Assistant Director, Business Information Security Officer

METROLINK
Los Angeles, California United States  View Map
Posted: Dec 20, 2024
  • Salary: $126,185.00 - $195,588.00 Annually USD
  • Full Time
  • Clerical and Administrative Support
  • Information Technology and Communication Services
  • Job Description

    SUMMARY

    PURPOSE OF POSITION

    The Southern California Regional Rail Authority (SCRRA), operator of the METROLINK Commuter Rail System, is seeking a Assistant Director, Business Information Security Officer, who will understand the key assets and processes, identify and evaluate risks and controls, and suggest incremental controls or risk mitigation strategies where necessary. Additionally, the Assistant Director, Business Information Security Officer will ensure business compliance with Information Security Policies and Standards while continuously monitoring and reporting on risks and documented exceptions. The Assistant Director, Business Information Security Officer helps the business achieve their objectives while not compromising the security posture. The Assistant Director, Business Information Security Officer will work under the general direction of SCRRA’s Chief Technology Officer, and the position will collaborate with internal and external auditors to ensure compliance with SCRRA’s cyber security procedures and industry standards.

    WHAT TO EXPECT: This recruitment will have a review of applications on January 13, 2025. Interested applicants are encouraged to apply immediately.

    DISTINGUISHING CHARACTERISTICS

    This job description is not part of a job series.

    SUPERVISION EXERCISED AND RECEIVED
    • Receive general oversight from executive level management.
    • This position will have no direct reports.


    ESSENTIAL DUTIES AND RESPONSIBILITIES

    The duties listed below are intended to describe the general nature and level of work being performed and are not to be interpreted as an exhaustive list of responsibilities.

    • Lead, develop, and implement SCRRA-wide or large-scale business unit information and operational technology security strategies, programs, plans, programs, policies, and procedures designed to protect the integrity and security of the SCRRA network, data resources, operations, and other information assets in accordance with SCRRA policies and industry standards.
    • Develop and maintain in-depth understanding of region/business unit processes, systems, technologies, data, customers, consumers, partners.
    • Evaluate the overall technology portfolio for adherence to security policies and procedures for all SCRRA corporate and operational systems (e.g. positive train control (PTC)).
    • Coordinate auditing and compliance and certification requirements.
    • Leads cyber security training program for the agency, consumers, and partners as needed.
    • Act as the key security resource for the IT leadership and the IDTS Business Partners and other local personnel.
    • Partner with all Departments to achieve effective working relationships that can further the effectiveness of the Security program.
    • Lead development of the Information Security Policies and Standards throughout the agency.
    • Lead implementation of cyber security solutions required to meet business objectives.
    • Review and audit technical implementations of physical security solutions required to meet business objectives.
    • Lead information security operations in partnership with all departments.
    • Proactively identify noncompliance and areas of potential improvement, and issue corrective actions to department manager.
    • Engage with clients and customers as needed to assist the business to achieve its objectives by representing our security program, supporting internal and external audits, assisting in customer communication of security incident, etc.).
    • Participate in region/business unit related conferences, client facing engagement, industry forums to represent the Cyber Security program.
    • Provide regular and timely reporting on the status of cyber security throughout the agency.
    • Provide escalation path for security issues, incidents and inquiries.
    • Review work of the Security Incident Response and Crisis Management teams to ensure effectively driving incidents to acceptable resolution; assist with investigations as needed.
    • Provide Cyber Security Guidance for agency personnel.
    • Drive remediation activities throughout the agency.
    • Work with the Compliance and Information Risk Management team to drive policy and regulatory compliance.
    • Responsible for the PCI-DSS annual compliance submission requirement and develop monitoring program to ensure SCRRA is PCI compliant.
    • Performs other related duties as assigned.


    MINIMUM REQUIREMENTS TO PERFORM ESSENTIAL JOB FUNCTIONS

    Education and Experience
    • Bachelor’s degree in computer science, Information Systems, Cybersecurity, Auditing or a related field.
    • A minimum of seven (8) years of relevant experience.
    • A combination of training, education and or experience that provides the required knowledge, skills and abilities may be considered when determining minimum qualifications. Advanced relevant coursework may also substitute for a portion of required experience.
    • Valid Class C Driver's License with a satisfactory driving record of no more than three moving violations and no DUI's within the last three years.


    PREFERRED QUALIFICATIONS
    • A minimum of five (5) years of experience in business security policy development, metrics capture, and analysis and system authorization.
    • Certification pertaining to information security and data privacy protection (CISSP, CISA, CRISC, CISM, CEH, etc.)
    • Experience in compliance, government or financial industry.
    • Experience in the design and implementation of information security programs.
    • Knowledge and experience with security and governance frameworks: SSAE-18 (SOC-2), HIPPA, PCI-DSS, ISO27991, NIST, Fedramp.


    Knowledge, Skills, and Abilities

    Knowledge of :
    • Advanced level understanding of business theory, business processes, management, and business operations.
    • Advanced level understanding of planning, organizing, and developing Information Technology security and physical security system technologies.
    • Extensive experience in enterprise security document creation.
    • Experience in designing and delivering employee security awareness training.
    • Experience in developing Business Continuity Plans and Disaster Recovery Plans.
    • Strong understanding of IP, TCP/IP, and other network administration protocols.
    • Expert level understanding of key network and technical security controls.
    • Security best practices including experience with NIST 800-53, ISO27001 and PCI DSS.P

    Skilled in :
    • Applying IT in solving security problems.
    • Setting and managing priorities.
    • Executive level presentations.
    • Maintaining interpersonal relationships.

    Ability to :
    • Analyze and solve problems.
    • Apply organizational information security policies at a business unit level.
    • Develop conceptual frameworks and apply sound principles for the secure operation of SCRRA technology resources.
    • Define and develop security strategy and roadmaps.
    • Facilitate cross-functional team meetings and build consensus.
    • Understand business needs and work collaboratively with business stakeholders and team members.
    • Implement and manage the administration of relevant security systems and solutions.
    • Recommend and implement changes in security policies and practices in accordance with changing needs.
    • Promote and oversee strategic security relationships between internal resources and external entities, including other government agencies, vendors, and partner organizations.
    • Communicate effectively, both orally and in writing.
    • Maintain, and accurately complete records.
    • Establish and maintain effective working relationships with supervisors, fellow employees, and the public


    SUPPLEMENTAL INFORMATION

    Working Conditions

    Position requires work in a normal office environment with little exposure to excessive noise, dust, or temperature. Work may also be conducted in outdoor environments, at construction sites, Railroad Track and Right-of-Way environments, and warehouse environments, with possible exposure to individuals who are hostile or irate, moving mechanical parts, and loud noises (85+ decibels, such as heavy trucks, construction, etc.)

    SUPPLEMENTAL INFORMATION

    Selection Process:

    Following a review of applications and resumes, the most highly qualified candidates will be invited to continue in the selection process. Eligible applicants will be notified of the exact time and place of assessments and interviews. Candidates will be interviewed to determine their relative knowledge, skills, and abilities in job-related areas. Offers of employment may be contingent upon successful completion of a reference check(s), including degree verification and criminal records check provided through SCRRA. Internal Candidates: Employees with active discipline as defined in the HR Policy No. 5.3 Positive Discipline Program and/or with performance that does not meet the standard for "meets expectations" as defined in the Performance Planning and Appraisal Process may be precluded from consideration and placement in the position.

    Southern California Regional Rail Authority is an Equal Opportunity Employer. In compliance with the Americans with Disabilities Act, the Authority will provide reasonable accommodations to qualified individuals with disabilities and encourage prospective and current employees to discuss potential accommodations with the employer.

    The SCRRA is an Equal Opportunity Employer. EEO/ADA

    MEDICAL:
    SCRRA offers a choice of twelve (12) health plan options provided through the California Public Employees' Retirement System (CalPERS). You may choose from up to ten (10) Health Maintenance Organization (HMO) plans and two (2) Preferred Provider Organization (PPO) plans. Some health plans are only available in certain counties and/or zip codes.

    You contribute 12.5 percent of the plan premium for coverage of you and your eligible dependents.

    You may waive coverage if you are covered under another group health plan; you must provide proof. Once you waive coverage, you will only be allowed to enroll during Open Enrollment or within 60 days from the date on which your other coverage is no longer available (proof is required). If you elect to waive coverage, you will receive $300.00 per month taxable earnings, paid in two installments of $150 each on the first two paychecks of the month. A retiree or an employee who is a spouse, child, or any other eligible dependent of another SCRRA employee is not eligible for the opt out/cash in lieu credit if he/she is covered under a SCRRA health plan.

    Eligibility begins the first of the month following hire date or qualifying event.

    DENTAL:
    SCRRA offers two dental options provided by Delta Dental. Under the DeltaCare (HMO) program, you must select a contract dentist within their network to perform your dental services. If you require treatment from a specialist, your contract dentist will handle the referral. Many services are covered at no cost to you. A co-payment applies for other services.

    The Delta Dental PPO plan allows you to visit a dentist of your choice, change dentists at any time, go to a dental specialist of your choice, receive dental care anywhere in the world, and save on out-of-pocket expenses when you visit a PPO network dental office.

    SCRRA pays the full premium for coverage of you and your eligible dependents under both plans.

    Eligibility begins the first of the month following hire date or qualifying event.

    VISION:
    SCRRA offers two (2) vision plans through Vision Service Plan (VSP), providing coverage for eye examinations, prescription eyewear and contact lenses through network providers. You have the option of seeing out-of-network providers, but full reimbursement is not guaranteed.

    VSP has contracted with many laser surgery facilities and doctors, offering you a discount on PRK and LASIK surgeries.

    If you enroll in the VSP Basic Plan, SCRRA pays the full premium for coverage of you and your eligible dependents. If you enroll in the VSP Buy-up Plan, which offers enhanced vision benefits, you pay the difference between the cost of the Basic Plan and the Buy-up Plan.

    Eligibility begins the first of the month following hire date or qualifying event.

    FLEXIBLE SPENDING ACCOUNTS:
    Flexible Spending Accounts (FSA) allow for the deferral of pre-tax dollars to be used for reimbursement of eligible medical and dependent care expenses. You can set aside up to $3,050 for health care expenses and $5,000 per family for dependent care expenses annually.

    Eligibility begins the first of the month following hire date or a qualifying event.

    GROUP TERM LIFE INSURANCE:
    SCRRA provides for an amount equal to one (1) time your annual salary, rounded to the nearest $1,000, to a maximum of $200,000. Your life insurance benefit will reduce to 65% at age 65 and 55% at age 70.

    IRS regulations require that the portion of Group Term Life (“G.T.L.”) insurance benefits provided to you by SCRRA, which exceeds $50,000, be added to your Federal, State, and Medicare taxable earnings for W-2 reporting. This amount is reflected on your pay statements each pay period in the “Other Benefits and Information” section.

    In addition, SCRRA offers a voluntary plan, which may be purchased in increments of $10,000 to a maximum of $100,000 without evidence of insurability (initial enrollment period only) and up to 5 times your salary to a maximum of $500,000 with evidence of insurability. Dependent life options are also available. The voluntary plan is portable; you may retain it if you leave SCRRA and pay the premium.

    Eligibility begins the first of the month following hire date or qualifying event.

    ACCIDENTAL DEATH & DISMEMBERMENT:
    SCRRA provides for an amount equal to one (1) time your annual salary, rounded to the nearest $1,000, up to a maximum of $200,000. Your AD&D insurance benefit will reduce to 65% at age 65 and 55% at age 70. In addition, SCRRA offers a voluntary plan, which may be purchased in increments of $10,000, subject to a maximum of the lesser of 5 times your annual salary or $500,000. Dependent AD&D options are also available.

    Eligibility begins the first of the month following hire date or qualifying event.

    SHORT TERM DISABILITY:
    You are covered under the California State Disability Insurance (SDI) Program. Your maximum benefit amount is 52 times your weekly benefit amount or the total wages subject to SDI tax paid in your base period, whichever is less. Employees pay a mandatory contribution, through payroll deductions, for coverage under the SDI program. The contribution rate for 2023 is 0.9 percent of earnings. The SDI taxable wage limit is $153,164, with a maximum withholding of $1,378.48 per employee for calendar year 2023.

    LONG TERM DISABILITY :
    SCRRA provides for income replacement of 60 percent of monthly earnings subject to a maximum benefit of $7,500 per month up to age 65. To qualify, you must be on disability for 90 days. (Note: there is a pre-existing condition clause in this program.)

    Eligibility begins the first of the month following hire date or qualifying event.

    VOLUNTARY BENEFITS:
    SCRRA offers the following employee-paid voluntary benefits, provided by Aflac:
    • Group Accident Insurance helps pay for out-of-pocket costs that arise from covered accidents, such as fractures, dislocations, and lacerations.
    • Group Critical Illness Insurance helps pay for the expected and unexpected expenses that arise from diagnosis of a covered critical illness, such as cancer (internal or invasive), heart attack, stroke, end-stage renal failure or a major organ transplant.
    • Group Hospital Indemnity Insurance helps pay for the out-of-pocket costs associated with a hospital stay, including benefits for hospital confinement, hospital admission, hospital intensive care and intermediate intensive care step-down unit.
    • Group Short-Term Disability Insurance pays a monthly benefit directly to an employee who is off work due to an injury or illness for up to three (3) months after a seven (7) day waiting period.

    Eligibility begins the first of the month following hire date or qualifying event.

    9/80 ALTERNATIVE WORK SCHEDULE:
    SCRRA offers a 9/80 Alternative Work Schedule (AWS). During a 10-day work period, you work eight 9-hour days, one 8-hour day and have one day off. Your day off can be Monday, Wednesday, or Friday. Approval from your supervisor, chief and HR is required to participate in the 9/80 AWS program.

    TELECOMMUTING SCHEDULE:
    SCRRA offers employees the option to telecommute up to two (2) days per week. At the CEO’s discretion, the maximum number of days per week may be increased due to a natural disaster, pandemic, civil unrest, federal/state/local stay-at-home order, or other special circumstances. Approval from your supervisor, chief and HR is required to participate in the telecommuting program. Employees on a 9/80 schedule cannot telecommute.

    HOLIDAYS:
    SCRRA observes twelve (12) holidays a year: New Year's Day, Martin Luther King Day, President’s Day, Cesar Chavez Day, Memorial Day, Juneteenth, Independence Day, Labor Day, Veterans Day, Thanksgiving Day, Day after Thanksgiving, and Christmas Day.

    PAID TIME OFF (PTO):
    SCRRA provides employees with Paid Time Off (PTO) for vacations, illnesses, injuries, medical/dental appointments, religious holidays, personal business, and emergencies as follows:

    0-4 years of service - 25 days
    5-6 years of service - 30 days
    7th year of service - 32 days
    8th year of service - 33 days
    9th year of service - 34 days
    10-14 years of service - 35 days
    15-19 years of service - 38 days
    20 or more years - 42 days

    At the CEO’s discretion, prior service at a public transportation or public agency, or rail transportation company may be counted towards an employee’s total service years to increase the employee’s PTO accrual rate. To be considered, Human Resources requires that a written request along with verification and confirmation of the years of service be provided prior to the start of employment with SCRRA. Human Resources will provide the final determination on behalf of the CEO.

    EMPLOYEE ASSISTANCE PROGRAM (EAP):
    SCRRA offers you and your immediate and dependent family members confidential counseling 24 hours a day, 7 days a week for family, personal, work-related and substance abuse issues through the EAP. You are entitled to a telephone session(s) with a trained EAP professional to assess the nature of the problem and provide a referral for additional assistance, if needed. Services also include three (3) face-to-face counseling sessions per family member per six (6) month period.

    HEALTH ADVOCACY SERVICES:
    SCRRA offers you and your eligible dependents free health advocacy services through Health Advocate. You are entitled to unlimited calls with trained professionals who can help you navigate the healthcare and insurance systems.

    RETIREMENT PLAN:
    The SCRRA contracts with the California Public Employees' Retirement System (CalPERS). You pay a 7.00 percent employee contribution and SCRRA pays an employer contribution, which varies each year. To be eligible for service retirement, you must be at least age 52 and have a minimum of five (5) years of CalPERS-credited service. Upon retirement you are entitled to a monthly retirement benefit based on your years of credited service, age, and average compensation during your last three (3) years of service (“final compensation”). The retirement formula for New Members is 2%@62, which means at age 62, you receive 2 percent of your final compensation for every year of service.

    Upon separation from employment with less than 5 years of credited service, you may request a refund of your employee contributions only, including interest, and end your membership with CalPERS, or leave it in your account and retain your service credit should you decide to work for another CalPERS-covered agency. If you are vested upon separation but do not retire, you may leave your contributions in your account until retirement or elect a refund.

    SOCIAL SECURITY:
    You do not participate in Social Security except for Medicare. You will contribute 1.45 percent of your pay to cover the hospital insurance portion of Medicare.

    *Additional Medicare Hospital Insurance Tax: As of January 1, 2013, employees are required to pay an additional 0.9 percent Medicare tax on earnings above $200,000 (for those who file an individual return) or $250,000 (for those who file a joint return). This additional hospital insurance tax is not reflected in the rate above.

    RETIREE MEDICAL:
    Unrepresented employees hired before 11/1/18*: You will be eligible for medical coverage when you retire if your separation date and retirement date are within 120 days of each other. SCRRA pays the same amount for retirees as it does for active employees, which is currently 87.5 percent of the applicable premium.

    Unrepresented employees hired on or after 11/1/18: You will be eligible for medical coverage when you retire if your separation date and retirement date are within 120 days of each other and you have a minimum of 10 years of credited CalPERS service, five of which must be performed at SCRRA. SCRRA pays a percentage of the state annuitant contribution rate** in accordance with the vesting schedule below:

    10 Years of CalPERS Service - 50%
    11 - 19 Years of CalPERS Service - 50%, plus 5% for each additional year of service
    20+ Years of CalPERS Service - 100%

    *Once each year the employer may allow unrepresented employees hired before 11/1/18 the opportunity to individually elect to be subject to the vesting schedule.

    **The state annuitant contribution rates for 2023 are: $883 (Retiree Only); $1,699 (Retiree + 1 Dependent); $2,124 (Retiree + Family).

    DEFERRED COMPENSATION PLAN (457) :
    You are eligible to set aside a portion of your current income without paying taxes on that money until it is received later during retirement when taxes may be lower. In 2023, you can defer up to 100 percent of your gross compensation or $22,500 annually, whichever is less (“normal contribution limit”). You may make an additional $7,500 contribution to the plan if you are age 50 and older. If you are at least within three years of the age in which you are eligible to receive unreduced benefits under our CalPERS retirement plan, you may contribute up to double the normal contribution limit, or $45,000.

    TRANSPORTATION PASSES:
    You may use your employee badge for unlimited free access to all Metrolink lines and trains. Your badge cannot be used on connecting public transportation. However, if you commute to/from work on Metrolink on a regular basis and need to connect to other public transportation (e.g., Metro Red or Purple Line) you can be issued a Metrolink pass with the appropriate station pair, which will also give you access to connecting transportation.

    You are also eligible to receive a free transit pass to ride any greater Los Angeles area transit system other than Metrolink (such as, Metro, Foothill Transit, LADOT, and LOSSAN) for commuting purposes. The commuter transit pass has a value up to the monthly maximum tax-free transit pass amount established by the Internal Revenue Service ($300 in 2023). You are responsible for any transit fares above the IRS monthly cap. To receive this benefit, the SCRRA requires each employee to use public transportation to commute to and from work three (3) or more days per week.

    OTHER BENEFITS:
    Educational Assistance - SCRRA will reimburse an employee up to $1,000 per fiscal year for tuition, books and mandatory student fees for courses that are relevant to employment. No reimbursement is allowed for parking.

    Professional Memberships - SCRRA pays up to $300 per year for professional memberships.

    Credit Union Membership - SCRRA offers credit union services for employees and their family members, provided by Northrup Grumman Federal Credit Union.

    Jury Duty - SCRRA will continue an employee's salary during any non-voluntary jury service up to a maximum of ten (10) working days.

    Pregnancy Disability and Family and Medical Leaves - A leave of absence may be paid or unpaid and shall be granted in accordance with applicable federal and state laws, and SCRRA policy. Refer to the Human Resource Policies and Procedures Manual for more detailed information.

    Bereavement Leave - In the event of death in an employee’s immediate family, the agency grants up to three (3) working days, with pay, to handle family affairs and to attend the funeral. When an employee needs to travel outside the radius of the five (5) member agencies due to the death of an immediate family member, the Authority grants up to five (5) working days, with pay.

    Military Leave - Employees will be paid for the annually required active period. At the discretion of the Chief Executive Officer, and with Board notification, paid military leave may be granted beyond what is provided by the applicable state law.

    Closing Date/Time: 1/10/2025 11:59 PM Pacific
  • ABOUT THE COMPANY

    • Metrolink
    • Metrolink

    Metrolink is proud to serve as the LINK between six Southern California counties with safe, seamless and reliable transportation and connectivity. By reducing 9.2 million car trips annually, Metrolink has proven to be an effective solution, taking pressure off freeways and reducing gridlock.

    JOIN OUR TEAM

    With a shared purpose and commitment to excellence, we strive to motivate and challenge our employees to explore the limits of their potential. We promote a culture of innovation, safety, team-work, collaboration, and respect. We strongly encourage candidates from diverse backgrounds,skills and experiences and actively eliminate disparities through inclusive hiring practices, that acknowledge the contributions and potential of all candidates.

    Advancing the well-being of our riders, our communities, and our planet, one ride at a time.

    Metrolink is Southern California’s regional passenger rail service. As a leader in sustainable transportation and a force for equity and economic prosperity, we work hard every day to make our region more accessible by train. We improve the quality of life for all of our communities by empowering riders to choose how they travel and connecting people to greater opportunity and new experiences. As a result, our riders get where they need to go without worrying about access to transportation or sitting in traffic. Metrolink counts nearly 12 million annual boardings, removes an estimated 9.3 million vehicles from the road and reduces greenhouse gas emissions by 130,000 metric tons with our fleet of Tier 4 clean technology locomotives each year.

    WHAT'S IT LIKE WORKING AT METROLINK?

    Our employees stand at the very heart of our success – they devote their ideas, creativity, knowledge and entrepreneurial spirit to ensuring a great customer experience. We support and develop our employees through targeted, customized, professional development and a healthy work-life balance, a culture focused on innovation and connecting people to opportunity.

    Show more

MORE JOBS

  • Accounts Receivable Clerk - CHS (Prescott)

    • Prescott, Arizona
    • Yavapai County
    • Dec 20, 2024
    • Full Time
    • Accounting and Finance
    • Clerical and Administrative Support
  • NCAA Initial Eligibility and Admissions Specialist (Student Services Professional III)

    • San Diego, California
    • San Diego State University
    • Nov 09, 2024
    • Clerical and Administrative Support
    • Education and Training
    • Information Technology and Communication Services
  • DATABASE ADMINISTRATOR

    • Los Angeles, California
    • LOS ANGELES COUNTY
    • Dec 13, 2024
    • Full Time
    • Information Technology and Communication Services
  • Temporary Faculty Pool, Communication-Advertising/Public Relations

    • Carson, California
    • Cal State University (CSU) Dominguez Hills
    • Jul 14, 2024
    • Community Relations or PR and Marketing
    • Parks and Recreation
    • Other
  • ASSISTANT PROGRAM SPECIALIST, PHN

    • Los Angeles, California
    • LOS ANGELES COUNTY
    • Nov 20, 2024
    • Full Time
    • Accounting and Finance
    • Project Management
  • Integration Developer (Temporary)

    • Hayward, California
    • Cal State University (CSU) East Bay
    • Sep 24, 2024
    • Information Technology and Communication Services
    • Other
Show More
Apply Now Please mention you found this employment opportunity on the CareersInGovernment.com Job Board.
Please mention you found this employment opportunity on the CareersInGovernment.com Job Board.