Cybersecurity Officer Manager - Application Security
Metropolitan Transportation Authority - New York, NY
posted 4 days ago
About the position
The purpose of this position is to provide technical leadership and management of MTA's cyber security program in one or more technical domains. This role deals with both internal and external threats to the MTA systems which can affect both safety of employees and customers, system integrity, and availability of operations. As part of managing the program, the Cybersecurity Officer will need expertise in managing a complex program with highly skilled staff, contracts, and processes associated with risk management that are essential to maintaining electronic and physical safety for MTA's business in all areas that utilize technology (Corporate, Customer Facing and Informational, Fare Payment/PCI, Operational Technologies, 3rd Party Managed, Vendors, etc.). The Cybersecurity Officer will be responsible for managing and developing staff, technology, and processes to reduce risk with the evolved cyber threat landscape and changing technology portfolio. This position works across multiple technology and cybersecurity domains to ensure cybersecurity is looked at holistically from user, data and component, and systems perspectives. The position also considers all risk assessments, data driven analytics, and actively seeks to develop and maintain standards, reference architectures, and reduce risk of the MTA through emerging technologies and trends in the industry. The position is expected to have a level of expertise in one or more domains of technology effective management. There is a long list of these specialized domains in the cybersecurity field and this list is growing and ever-changing as the field evolves and as risks and circumstances change. The Application Development Security Manager role is designed to oversee and enhance the security of our software applications from conception through deployment. This position is crucial for ensuring our applications are resilient against cyber threats, comply with industry and regulatory standards, and support our business objectives by mitigating risk, reducing downtime, and safeguarding our reputation. While Cyber threats are increasingly sophisticated and pervasive, securing our application development process is critical. Data breaches, security vulnerabilities, and compliance failures can lead to significant financial losses, legal ramifications, and damage to our brand's trust and integrity. MTA's ability to innovate and deliver is also at stake if we cannot assure the security and reliability of our applications. MTA utilizes inhouse and outsourced development teams in order to create applications/products that deliver business value. As a result, the teams require a dedicated program to ensure the products developed are coded securely on a consistent basis. These products enhance internal corporate and operational capability and provide external customers with capability to leverage MTA's various services. This role will ensure the continuous maturity and implementation of the strategies developed for the application security program. Specific expertise and skillset in the domain of Application Security are required to improve MTA Cybersecurity delivery in the domains of application code development, rapid application coding, DevSecOps, and accommodate the strategic change the Agile Product Management team is currently implementing. This program will provide scale for the 100s of MTA applications managed by MTA IT and/or MTA Business that needs constant oversight to enhance the MTA security posture while improving overall availability of the applications.
Responsibilities
- Provide leadership to a strong talent pool of technical professionals
- Lead a team of multi-functional technical staff planning, building, and maintaining cybersecurity tools, configurations and risk mitigation to support Information and Operational Technology applications and/or infrastructure products
- Lead others, as appropriate, and when necessary, that will consist of one or more agile coaches, data analytic researchers and other cybersecurity personnel
- Provide leadership in development of inter-team communication and cohesiveness; sustain culture and supporting assigned staff during organizational growth/changes.
- Provide direction on evaluation, selection, implementation, and maintenance of cybersecurity tools, processes, and techniques for their assigned cyber domains and products, ensuring appropriate investment in strategic and operational systems.
- Leads teams to complete projects when a project manager has not been assigned.
- Attract, develop, coach and retain high-performance team members, empowering them to elevate their level of responsibility, span of control and performance in conjunction with the Cybersecurity Management and IT Workforce Planning & Workload Management office.
- Demonstrate consistent understanding of funding, communications and systems; recommend timelines and resources needed to achieve the program goals.
- Assesses and makes recommendations on the improvement and re-engineering within the IT Department and work with the stakeholders at keeping the total cost of ownership down.
- Coordinates and facilitates consultation with stakeholders to define business and systems requirements for new technology implementations, developing business case and cost justifications for such initiatives.
- Participates in overall business planning bringing a current knowledge and future vision of technology and systems as related to the company's goals.
- Manage and plan the future technical architecture, providing insight into the future of their area of technology in order to continually improve effectiveness and efficiency.
- Oversees architectural direction for domains under management to meet senior management and cybersecurity goals.
- Contribute and own technical elements of RFPs and RFIs and negotiates with vendors on technical issues to ensure results are delivered in line with user and organization requirements.
- Ensure detailed and updated documentation is in place for cybersecurity systems and user processes.
- Provide timely and relevant updates to appropriate stakeholders and decision makers
- Provide leadership and advisement when necessary during incident response and provide continuous improvement updates to threat model for risks to the business and systems.
Requirements
- Bachelor's degree required, preferably in Computer Science or related fields.
- A minimum of 5 plus years of relevant experience.
- CISSP, CISM, or other advanced security-related certification preferred.
- Requires prior experience with installing, maintaining and troubleshooting technology systems.
- Experience in Project Management Principles (Waterfall and Agile) preferred.
Nice-to-haves
- Certifications in technology subdomains preferred (i.e. Cloud, Applications, Infrastructure, Security Technology, etc.).
- Some Scripting or programming skills (PERL, Python, PowerShell, etc.) preferred as needed.
Benefits
- Telework eligibility (currently two days per week)
- Diverse work environment
- Opportunities for professional development
