Manager - Information Security Engineering

Salary range is $104k to $206k with a midpoint of $155k. New hires typically receive between minimum and midpoint, however, we may go slightly higher based on experience, internal equity and market.

Sound Transit also offers a competitive benefits package with a wide range of offerings, including:

• Health Benefits: We offer two choices of medical plans, a dental plan, and a vision plan all at no cost for employee coverage; comprehensive benefits for employees and eligible dependents, including a spouse or domestic partner.
• Long-Term Disability and Life Insurance.
• Employee Assistance Program.
• Retirement Plans: 401a - 10% of employee contribution with a 12% match by Sound Transit; 457b - up to IRS maximum (employee only contribution).
• Paid Time Off: Employees accrue 25 days of paid time off annually with increases at four, eight and twelve years of service. Employees at the director level and up accrue additional days. We also observe 12 paid holidays and provide up to 2 paid floating holidays and up to 2 paid volunteer days per year.
• Parental Leave: 12 weeks of parental leave for new parents.
• Pet Insurance discount.
• ORCA Card: All full-time employees will receive an ORCA card at no cost.
• Tuition Reimbursement: Sound Transit will pay up to $5,000 annually for approved tuition expenses.
• Inclusive Reproductive Health Support Services.
• Compensation Practices: We offer competitive salaries based on market rates and internal equity. In addition to compensation and benefits, you'll find that we provide work-life balance, opportunities for professional development and recognition from your colleagues.

GENERAL PURPOSE:

Under general direction, the Information Security Engineering Manager oversees and operates several essential Information Security functions including Security Engineering and information security tool management. The Information Security Engineering Manager's role is to lead and support service owners, system owners, and relevant stakeholders in ensuring their respective (or proposed) systems are compliant with the Agency's information security standards. In addition, the Information Security Engineering Manager supports the operations of several other functions of the Agency's Information Security Management System (ISMS).

ESSENTIAL FUNCTIONS:

The following duties are a representative summary of the primary duties and responsibilities. Incumbent(s) may not be required to perform all duties listed and may be required to perform additional, position-specific duties.

• Acts as Service Owner for related Information Security Engineering services of the Information Security business unit.
• Support Information Security Architecture and Security Operations services
• Manages personal for the Information Security Engineering components of the Information Security Division.
• Provides guidance to the technical professionals that comprise the Security Engineering functions of the Information Security Division
• Participates in the overall implementation of the agency's information security program, under the direction of the Chief Information Security Officer (or delegate), where appropriate.
• Participates in the creation of information security governance documents (policies, standards, baselines, guidelines, and procedures) under the direction of the Chief Information Security Officer (or delegate), where appropriate.
• Identifies and assesses technology-related risks to information security associated with prospective technology solutions; and recommends appropriate mitigating controls.
• Influences the design of any prospective technology solution for adherence to documented agency standards, policies, and regulatory responsibilities.
• Evaluates, implements, and supports security-focused tools and services required to support information security controls.
• Collaborates with other IT engineering and administration disciplines to ensure security best practices are incorporated into design, implementation and sustainment of systems and services within the agency.
• Consults with internal customers on risk assessment, threat modeling and mitigation of vulnerabilities
• Conducts security assessments, evaluates controls, and provide feedback to management and system owners on the design and effectiveness of control processes.
• Conducts regular security reviews of both software and processes. Reviews and creates threat models and recommends security enhancements consistent with information security strategy and evolving threats
• Participates in ongoing information security education, awareness, and outreach activities.
• Participate with information security incident investigation and response efforts, leading as needed.
• Participate with computer and network forensic investigations in support of incident response activities.
• Prepares regular reports on relevant metrics for different stakeholders.
• Coaches, manages, mentors, and develops staff.
• Focuses on keeping professional skills current.
• Keeps up to date on latest information security threats and countermeasures.
• Champions and models Sound Transit's core values and demonstrates values-based behaviors in everyday interactions across the agency.
• Contributes to a culture of diversity, equity and inclusion in alignment with Sound Transit's Equity & Inclusion Policy.
• It is the responsibility of all employees to follow the Agency safety rules, regulations, and procedures pertaining to their assigned duties and responsibilities, which could include systems, operations, and/or other employees.
• It is the responsibility of all employees to integrate sustainability into everyday business practices.
• Other duties as assigned.

MINIMUM QUALIFICATIONS:

Education and Experience: Bachelor's degree in Computer Science, Information Technology, Business Administration, Engineering, or closely related field. Five years of information technology experience with a focus on security engineering and operations, OR an equivalent combination of education and experience. Three years of leadership, budgetary, planning and workforce management experience.

Required Licenses or Certifications:

• Certified Information Systems Security Professional (CISSP), orobtain within 12 months of hire.

Preferred Licenses or Certifications:

One or more of the following certifications is strongly preferred:

• Certified Information Security Manager (CISM)
• Information Technology Infrastructure Library (ITIL)
• Certified Ethical Hacker (CEH)
• Certified Cyber Forensics Professional (CCFP)
• GIAC Certified Incident Handler (GCIH)

Required Knowledge and Skills:

• Strong command of ITIL core processes and principles.
• Strong command and experience with information security architecture and engineering principles
• General knowledge of the NIST 800 series standards, PCI DSS standard, and the ISO 27001/2 frameworks.
• Demonstrated work experience in a few of the following areas: Information Security, Security Architecture, Security Engineering, Security Operations and implementing best practices, tools and technology.
• Strong understanding of information technology and security controls.
• Strong understanding of and experience with security-related technologies, systems, and tools.
• Proven competency in the use of MS Office applications (Microsoft Project, Word, Excel, PowerPoint, and SharePoint)
• Strong team leadership and communicational (verbal/written) skills.
• Ability to work in highly collaborative environments.
• Strong workload prioritization and self-organization skills
• Strong project management skills.

Preferred Knowledge and Skills:

• Understanding of Cloud Computing environments (Microsoft Azure preferred).

Physical Demands / Work Environment:

• Work is performed in a hybrid office environment.
• This position is responsible for communicating with stakeholders, and using specialized security tools; may be subject to bending, hearing, sitting, standing, talking, seeing, and carrying and lifting 25 lbs or less.
• The Agency promotes a safe and healthy work environment and provides appropriate safety and equipment training for all personnel as required.

Sound Transit is an equal employment opportunity employer. No person is unlawfully excluded from employment action based on race, color, religion, national origin, sex (including gender identity, sexual orientation and pregnancy), age, genetic information, disability, veteran status or other protected class.