Information Security Manager-ORCA

Description

Salary range is $109k to $211k, with a midpoint of $160k. New hires typically receive between minimum and midpoint, however, we may go slightly higher based on experience, internal equity and market.

Sound Transit also offers a competitive benefits package with a wide range of offerings, including:

• Health Benefits:
  We offer two choices of medical plans, a dental plan, and a vision plan all at no cost for employee coverage; comprehensive benefits for employees and eligible dependents, including a spouse or domestic partner.
• Long-Term Disability and Life Insurance.
• Employee Assistance Program.
• Retirement Plans: 401a - 10% of employee contribution with a 12% match by Sound Transit; 457b - up to IRS maximum (employee only contribution).
• Paid Time Off:
  Employees accrue 25 days of paid time off annually with increases at four, eight and twelve years of service. Employees at the director level and up accrue additional days. We also observe 12 paid holidays and provide up to 2 paid floating holidays and up to 2 paid volunteer days per year.
• Parental Leave: 12 weeks of parental leave for new parents.
• Pet Insurance.
• ORCA Card:
  All full-time employees will receive an ORCA card at no cost.
• Tuition Reimbursement:
  Sound Transit will pay up to $5,000 annually for approved tuition expenses.
• Inclusive Reproductive Health Support Services.
• Compensation Practices:
  We offer competitive salaries based on market rates and internal equity. In addition to compensation and benefits, you'll find that we provide work-life balance, opportunities for professional development and recognition from your colleagues.

The Information Security Manager - ORCA directs, maintains, and operates the Information Security Management System (ISMS) for the ORCA payment system, including the governance, risk, and compliance components of the regional security function. The Information Security Manager will have an important, visible role in collaboration with the ORCA partner agencies and their Information Security experts. This role partners with other Regional ORCA Operations Team (ROOT) staff to ensure the secure operation of the ORCA system, as well as working closely with vendors and service providers to ensure alignment of their security practices with the risk control strategies outlined in the region's ISMS.

• Guides security policy and participates in broader Information Security governance efforts for the ORCA partnership.
• Develops and maintains the ISMS in collaboration with regional information security SMEs and technical consultants.
• Oversees and manages the ORCA ISMS and recommends appropriate mitigating controls.
• Oversees Information Security Risk Management activities, including risk identification, assessment, and communication to relevant stakeholders.
• Provides valuable expertise and leadership directly to the governing ORCA Joint Board executive leadership, including sharing metrics to reflect the performance of the regional security program functions, executive risk score reports, and other guidance on a variety of information security topics.
• Facilitates a committee of Information Security SMEs across the ORCA Agencies to ensure both regional compliance and concurrence on information security-related matters, recommending solutions, and working from the regional ORCA perspective to achieve optimal solutions.
• Collaborates with the Systems Integrator, other vendors, and partner Agencies to ensure security best practices, standards, policies, and regulatory requirements are incorporated into core payment system design, implementation, and sustainment, as well as supports other future phase projects.
• Conducts regular security reviews of both software and processes, advising on information security practices. Reviews and creates threat models and recommends security enhancements consistent with information security strategy and evolving threats.
• Supports external IT security audits and assessments that focus on ORCA operation.
• Develops, updates, implements, and conducts information security training programs to support the ISMS objectives.
• Manages approvals for Identity and Access Management (IAM) and Access Control Administration.
• Acts as Incident Commander for Security Incident Response activities, whenever the Information Security Incident Response Plan is invoked by the regional program; plays a stakeholder and oversight role if the plan is invoked by other partners or vendors.
• Participates in information security incident investigation and response efforts; performs root-cause analysis when incidents occur and prepare incident reports.
• As a member of the Change Advisory Board, evaluates change requests to determine potential impacts to Information Security, including IT systems, processes, and policies, and provides appropriate input to the Change Management process.
• Coaches, mentors, and develops future ROOT information security staff as the ISMS becomes complete and mature.
• Keeps up to date on latest information…