The Information Security Manager (ISM) is responsible for leading, developing and implementing Agency-wide and department information security strategies, plans, programs, policies and procedures designed to protect the integrity and security of MTS data resources, operations and other information assets in accordance with MTS policies and industry standards. The ideal candidate will have a well-rounded technical background with demonstrated success in network operations for a government agency with experience in cyber security issues.
The ISM will take a central role in promoting a culture of information security throughout the Agency to ensure the Agency has the protections and controls to effectively ensure the Confidentiality, Integrity and Availability (CIA) of information resources. The ISM will serve a critical role in optimizing the Agency's security posture to protect information resources from attack, theft, damage or unauthorized access.
EXAMPLES OF DUTIES:
Leads and manages the development of information security strategies and plans to prevent the unauthorized use, release, modification, loss or destruction of data and other information assets, while balancing this with the ease of staff and stakeholder access to sensitive information and the efficient use of computer systems.
Facilitates the involvement of key stakeholders in plan development processes designed to assess the business impacts of various security approaches and develop security plans that balance security needs and business operational requirements, stakeholders and team members.
Leads and participates in plan development tasks, including conducting risk assessments; evaluating security management options; developing procedures and protocols, including designating and training of primary and backup recovery teams; develops and implements comprehensive communications plans and tools.
Conducts risk assessments to identify vulnerabilities and develop appropriate methods for avoiding or mitigating potential risk; analyzes, develops, recommends, plans, oversees and participates in implementation and monitors the effectiveness of the agency's security architecture.
Develops, recommends, implements, monitors and enforces all information security programs, policies and procedures; advises on information security issues and works with MTS and departmental management, audit staff and others to assess and agree on practices and protocols to provide optimal levels of protection for the Agency's information assets and operating processes.
Meets with departmental managers to facilitate and assist in managing implementation of business process changes, management of information assets, information technology changes and other issues involved in avoiding or minimizing potential risks to Agency information assets.
Leads and works with staff to integrate advanced protection methodologies with the Agency's systems and network, hardware and software infrastructure; works with staff to secure development and production environments; ensures security patches and configuration changes are effected in a timely manner; ensures ongoing use of monitoring and detection techniques to verify that security measures are functional and enforced; coordinates the implementation of periodic, comprehensive system security audits.
Develops appropriate security incident notification procedures for MTS and departmental management; coordinates investigations of security compromises with MTS management, outside auditors, consultants and appropriate law enforcement agencies when warranted by the nature of the intrusion or compromise.
Conducts routine and periodic unannounced security inspections and audits systems administration processes to ensure sound control systems are in place for the granting of user access and privileges and to ensure the timely removal of access for employees leaving MTS employment.
Develops and/or leads development of broad-scale testing plans and exercises to ensure organizational capability to implement business continuity plans in the event of a variety of emergencies; conducts audits of detailed plans and planning processes to ensure accountability for keeping plans up to date; regularly examines and updates plans and disaster scenarios.
Conducts annual and other periodic information security management training for Information Technology and MTS staff.
Monitors trends and developments in information security technologies; consults with vendors and other sources on industry and product functionality and capabilities.
Provides comprehensive reports of all events, incidents and breaches to MTS management.
Duties May Include, But Are Not Limited To, The Following:
Performs other duties as assigned.
Knowledge, Skills and Abilities
Knowledge of or ability to learn MTS policies and regulations; ability to read, understand and apply MTS policies, regulations and union labor contracts; ability to write letters, memoranda and reports using clear, concise and grammatically correct English; ability to speak clearly, distinctly and effectively in person-to-person or small group situations using tact and diplomacy; ability to initiate, coordinate and negotiate sharing of tasks to achieve goals; ability to coordinate and initiate actions necessary to implement decisions and delegate responsibilities to appropriate personnel; ability to establish and maintain priorities in order to complete assignments by deadlines without detailed instructions; skill in verifying the accuracy and completeness of forms and reports; knowledge of enterprise resource planning software, Microsoft Word, Excel and PowerPoint, as well as the ability to learn and use other software that MTS might have or acquire; technically proficient in information security controls and concepts; demonstrate an in-depth knowledge of information security risks and industry best practices; broad business acumen;, strong conceptual thinking and planning skills; exceptional interpersonal and consultative management competencies; vigilance in monitoring and detecting risks and taking prompt, appropriate, decisive action to resovle problems; ability to develop conceptual frameworks and apply state-of-the-art approaches and technology to the development, management and administration of information security systems and protocols; ability to serve as an effective facilitator and consensus builder with multiple stakeholders of diverse views and needs; ability to understand, interpret, explain and apply MTS, state, and federal policies, laws and regulations; ability to represent MTS effectively in meetings on a variety of information security issues with key internal and external stakeholders including law enforcement agencies; ability to exercise tact and diplomacy in dealing with sensitive, complex and confidential issues and situations; and ability to maintain the confidentiality of Agency-wide information asset.
Principles, practices, methods, tools and techniques of information security, including systems security products and methodologies, applicable to both the enterprise infrastructure and its applications and data management systems and to public access computer systems.
Network architectures, theory and principles of network design and integration, including topologies and protocols.
Operating system architecture, characteristics, commands and components applicable to MTS and departmental system platforms.
Principles, practices and methods of systems/networks and database administration and maintenance.
MTS ordinances, codes, procedures and practices regarding areas of assigned information security responsibility.
Principles, practices, methods and techniques of business continuity planning and continuity management applicable to an IT service organization.
The successful candidate must be able to fulfill the physical demands of the job such as walking, stooping, sitting, bending, reaching for overhead files and occasional lifting (must be able to lift up to 15 pounds). Must be able to operate a motor vehicle and perform tasks involving manual dexterity, such as use of a computer and 10-key. Work will at times require more than 8 hours per day or an irregular work week to perform the essential duties of the position. Duties will be performed primarily in an office type environment and may require travel to external locations and agencies.
Possess a bachelor's degree from an accredited college or university in Computer Science, Information Systems, Cybersecurity, Public Administration, Risk Management or a related field. A master's degree is highly desirable, but not required. Active IT Security certifications, including any of the following, are highly desired:
Certified Information Systems Security Professional (CISSP),
A minimum of five (5) years of direct Information Technology experience of which a minimum of three (3) years of professional experience in Information Security focused roles. A combination of education and experience will be considered. Must possess and maintain a valid California driver's license.
Must satisfactorily pass all applicable examinations including, but not limited to, a pre-employment physical, drug screen and background check.
DISCLAIMER: The above described job elements are intended to indicate the general nature and levels of work being performed by employees assigned to the job. They are not intended to be an exhaustive list of duties, responsibilities and skills required of employees so classified. Management retains the discretion to add to or change the duties of the position at any time.
Additional Salary Information: Pension, Social Security, Health Benefits, Annual Leave
Internal Number: 729
About San Diego Metropolitan Transit System
As the largest provider of public transportation in San Diego County, the Metropolitan Transit System (MTS) is committed to providing exceptional service to the people of the San Diego region.
Every year, more than 95 million people ride MTS buses and trolleys. We have more than 80 fixed-route bus lines and 54 miles of trolley service. Our fleet of electric low-floor trolleys and compressed natural gas and electric hybrid buses enable MTS to be one of the greenest companies in San Diego.
As our region continues to grow, there will be a greater dependence on public transportation to help achieve mobility goals. Consequently, MTS is adding three new Bus Rapid Transit lines to provide high-speed, limited-stop bus service to SDSU, Otay Mesa, Rancho Bernardo and Escondido. Furthermore, MTS is working to expand blue line trolley service 11 miles from UCSD to University Town Center (UTC).
MTS is one of the most modern and dynamic public transportation systems in North America and we would love for you to help us achieve our goals!
The San Diego Metropolitan Transit System is an Equal Opportunity Employer. Women and minorities are encouraged to apply.