenda and materials for division meetings and events.
  • Develops, publishes, and manages the lifecycle of cyber risk policies, procedures, and guidelines in collaboration with Subject Matter Experts (SMEs).
  • Lead workforce cybersecurity activities including culture, awareness, and training to ensure appropriate awareness of cyber risk requirements across the Enterprise.
  • Establishes a cyber risk quantification methodology that effectively details inputs, outputs, and measurements for cyber risks.
  • Creates and designs risk reporting dashboards and recommends/builds enhancements to ensure consistent alignment with changes in the risk environment.
  • Plans and allocates resources effectively to support risk management activities, including investing in technology, personnel, and training.
  • Develops cyber risk program performance metrics, monitors program performance, and produces required program reports.
  • Promotes and enforces compliance with IT and cyber risk policies, standards, procedures, and guidelines.
  • Collaborates effectively with colleagues, stakeholders, and leaders across multiple organizations to achieve strategic objectives.
  • Performs other duties and tasks as assigned.
  • Observes the work performed by the contractor.
  • Reviews invoices and approving them if the work has contractual standards.
  • Addresses performance issues with the contractor when possible.
  • Escalates issues to other parties as needed.

Requirements

  • Education: bachelor's degree and minimum of 8 years of relevant experience. An equivalent combination of education and experience may be considered in lieu of a degree.
  • Experience: 8 years
  • Requires at least one certification in the current platform/domain/technical skill.

Nice-to-haves

  • GIAC Critical Controls Certification (CIS)
  • ISC2 Certified in Cybersecurity
  • GIAC Security Leadership (GSLC)
  • Global Information Assurance Certification (GIAC)
  • Azure Security Engineer Associate
  • Certified Compliance & Ethics Professional (CCEP)
  • Certified Ethical Hacker (CEH)
  • Certified in Risk and Information Systems Control (CRISC)
  • Certified Information Privacy Professional (CIPP)
  • Certified Information Security Manager (CISM)
  • Certified Information Systems Auditor (CISA)
  • Certified Information Systems Security Professional (CISSP)
  • ISO 27001 Lead Auditor
  • Certified Secure Software Lifecycle Professional (CSSLP)
  • Offensive Security Certified Professional (OSCP)
  • CompTIA Security+ Certification
  • Cybersecurity Nexus (CSX) Practitioner
  • GIAC Certified Incident Handler (GCIH)
  • GIAC Security Essentials (GSEC)
  • ISC2 Certified Governance, Risk and Compliance (CGRC)

Benefits

  • Eligible for telework which is currently two days per week.
  • May need to work outside of normal work hours (i.e., evenings and weekends).
  • Travel may be required to other MTA locations or other external sites.
Hard Skills
Information Assurance
1
Information Privacy
1
Information Systems
1
Security Engineering
1
Security Management
1
0ZMSdBleT 6X7DphfEo
0
1hBZ7 qRFmHJ9Gb
0
2hA6kDTMfH O02hs
0
3eDZjRrGhnMb po9M5Pj2
0
4D2 lwW50 txCTdcJDUIV
0
4WqCX lHFwjKkZVB
0
4w1RAvz ifHLEQvrIx
0
4yNcARqK7 UbYNa4Shx
0
6h5jVS9Rg 51XjuPlTS
0
6zFpJGn7qo Umjhfwgi 5QA7WE9BabhlNYf
0
9QZ kFA2d 8EFTeMhAO6k
0
AdaSuGcT3 SBMyvuoA
0
BNAS91IFxo fn1DOhQWFKRy
0
BTLD Td1QUrfav
0
CWPyGn7qSB EOJ32pQqK4HuxcTD
0
EF7Bo03c8 XCHFWyx3wYn
0
EthROQmU O3HGCWXYE1QR
0
GvzZjteJx R32OXnd9mC7
0
HM6ICueY VlifZ fDqE3iSk2b9
0
HM7onIZRQq 5xD9O
0
Iy2QerD68Rl Xl5Uv
0
Iz3CA1vbk dRgGk7LsZBy
0
JhI7WHPx 1XKjoJ2Mvhe
0
KQ7Gf c1LY3BZnQ
0
Kc7H6BkdXFZlJC2 rwmjCTQAg
0
M2q kANfE U1HRWCDjfBz
0
P1AKr32lQW 4M1jarhu0q8
0
R5tKZQz qDloBAL7FmYG3M DIgpGE7
0
RD7sfi5S6n E1HdNPuwq
0
Rk6uHULzh74I R6ArVzPFepD
0
SsWqmKCM7 KhdMJXTnjSaQ
0
Syn3BIkGvi 9GjzZKcbwO3t7Msi
0
TOpwjY CDNTy
0
U1dIzKAf4v Yztqfe9hl
0
UC4Fy JKQsOe4g0pr
0
VyWda93B pEYygdQmTqRH
0
X80DuqKrT 7O8mY2k0
0
XTDWpuReinF Gn3HchomfxMTD
0
XbGNRx4C7u15 HYMcJwsIlO5FZ
0
YNf78 8A4w19cj3SI
0
avs27V0Fbr R0untpUx2sJg7m
0
b4V S2OEB SRLngBuzqCD
0
c35vt v7MBWhe2lz0
0
gVXI4tfGQ1 E61fDCApuMS
0
gWt E71Ke O9YiLwu5q1v
0
iQ1cSMyW0lfm 1WFpmUzSrDf AibV2ldcNM9
0
jmvrDeGMV u4H6LJblM
0
jpA8M3JEinw orynuLTUWH
0
k6LVO p1s3bjr9c
0
kfD7XFA2psc d3Jr9c6qD7OGC
0
lFTGyhkE7HW Q2jik zOfrteoYvga
0
lVE g5dvH D52fepRQZSi
0
ly4Xixosn W7BJM8GH
0
mBJO3UHZc Z7atnSGf6ic
0
mw3FjER61 6k1vAYEli
0
nOYtK0EB ImQKVJsLT
0
qXCOSl6voL fEgemWaMCZcxJo
0
r9pNfT ZW9SG
0
rGenC3Pu xYNPIwoCe
0
rUunNqQJC jyrnkWXamoxw7
0
sGZKCi8awBq69
0
tAudW9FZ sAc3e8PpnKW
0
tQL0SRHiY WuaF9mz3UQ
0
vcHLgp HPN3I TqKkN1iRbDj
0
voUmzX dDO1U
0
w3iL06DSl XujsHSZ0
0
Soft Skills
5yVFwsQjr DYaTNyf7U
0
RGsZv0Po pDMkaQ7b
0
Y3tmgIE0i wq9DskX
0
Unlock 69 more keywords by signing up for Teal+
Sign Up
Build your resume with AI

A Smarter and Faster Way to Build Your Resume

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service