Manager, Cybersecurity Data Architecture

Job ID: 8111

Business Unit: MTA Headquarters

Location: New York, NY, United States

Regular/Temporary: Regular

Department: IT CISO

Date Posted: Jul 12, 2024

Description

JOB TITLE: Manager, Cybersecurity Data Architecture

SALARY RANGE: $156,275 - $184,456

HAY POINTS: 805

DEPT/DIV: Information Technology / Cybersecurity

SUPERVISOR: Cybersecurity Director

LOCATION: Various/ 2 Broadway New York, NY 10004

HOURS OF WORK: 9:00 am - 5:30 pm (7.5 hours or as required)

This position is eligible for telework which is currently two day per week. New hires are eligible to apply 30 days after their effective date of hire.

About Us

The MTA transportation network has very large systems and infrastructure for financial, business, automated train, transportation, power, and physical security. The MTA IT Department is centrally responsible for providing a full range of Information and Operational Technology, and cybersecurity services to the MTA agencies and administrative units through its operating and support units.

MTA Cybersecurity is empowered, multi-functional teams focused on the protection of MTA’s assets from both internal and external cybersecurity threats which can affect both safety of employees and customers, system integrity, and availability of operations.

The purpose of this position is to provide technical leadership and management of MTA’s cyber security program in one or more technical domains as well as maintain secure environments for information systems to support MTA goals and priorities.

As part of managing the program, this role will require expertise in managing a complex program with highly skilled staff, contracts, and processes associated with risk management that are essential to maintaining electronic and physical safety for MTA’s business in all areas that utilize technology (Corporate, Customer Facing and Informational, Fare Payment/PCI, Operational Technologies, 3rd Party Managed, Vendors, etc.).

The Cybersecurity Manager will be responsible for managing and developing staff, technology, and processes to reduce risk with the evolved cyber threat landscape and changing technology portfolio. This position works across multiple technology and cybersecurity domains to ensure cybersecurity is looked at holistically from user, data and component, and systems perspectives.

The position also considers all risk assessments, data driven analytics, and actively seeks to develop and maintain standards, reference architectures, and reduce risk of the MTA through emerging technologies and trends in the industry.

Summary of Job

This position is responsible for continuously evaluating and partnering with the business and MTA IT disciplines to secure MTA’s Cloud Computing Environments. With the increase in the adoption of cloud technologies within MTA. The role will ensure that cloud solutions; Software as a Service (SaaS), Platform as a Service (PaaS) and Infrastructure as a Service (IaaS) currently in use are continuously evaluated and monitored for cybersecurity risks and have appropriate security controls. The manager will assist in administering a comprehensive cloud security program that covers these applications, middleware, and infrastructure environments. Specific expertise and skillset in the domain of Cloud Security are required to improve MTA Cybersecurity delivery and accommodate the strategic shift to cloud resources. Managing the security of MTA cloud resources and the constant need for oversight is extremely important to ensure secure environments through Cloud-Native Application Protection Platform (CNAPP), Cloud Access Service Broker, Cloud Workload Protection Platform (CWPP), Cloud Security Posture Management (CSPM) and various configuration profiles of the SaaS Applications, Rapid Application Development Platforms, and Cloud Infrastructure environments.

The candidate we are seeking needs to have up-to-date cloud security skills in securing data and SaaS applications and a broad expertise and knowledge in various technologies and design principles such as Zero-trust architecture to collaborate with cross-functional teams, the ability to deliver security services, to mature and develop processes and governance.

This role will ensure that resources are available and managed appropriately for timely delivery to various departments to minimize operational and business impact.

Responsibilities

• Lead the development and execution of data security strategies aligned with the organization's maturity goals and objectives.

• Oversee the implementation of data security tools, serving as the primary administrator and subject matter expert for data security platforms.

• Drive implementation of data security maturity efforts, identify areas for improvement, and develop actionable plans to enhance MTA's data security posture.

• Assist in data classification efforts, including the identification and categorization of sensitive data, and implement access controls to ensure appropriate data usage and protection.

• Collaborate with cross-functional teams to understand existing business processes, suggest strategies to augment and integrate data security measures into business processes, products, and services that protects MTA data.

• Collaborate with business units and IT teams to facilitate data security initiatives, including data standardization, data quality improvement, and data security training and awareness programs.

• Lead assessment of data exchange requests with external entities, including reviewing of data sharing agreements, privacy requests, and regulatory inquiries, ensuring compliance with MTA's cybersecurity standards.

• Collaborate with risk management, cyber security, and compliance teams to establish and maintain data governance policies, procedures, and controls in alignment with regulatory requirements and MTA's cybersecurity objectives.

• Provide strategic guidance and recommendations to senior leadership on data security matters, including emerging threats and vulnerabilities that impact MTA's resources and assets.

• Collaborate with DBAs to secure and harden databases configurations to minimize risk and vulnerabilities, ensuring compliance with industry standards.

• Establish key performance indicators (KPIs) and metrics to measure the effectiveness of data cybersecurity initiatives and drive continuous improvement.

• Stay abreast of industry trends and emerging best practices in data governance, and data security, incorporating relevant advancements into the organization's data strategy and roadmap.

• Monitor and report on key data metrics and KPIs, providing insights and recommendations to senior management for continuous improvement.

• Lead and mentor a team of security professionals, fostering a culture of excellence, collaboration, and innovation.

  Qualifications:

  Required Qualifications:

• Education: Bachelor’s Degree or related fields or equivalent experience. An equivalent combination of education and experience may be considered in lieu of degree.

• Experience: A minimum of 5 plus years of relevant experience. Leadership ability​.

• Demonstrated ability to inspire, motivate, and empower people to achieve organizational goals.

• Collaboration skills to ensure design specifications are seamlessly implemented by the development team.

  Knowledge & Skills:

• In-depth understanding of cybersecurity concepts, including threat landscape, attack vectors, and risk assessment.

• Familiarity with security frameworks and standards such as NIST, ISO 27001, CIS, and GDPR.

• Knowledge of encryption techniques, network security, and role-based access control.

• Proficiency in data classification, data masking, and data anonymization techniques.

• Strong knowledge of data retention policies and data lifecycle management.

• Ability to develop and enforce data access controls and Data Loss Prevention (DLP) measures.

• Expertise in using cybersecurity tools such as firewalls, intrusion detection/prevention systems, antivirus software, data security, and encryption tools.

• Knowledge of database security and encryption methods for protecting sensitive data.

• Sufficient experience and exposure to Data Analytics platforms and securing transformed data

• Experience and exposure to Structured and Unstructured data security and management.

• Expertise with a variety of Relational Databases.

• Experience with file-based encryption technology (manual and automated) solutions while adapting it to workflow.

• Capability to identify and assess security risks, vulnerabilities, and potential threats.

• Skill in conducting business and cyber risk assessments and developing risk mitigation strategies.

• Knowledge of digital forensics to investigate data security breaches.

• Understanding of incident response and disaster recovery planning.

• Familiarity with relevant data protection laws and industry-specific compliance requirements.

• Ability to ensure the organization's adherence to regulatory standards and privacy laws.

• Strong leadership and management skills to lead a team of cybersecurity professionals effectively.

• Effective communication skills to convey security policies, procedures, and incidents to both technical and non-technical stakeholders.

• Ability to collaborate with other departments to implement security measures and promote a security-conscious culture.

• Critical thinking skills to analyze complex security issues and develop effective solutions.

• Capacity to respond quickly and decisively to security incidents and breaches.

• Ability to build the necessary knowledge for the organization's business processes and objectives to align security measures with business goals.

• Budgeting and resource management skills to allocate resources efficiently.

• Ability to evaluate products against business and cybersecurity value requirements.

• Stay updated with the latest threats, technologies, and best practices in Data and Cyber Security.

• Ability to work independently.

• Demonstrated experience in leading Data Security initiatives and/or program while driving a strategic direction for business use cases.

• Excellent communication and writing skills for stakeholder engagement and senior management reporting with the ability to explain and present complex topics in easy to consume methods while maintaining the objectives of the program and business goals.

  Preferred Qualifications:

• CISSP, CISM, or other advanced security-related certification preferred

• Certifications in technology subdomains preferred (i.e., Cloud, Applications, Infrastructure, Security Technology, etc.).

  Preferred Technical Skills:

• Requires prior experience with installing, maintaining, and troubleshooting technology systems

• Experience in Project Management Principles (Waterfall and Agile) preferred.

• Cloud Computing – infrastructure as a Service, Platform as a Service

• Experience with file collaboration tools preferred (i.e. SharePoint, Sharefile, Box, SFTP, etc.)

• Experience with Relational Databases preferred (i.e. Oracle, MS SQL, Postgres, MySQL, etc.)

• Experience with Data Governance and Security Tools preferred

  Soft Skills:

• Active Listening, Attention to Detail, Customer Service,

• Prioritization, Problem Solving, Effective Verbal and Written Communication

• Performs other duties and tasks

• Observing the work performed by the contractor

• Reviewing invoices and approving them if the work had contractual standards

• Addressing performance issues with the contractor when possible

• Escalating issues to other parties as needed

  Competencies:

  Core Competency

  Proficiency Level

  Competency Definition

  Collaborates

  Expert

  Building partnerships and working collaboratively with others to meet shared objectives

  Cultivates Innovation

  Expert

  Creating new and better ways for the organization to be successful

  Customer Focus

  Expert

  Building strong customer relationships and delivering customer-centric solutions

  Communicates Effectively

  Expert

  Developing and delivering multi-mode communications that convey a clear understanding of the unique needs of different audiences

  Tech Savvy

  Expert

  Anticipating and adopting innovations in business-building digital

  and technology applications

  Technical Skills

  Expert

  Specialized knowledge and expertise on tools, programs, domains, platforms, and products used for specific tasks

  Values Diversity

  Expert

  Recognizing the value that different perspectives and cultures bring to an organization

  GENERAL:

• May need to work outside of normal work hours (i.e., evenings and weekends)

• Travel may be required to other MTA locations or other external sites

  Pursuant to the New York State Public Officers Law & the MTA Code of Ethics, all employees who hold a policymaking position must file an Annual Statement of Financial Disclosure (FDS) with the NYS Commission on Ethics and Lobbying in Government (the “Commission”). MTA and its subsidiary and affiliated agencies are Equal Opportunity Employers, including with respect to veteran status and individuals with disabilities.

The MTA encourages qualified applicants from diverse backgrounds, experiences, and abilities, including military service members, to apply.