Sr. Manager Cybersecurity; Fusion

Job Description

The Washington Metropolitan Area Transit Authority (Metro) is building a state-of-the-art cybersecurity program to better protect the critical transit infrastructure supporting our nation's capital. The Senior Manager, Cyber Fusion Officer will oversee and provide strategic input for a 24/7 Cyber Fusion Center (CFC), managing three core programs under the CFC.

• Security Operations (SOC) missions focused on monitoring, alerting, triage, response and reporting of security incidents (incident response), along with detection engineering.
• Security Awareness programs to educate and train WMATA personnel on cybersecurity best practices and behavior.
• Security metrics and reporting to track program effectiveness, measure security posture improvements, and provide executive-level visibility into cybersecurity operations and risk management.

• Manages the development of cybersecurity career enhancing workforce plans, strategies, and guidance to enable the development and retention of the best professionals possible. Creates training and education requirements to address changes to cybersecurity policy, emerging threats, certification requirements and industry best practices through partnerships with universities, certification companies, state/federal partners and other innovative strategies.
• Creates a strong culture of cybersecurity within the IT organization and drives behavioral changes for all business units within WMATA. Ensures that timely, mission-focused, and tailored cybersecurity training and developmental opportunities are provided to cybersecurity personnel.
• Manages the creation of governance standards based on NIST and other frameworks (policies, processes, workplans, templates) by which the WMATA Cybersecurity program is managed and measured against.
• Develops and maintains cybersecurity plans, strategy, and policy to support and align with organizational cybersecurity initiatives and regulatory compliance.
• Manages the performance of assessments of threats and vulnerabilities for systems and networks, determines deviations from acceptable configurations, assesses the level of risk, and develops and/or recommends appropriate mitigation countermeasures.
• Manages the performance of evaluations of the IT security program and its individual components to determine compliance with published standards. Tracks findings and reports remediation progress.
• Prepares audit reports that identify technical and procedural findings, and provides recommended remediation strategies/solutions. Coordinates external audit requirements.
• Manages, compiles and reviews budgets for the Cybersecurity program, tracks contracting costs and needs, and ensures the program manages costs effectively.
• Prepares and presents governance and compliance management reports, key performance metrics, scorecards, and briefings as required to cybersecurity and IT leadership.
• Manages the cybersecurity components of the GRC tool, configures and populates the tool, and supports audit and metric requirements by developing exports and reports.
• Executes a risk-based, repeatable/consistent system security strategy based on the NIST Risk Management Framework/Cybersecurity Framework.
• Manages the evaluation of the effectiveness of procurement function in addressing information security requirements and supply chain risks through procurement activities.
• Oversees, evaluates, and supports the documentation, validation, assessment, and authorization processes necessary to assure that existing and new IT systems meet the organization’s cybersecurity and risk requirements.
• Manages privacy impact assessments of an application’s security design for the appropriate security controls.
• Manages the implementation of security controls specified in a security plan or other system documentation and develops a strategy for monitoring control effectiveness.
• Advises security leadership on risk levels, security posture, and cost/benefit analysis of information programs/projects.
• Consults with customers to gather and evaluate functional requirements and translates these requirements into technical solutions.