Security Manager

MVP Consulting

Albany, NY

JOB DETAILS
SKILLS
Best Practices, Budget Management, Budgeting, CISM - Certified Information Security Manager, CISSP - Certified Information Systems Security Professional, Computer Security, Consulting, Corrective Action, Cross-Functional, Event Management, Forensic Science, GIAC - Global Information Assurance Certification, ISO (International Organization for Standardization), Incident Response, Information Technology & Information Systems, Internet Security, Leadership, Penetration Testing, Presentation/Verbal Skills, Risk, Risk Analysis, Risk Management, Security Architecture, Security Attacks, Security Design, Security Monitoring, Software Patches, Strategic Planning, System Operations, Systems Administration/Management, Training Program, U.S. National Institute of Standards and Technology (NIST), Web Infrastructure
LOCATION
Albany, NY
POSTED
Today
HBITS: HBITS-08-14870

Expert, Security Manager

24 month contract

Interview: Virtual Interview

Work model: 50% telecommuting, 50% Office per week

--- Project Description ---
The incumbent will act as the Cybersecurity Manager for the
DOT Transportation Safety Management and Operations (TSMO)
Technology Program to lead our efforts in securing our
integrated Information Technology (IT) and Operational
Technology (OT) environments within transportation systems
management and operations. This role is critical in protecting
our critical infrastructure from evolving cyber threats, ensuring
the safety, reliability, and efficiency of our transportation
networks.

--- Day-to-Day Tasks ---
1. Develop and Implement Security Strategy: Design, implement,
and maintain a comprehensive cybersecurity strategy
specifically tailored for IT/OT convergence in transportation
systems. This includes risk assessments, vulnerability
management, and incident response planning.
2. IT/OT Security Architecture: Oversee the design and
implementation of secure IT/OT architectures, ensuring that
security controls are integrated at all levels, from enterprise
networks to industrial control systems (ICS) and SCADA
environments.
3. Risk Management and Compliance: Conduct regular risk
assessments of IT and OT systems, identify potential
vulnerabilities, and develop mitigation strategies. Ensure
compliance with relevant industry standards, regulations (e.g.,
TSA directives, NERC CIP if applicable, NIST frameworks), and
best practices.
4. Threat Intelligence and Monitoring: Establish and manage a
robust threat intelligence program to proactively identify and
respond to emerging cyber threats targeting transportation
infrastructure. Implement and oversee security monitoring tools
and processes for both IT and OT environments.
5. Incident Response and Forensics: Develop and lead the incident
response plan for cybersecurity events affecting IT/OT systems.
Coordinate response efforts, conduct forensic investigations,
and implement corrective actions to prevent recurrence.
6. Vulnerability Management: Implement and manage a
comprehensive vulnerability management program for all IT and
OT assets, including regular scanning, penetration testing, and
patch management.
7. Security Awareness and Training: Develop and deliver
cybersecurity awareness training programs for IT, OT, and
operational staff, emphasizing the unique risks associated with
IT/OT convergence.
8. Vendor and Third-Party Risk Management: Assess and manage
the cybersecurity risks associated with third-party vendors and
service providers who have access to or interact with IT/OT
systems.
9. Collaboration and Stakeholder Management: Collaborate closely
with IT, OT engineering, operations, and other relevant
departments to ensure security is a core consideration in all
system design, development, and operational activities.
Communicate security risks and strategies effectively to senior
management and stakeholders.
10. Budget Management: Develop and manage the cybersecurity
budget for IT/OT convergence initiatives.
11. Stay Current: Continuously research and stay abreast of the
latest cybersecurity threats, vulnerabilities, technologies, and
best practices relevant to transportation and critical
infrastructure.

--- Required Qualifications ---
" 84 months of experience in cybersecurity, with at least 3-5 years in
a management or leadership role.
" 84 months of experience in securing IT and OT environments,
IT/OT convergence challenges and solutions specifically in the
Transportation Systems Management and Operations.
" 72 months of experience in developing and implementing
cybersecurity strategies, policies, and procedures in IT and OT
environments specifically in the Transportation Systems
Management and Operations.
" 60 months of experience with risk assessment methodologies and
frameworks (e.g., NIST RMF, ISO 27001).
" 60 months of experience with incident response, threat hunting,
and digital forensics.
" 60 months of experience with vulnerability management tools and
processes.
" 60 months of experience collaboration with cross-functional
teams; and producing both written and verbal communication
articulating security concepts to both technical and non-technical
audiences
" MUST hold at least one of these Certifications:
**CISSP
**CISM
**GIAC
**GICSP

MVP Consulting Plus is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, protected veteran status, or any other characteristic protected by law. Reasonable accommodations are available for qualified individuals with disabilities during the application process.

About the Company

M

MVP Consulting