Cyber Security Compliance & Audit Manager

Company: NJ TRANSIT
Location: Newark
Posted on: August 6, 2022

Job Description:

Move Forward with us! At NJ TRANSIT, you'll join us in transforming the third-largest transportation agency in North America. We are committed to delivering safe, reliable service that gets our customers to their destinations on time- and we're looking to hire talented folks with a commitment to excellence. SummaryThe Manager position will monitor, enforce, and drive continuous improvement around information security, compliance and risk governance. Manager will also help to develop a master control list, including clearly written failure points and testing procedures that effectively address the risks, controls and compliance issuesRoles and Responsibilities - Partner with procurement on the 3rd party risk management program - Work across multiple business units in an audit, partnership, and compliance role - Act as the primary contact between technical teams, internal and external auditors; compiling and preparing artifacts - Assist with documenting and regularly reviewing security policies, processes and procedures. - Updates security tools for logging /monitoring and increasing coverage of existing tools. - Performs risk analysis for corporate functional and technical areas relevant to data security. - Collaborate with systems administrators to configures, implement, monitor, and support security software/systems that will help ensure compliance with regulatory, industry, and corporate policies and procedures. This includes but is not limited to IDS/IPS (Host/Network/Wireless), secure file transfer, data loss prevention "DLP", Full Disk encryption, firewall rule assessments, log management/correlation, secure password storage/retrieval, Application Whitelisting, vulnerability management, etc. - Ensures security best practices are identified and integrated into all facets of the project including network, system designs/configuration, and implementations. - Identifies and recommend potential areas where existing data security policies and procedures require change, or where a supplement is required to mitigate key security risks. Partner with various business units to enhance security policies/procedures. - Facilitates penetration testing and audit participation, where applicable. - Recommend and enforce technical service level standards and procedures for data security. - Establish alternative security measures to allow for business continuity while protecting the company's assets. - Executes programs for user awareness, compliance monitoring, and security compliance; maintaining information security devices and software; monitoring compliance procedures; and resolving security policy issues. - Performs other duties as assigned.This Position Supervises - Cyber Security Lead Developers - Cyber Security AnalystsEducation, Experience and Qualifications - Bachelor's degree in computer science from an accredited college in computer or similar related field, and/ or 4 years of information security related experience, in areas such as information security audit, security operations, incident analysis, incident handling, and vulnerability management or testing, system patching, log analysis, intrusion detection, firewall administration and/or network and host security technologies and products (such as firewalls, Network IDS, log correlation). - One year of closely related experience can be substituted for each year of education required. Professional Security and Risk Certification(s) certification required within 6 months of hire, for example: (CISSP, CISM, CRISC, CSX). Experience with applying security frameworks within the Software Development Life Cycle using both waterfall and agile methodologies. Information technology project management experience using security concepts for technology systems (for example the OSI model, etc.). Knowledge and Skills - Demonstrated knowledge of Project Portfolio Management techniques and best practices. Demonstrated experience of any of the following: System Administration, Network Design, or Application Design within a Unix, Linux or Windows environment. - Demonstrated Knowledge of security standards and compliance programs using ISO 27001/2 series, NIST 800-53, SOX, PCI-DSS and COBIT). - Demonstrated ability to lead small teams performing technical work. Familiarity with IT audits and risk assessments. Experience in reviewing SOC 1&2 report. - Excellent Leadership Skills, Critical Thinking and Decision Making. - Excellent Communication Skills, with the ability to document and present technical information to a non-technical audience. Ability to work on tasks with minimal supervision, with attention to detail and meeting deadlines. Proficient in the MS Office Suite, Outlook & similar Internet applications - 1 to 3 years supervisory experienceCertificates, Licenses, RegistrationsN/AWorking EnvironmentOffice EnvironmentPhysical DemandsNoneOther ConditionsNoneAt NJ Transit you will enjoy a competitive salary and excellent benefit package: - Hybrid Work Schedule - Comprehensive Family Health Insurance - Prescription, Dental, Vision - Flexible Spending Account - Life Insurance - Paid Leave - 401(a) and 401(k) Retirement Plans--up to 9% employer contribution - Tuition Assistance - Qualified Transportation Expense Plan (QTE) NJ TRANSIT is an Equal Opportunity Employer and a Drug Free Workplace

Keywords: NJ TRANSIT, Newark , Cyber Security Compliance & Audit Manager, Executive , Newark, New Jersey