Washington Metropolitan Area Transit Authority (WMATA)
Sr. Manager Cybersecurity (Fusion Officer)
Washington Metropolitan Area Transit Authority (WMATA), Washington, District of Columbia, us, 20022
Sr. Manager Cybersecurity (Fusion Officer)
Washington Metropolitan Area Transit Authority (WMATA)
Overview The Washington Metropolitan Area Transit Authority (Metro) is building a state‑of‑the‑art cybersecurity program to better protect the critical transit infrastructure supporting our nation's capital. The Senior Manager, Cyber Fusion Officer will oversee and provide strategic input for a 24/7 Cyber Fusion Center (CFC). The Sr. Manager will manage three core programs under the CFC:
Security Operations (SOC) missions focused on monitoring, alerting, triage, response and reporting of security incidents (incident response), along with detection engineering.
Security Awareness programs to educate and train WMATA personnel on cybersecurity best practices and behavior.
Security metrics and reporting to track program effectiveness, measure security posture improvements, and provide executive‑level visibility into cybersecurity operations and risk management.
Responsibilities
Manage development of cybersecurity workforce plans, strategies, and guidance to enable the development and retention of the best professionals possible.
Create training and education requirements to address changes to cybersecurity policy, emerging threats, certification requirements, and industry best practices through partnerships with universities, certification companies, state/federal partners and other innovative strategies that deliver relevant content.
Build a strong culture of cybersecurity within the IT organization and drive behavioral changes for all business units within WMATA.
Ensure timely, mission‑focused, and tailored cybersecurity training and developmental opportunities are provided to cybersecurity personnel.
Develop governance standards based on NIST and other frameworks (policies, processes, workplans, templates) for governing the WMATA Cybersecurity program.
Assess threats and vulnerabilities for systems and networks; determine deviations from acceptable configurations; recommend mitigation countermeasures.
Evaluate the IT security program and its components for compliance with published standards; track remediation progress and support audit reporting.
Manage the Cybersecurity program budget, track contracting costs, ensure effective financial administration, and forecast future budget needs.
Prepare and present governance and compliance management reports, key performance metrics, scorecards, and briefings to cybersecurity and IT leadership.
Configure and maintain the Governance Risk and Compliance (GRC) tool; support audit and metric requirements; manage risk resolution and continuity plans.
Execute a risk‑based, repeatable system security strategy based on the NIST Risk Management Framework; ensure consistent process around system authorization and monitoring.
Oversee evaluation of procurement activities addressing information security requirements and supply chain risks.
Support documentation, validation, assessment, and authorization processes for existing and new IT systems.
Manage privacy impact assessments and protect PII across WMATA systems and applications.
Implement security controls specified in security plans; coordinate system‑level strategies with organizational monitoring plans.
Advise security leadership on risk levels, security posture, and cost/benefit analysis of information programs/projects.
Consult with customers to gather functional requirements, assess security controls, and translate them into technical solutions.
Qualifications
Eight (8) years of experience as a cybersecurity officer/engineer, information systems security officer, or related roles in cyber policy, budget, audit, metrics, or training.
Education
Bachelor's Degree in Computer Science, Cybersecurity, Business Management, Economics, Science, Liberal Arts, or another analytical field.
Preferred
Master's degree in Cybersecurity or IT Management.
Summary The Senior Manager, Cybersecurity Officer Unit ensures WMATA’s cybersecurity program follows the cybersecurity strategy and aligns with best practices like the NIST framework. The incumbent defines necessary skills, secures funding, designs a security awareness program, develops policies for compliance, integrates controls into acquisition stages, and oversees vulnerability scans.
Evaluation Criteria
Skills and behavioral assessment.
Personal interview.
Verification of education and experience (including certifications and licenses).
Criminal background check.
Medical examination including drug and alcohol screening (for safety sensitive positions).
Review of a current motor vehicle report.
Closing WMATA is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, national origin, disability, status as a protected veteran, or any other status protected by applicable federal law.
This posting is an announcement of a vacant position under recruitment. It is not intended to replace the official job description. Job descriptions are available upon confirmation of an interview.
#J-18808-Ljbffr
Overview The Washington Metropolitan Area Transit Authority (Metro) is building a state‑of‑the‑art cybersecurity program to better protect the critical transit infrastructure supporting our nation's capital. The Senior Manager, Cyber Fusion Officer will oversee and provide strategic input for a 24/7 Cyber Fusion Center (CFC). The Sr. Manager will manage three core programs under the CFC:
Security Operations (SOC) missions focused on monitoring, alerting, triage, response and reporting of security incidents (incident response), along with detection engineering.
Security Awareness programs to educate and train WMATA personnel on cybersecurity best practices and behavior.
Security metrics and reporting to track program effectiveness, measure security posture improvements, and provide executive‑level visibility into cybersecurity operations and risk management.
Responsibilities
Manage development of cybersecurity workforce plans, strategies, and guidance to enable the development and retention of the best professionals possible.
Create training and education requirements to address changes to cybersecurity policy, emerging threats, certification requirements, and industry best practices through partnerships with universities, certification companies, state/federal partners and other innovative strategies that deliver relevant content.
Build a strong culture of cybersecurity within the IT organization and drive behavioral changes for all business units within WMATA.
Ensure timely, mission‑focused, and tailored cybersecurity training and developmental opportunities are provided to cybersecurity personnel.
Develop governance standards based on NIST and other frameworks (policies, processes, workplans, templates) for governing the WMATA Cybersecurity program.
Assess threats and vulnerabilities for systems and networks; determine deviations from acceptable configurations; recommend mitigation countermeasures.
Evaluate the IT security program and its components for compliance with published standards; track remediation progress and support audit reporting.
Manage the Cybersecurity program budget, track contracting costs, ensure effective financial administration, and forecast future budget needs.
Prepare and present governance and compliance management reports, key performance metrics, scorecards, and briefings to cybersecurity and IT leadership.
Configure and maintain the Governance Risk and Compliance (GRC) tool; support audit and metric requirements; manage risk resolution and continuity plans.
Execute a risk‑based, repeatable system security strategy based on the NIST Risk Management Framework; ensure consistent process around system authorization and monitoring.
Oversee evaluation of procurement activities addressing information security requirements and supply chain risks.
Support documentation, validation, assessment, and authorization processes for existing and new IT systems.
Manage privacy impact assessments and protect PII across WMATA systems and applications.
Implement security controls specified in security plans; coordinate system‑level strategies with organizational monitoring plans.
Advise security leadership on risk levels, security posture, and cost/benefit analysis of information programs/projects.
Consult with customers to gather functional requirements, assess security controls, and translate them into technical solutions.
Qualifications
Eight (8) years of experience as a cybersecurity officer/engineer, information systems security officer, or related roles in cyber policy, budget, audit, metrics, or training.
Education
Bachelor's Degree in Computer Science, Cybersecurity, Business Management, Economics, Science, Liberal Arts, or another analytical field.
Preferred
Master's degree in Cybersecurity or IT Management.
Summary The Senior Manager, Cybersecurity Officer Unit ensures WMATA’s cybersecurity program follows the cybersecurity strategy and aligns with best practices like the NIST framework. The incumbent defines necessary skills, secures funding, designs a security awareness program, develops policies for compliance, integrates controls into acquisition stages, and oversees vulnerability scans.
Evaluation Criteria
Skills and behavioral assessment.
Personal interview.
Verification of education and experience (including certifications and licenses).
Criminal background check.
Medical examination including drug and alcohol screening (for safety sensitive positions).
Review of a current motor vehicle report.
Closing WMATA is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, national origin, disability, status as a protected veteran, or any other status protected by applicable federal law.
This posting is an announcement of a vacant position under recruitment. It is not intended to replace the official job description. Job descriptions are available upon confirmation of an interview.
#J-18808-Ljbffr