Manager - Information Security Engineering

Description

Salary range is $104k to $206k with a midpoint of $155k. New hires typically receive between minimum and midpoint, however, we may go slightly higher based on experience, internal equity and market.

Sound Transit also offers a competitive benefits package with a wide range of offerings, including:

• Health Benefits:
  We offer two choices of medical plans, a dental plan, and a vision plan all at no cost for employee coverage; comprehensive benefits for employees and eligible dependents, including a spouse or domestic partner.
• Long-Term Disability and Life Insurance.
• Employee Assistance Program.
• Retirement Plans: 401a - 10% of employee contribution with a 12% match by Sound Transit; 457b - up to IRS maximum (employee only contribution).
• Paid Time Off:
  Employees accrue 25 days of paid time off annually with increases at four, eight and twelve years of service. Employees at the director level and up accrue additional days. We also observe 12 paid holidays and provide up to 2 paid floating holidays and up to 2 paid volunteer days per year.
• Parental Leave: 12 weeks of parental leave for new parents.
• Pet Insurance discount.
• ORCA Card:
  All full-time employees will receive an ORCA card at no cost.
• Tuition Reimbursement:
  Sound Transit will pay up to $5,000 annually for approved tuition expenses.
• Inclusive Reproductive Health Support Services.
• Compensation Practices:
  We offer competitive salaries based on market rates and internal equity. In addition to compensation and benefits, you'll find that we provide work-life balance, opportunities for professional development and recognition from your colleagues.

GENERAL PURPOSE:

Under general direction, the Information Security Engineering Manager oversees and operates several essential Information Security functions including Security Engineering and information security tool management. The Information Security Engineering Manager's role is to lead and support service owners, system owners, and relevant stakeholders in ensuring their respective (or proposed) systems are compliant with the Agency's information security standards. In addition, the Information Security Engineering Manager supports the operations of several other functions of the Agency's Information Security Management System (ISMS).

ESSENTIAL FUNCTIONS:

The following duties are a representative summary of the primary duties and responsibilities. Incumbent(s) may not be required to perform all duties listed and may be required to perform additional, position-specific duties.

• Acts as Service Owner for related Information Security Engineering services of the Information Security business unit.
• Support Information Security Architecture and Security Operations services
• Manages personal for the Information Security Engineering components of the Information Security Division.
• Provides guidance to the technical professionals that comprise the Security Engineering functions of the Information Security Division
• Participates in the overall implementation of the agency's information security program, under the direction of the Chief Information Security Officer (or delegate), where appropriate.
• Participates in the creation of information security governance documents (policies, standards, baselines, guidelines, and procedures) under the direction of the Chief Information Security Officer (or delegate), where appropriate.
• Identifies and assesses technology-related risks to information security associated with prospective technology solutions; and recommends appropriate mitigating controls.
• Influences the design of any prospective technology solution for adherence to documented agency standards, policies, and regulatory responsibilities.
• Evaluates, implements, and supports security-focused tools and services required to support information security controls.
• Collaborates with other IT engineering and administration disciplines to ensure security best practices are incorporated into design, implementation and sustainment of systems and services within the agency.
• Consults with internal customers on risk assessment, threat modeling and mitigation of vulnerabilities
• Conducts security assessments, evaluates controls, and provide feedback to management and system owners on the design and effectiveness of control processes.
• Conducts regular security reviews of both software and processes. Reviews and creates threat models and recommends security enhancements consistent with information security strategy and evolving threats
• Participates in ongoing information security education, awareness, and outreach activities.
• Participate with information security incident investigation and response efforts, leading as needed.
• Participate with computer and network forensic investigations in support of incident response activities.
• Prepares regular reports on relevant metrics for different stakeholders.
• Coaches, manages, mentors, and develops staff.
• Focuses on keeping professional skills current.
• Keeps up to date on latest information security threats and…