Cyber Security Compliance & Audit Manager
Apply NowCompany: New Jersey Transit
Location: Newark, NJ 07104
Description:
Cyber Security Compliance & Audit Manager
Information Technology
Move forward with us! At NJ TRANSIT, you'll join us in transforming the third-largest transportation agency in North America. We are committed to delivering safe, reliable service that gets customers to their destinations on timeand we're looking to hire talented folks with a commitment to excellence to make it all possible.
Summary
The Manager position will monitor, enforce, and drive continuous improvement around information security, compliance and risk governance.Manager will also help to develop a master control list, including clearly written failure points and testing procedures that effectively address the risks, controls and compliance issues
Roles and Responsibilities
Partner with procurement on the 3rd party risk management program
Work across multiple business units in an audit, partnership, and compliance role
Act as the primary contact between technical teams, internal and external auditors; compiling and preparing artifacts
Assist with documenting and regularly reviewing security policies, processes and procedures.
Updates security tools for logging /monitoring and increasing coverage of existing tools.
Performs risk analysis for corporate functional and technical areas relevant to data security.
Collaborate with systems administrators to configures, implement, monitor, and support security software/systems that will help ensure compliance with regulatory, industry, and corporate policies and procedures. This includes but is not limited to IDS/IPS (Host/Network/Wireless), secure file transfer, data loss prevention DLP, Full Disk encryption, firewall rule assessments, log management/correlation, secure password storage/retrieval, Application Whitelisting, vulnerability management, etc.
Ensures security best practices are identified and integrated into all facets of the project including network, system designs/configuration, and implementations.
Identifies and recommend potential areas where existing data security policies and procedures require change, or where a supplement is required to mitigate key security risks. Partner with various business units to enhance security policies/procedures.
Facilitates penetration testing and audit participation, where applicable.
Recommend and enforce technical service level standards and procedures for data security.
Establish alternative security measures to allow for business continuity while protecting the company's assets.
Executes programs for user awareness, compliance monitoring, and security compliance; maintaining information security devices and software; monitoring compliance procedures; and resolving security policy issues.
Performs other duties as assigned.
This Position Supervises
Cyber Security Lead Developers
Cyber Security Analysts
Education, Experience and Qualifications
Bachelor's degree in computer science from an accredited college in computer or similar related field, and/ or 4 years of information security related experience, in areas such as information security audit, security operations, incident analysis, incident handling, and vulnerability management or testing, system patching, log analysis, intrusion detection, firewall administration and/or network and host security technologies and products (such as firewalls, Network IDS, log correlation).
One year of closely related experience can be substituted for each year of education required.Professional Security and Risk Certification(s) certification required within 6 months of hire, for example: (CISSP, CISM, CRISC, CSX).Experience with applying security frameworks within the Software Development Life Cycle using both waterfall and agile methodologies. Information technology project management experience using security concepts for technology systems (for example the OSI model, etc.).
Knowledge and Skills
Demonstrated knowledge of Project Portfolio Management techniques and best practices. Demonstrated experience of any of the following: System Administration, Network Design, or Application Design within a Unix, Linux or Windows environment.
Demonstrated Knowledge of security standards and compliance programs using ISO 27001/2 series, NIST 800-53, SOX, PCI-DSS and COBIT).
Demonstrated ability to lead small teams performing technical work.Familiarity with IT audits and risk assessments.Experience in reviewing SOC 1&2 report.
Excellent Leadership Skills, Critical Thinking and Decision Making.
Excellent Communication Skills, with the ability to document and present technical information to a non-technical audience.Ability to work on tasks with minimal supervision, with attention to detail and meeting deadlines.Proficient in the MS Office Suite, Outlook & similar Internet applications
1 to 3 years supervisory experience
Certificates, Licenses, Registrations
N/A
Working Environment
Office Environment
Physical Demands
None
Other Conditions
None
At NJ Transit you will enjoy a competitive salary and excellent benefit package:
At NJ TRANSIT, diversity and inclusivity are vital to our success as are committed to hiring individuals from diverse backgrounds, experiences, abilities, and veteran status. As an Equal Opportunity Employer, we encourage all qualified applicants to apply and join our team.
Learn more about NJ TRANSIT! Sign up to receive an invitation to our next live information session at WWW.NJTRANSIT.COM/BEST
Information Technology
Move forward with us! At NJ TRANSIT, you'll join us in transforming the third-largest transportation agency in North America. We are committed to delivering safe, reliable service that gets customers to their destinations on timeand we're looking to hire talented folks with a commitment to excellence to make it all possible.
Summary
The Manager position will monitor, enforce, and drive continuous improvement around information security, compliance and risk governance.Manager will also help to develop a master control list, including clearly written failure points and testing procedures that effectively address the risks, controls and compliance issues
Roles and Responsibilities
Partner with procurement on the 3rd party risk management program
Work across multiple business units in an audit, partnership, and compliance role
Act as the primary contact between technical teams, internal and external auditors; compiling and preparing artifacts
Assist with documenting and regularly reviewing security policies, processes and procedures.
Updates security tools for logging /monitoring and increasing coverage of existing tools.
Performs risk analysis for corporate functional and technical areas relevant to data security.
Collaborate with systems administrators to configures, implement, monitor, and support security software/systems that will help ensure compliance with regulatory, industry, and corporate policies and procedures. This includes but is not limited to IDS/IPS (Host/Network/Wireless), secure file transfer, data loss prevention DLP, Full Disk encryption, firewall rule assessments, log management/correlation, secure password storage/retrieval, Application Whitelisting, vulnerability management, etc.
Ensures security best practices are identified and integrated into all facets of the project including network, system designs/configuration, and implementations.
Identifies and recommend potential areas where existing data security policies and procedures require change, or where a supplement is required to mitigate key security risks. Partner with various business units to enhance security policies/procedures.
Facilitates penetration testing and audit participation, where applicable.
Recommend and enforce technical service level standards and procedures for data security.
Establish alternative security measures to allow for business continuity while protecting the company's assets.
Executes programs for user awareness, compliance monitoring, and security compliance; maintaining information security devices and software; monitoring compliance procedures; and resolving security policy issues.
Performs other duties as assigned.
This Position Supervises
Cyber Security Lead Developers
Cyber Security Analysts
Education, Experience and Qualifications
Bachelor's degree in computer science from an accredited college in computer or similar related field, and/ or 4 years of information security related experience, in areas such as information security audit, security operations, incident analysis, incident handling, and vulnerability management or testing, system patching, log analysis, intrusion detection, firewall administration and/or network and host security technologies and products (such as firewalls, Network IDS, log correlation).
One year of closely related experience can be substituted for each year of education required.Professional Security and Risk Certification(s) certification required within 6 months of hire, for example: (CISSP, CISM, CRISC, CSX).Experience with applying security frameworks within the Software Development Life Cycle using both waterfall and agile methodologies. Information technology project management experience using security concepts for technology systems (for example the OSI model, etc.).
Knowledge and Skills
Demonstrated knowledge of Project Portfolio Management techniques and best practices. Demonstrated experience of any of the following: System Administration, Network Design, or Application Design within a Unix, Linux or Windows environment.
Demonstrated Knowledge of security standards and compliance programs using ISO 27001/2 series, NIST 800-53, SOX, PCI-DSS and COBIT).
Demonstrated ability to lead small teams performing technical work.Familiarity with IT audits and risk assessments.Experience in reviewing SOC 1&2 report.
Excellent Leadership Skills, Critical Thinking and Decision Making.
Excellent Communication Skills, with the ability to document and present technical information to a non-technical audience.Ability to work on tasks with minimal supervision, with attention to detail and meeting deadlines.Proficient in the MS Office Suite, Outlook & similar Internet applications
1 to 3 years supervisory experience
Certificates, Licenses, Registrations
N/A
Working Environment
Office Environment
Physical Demands
None
Other Conditions
None
At NJ Transit you will enjoy a competitive salary and excellent benefit package:
- Comprehensive Family Health Insurance Medical, Prescription, Dental, Vision
- Flexible Spending Account
- Life Insurance
- Paid Leave
- Tuition Assistance
- Pre-Tax Commuter BenefitsPlan
- Retirement Plans
- 401(a) - Retirement plan with a 6% employer contribution
- 401(k) - Retirement saving plan with up to an 3% company match
- 457(b) - Deferred Savings Plan
At NJ TRANSIT, diversity and inclusivity are vital to our success as are committed to hiring individuals from diverse backgrounds, experiences, abilities, and veteran status. As an Equal Opportunity Employer, we encourage all qualified applicants to apply and join our team.
Learn more about NJ TRANSIT! Sign up to receive an invitation to our next live information session at WWW.NJTRANSIT.COM/BEST