Director of Cybersecurity Assessments Job at Amtrak in Washington

Job Summary

The Director DT Cyber Defense Assessments oversees enterprise cybersecurity assessments for both Information Technology (IT) and Operational Technology (OT) networks and systems. This role is critical to safeguarding Amtrak’s operational and business systems, directly influencing national infrastructure resilience. The director will lead a unified strategy for identifying, prioritizing, and assessing critical business and safety systems across both IT and OT environments.

They ensure cybersecurity measures align with leading industry standards including NIST (National Institute of Standards and Technology), IEC 62443 (Industrial Automation and Control Systems Security), ISO/IEC 27001, and PCI DSS (Payment Card Industry Data Security Standard). This position bridges the gap between IT and OT security, ensuring comprehensive protection against cyber threats. The director will manage capital and operational budgets associated with assigned Service Offerings / Services and ensure optimum utilization of investment against company priorities. This position regularly interfaces with senior leadership and plays a key role in shaping Amtrak’s cybersecurity posture across critical infrastructure.

Essential Functions

• Enterprise Penetration Testing: Oversees enterprise penetration testing and cyber assessments against both IT and OT systems, using industry standard tools and in compliance with NIST SP 800-53, IEC 62443-2-1, and PCI DSS.
• Risk Assessmentואה: Conducts risk assessments following NIST SP 800-30, tailored for both IT and OT contexts, to prioritize findings and vulnerabilities based on potential impact to operations and safety.
• Mitigation Strategies: Develops and implements remediation plans, ensuring OT‑specific considerations like maintaining operational continuity while findings are addressed.
• Policy and Procedure Development: Crafts policies that address security in both IT and OT, in compliance with NIST 800‑53 and IEC 62443‑2‑3.
• Leadership and Team Management: Directs a team that includes both IT and OT security specialists, promoting collaboration and knowledge sharing.
• Compliance and Reporting: Ensures adherence to regulatory standards, manages audits, and reports on key findings to executive leadership.
• Incident Response: Coordinates with IT and OT incident response teams to manage vulnerabilities that could lead to security incidents, leveraging frameworks like NIST SP 800‑61.
• Cybersecurity SME Support: Assigns or serves as cybersecurity SME in support of Amtrak projects.

Minimum Qualifications

• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or an equivalent combination muerto training, education, and relevant experience.
• 10 plus years of experience in cybersecurity, with at least 4 years specifically in penetration testing across IT and OT.
• In‑depth knowledge of cybersecurity frameworks such as NIST, ISO/IEC 27001, IEC 62443, and PCI DSS.
• Experience with penetration testing tools tailored for both IT and OT environments.
• Proficiency in operating peas between Windows and Linux.
• Strong understanding of IT and OT networking and associated protocols.
• Familiarity with industrial control systems (ICS) and their security implications.

Preferred Qualifications

• Master’s degree in Cybersecurity, Information Assurance, or a related field.
• Certifications such as CISSP, GICSP, or CSSLP.
• Demonstrated experience in managing security for SCADA systems, PLCs, or other OT environments.
• Familiarity with scripting for automation (Python, собы; PowerShell) in both IT and OT contexts.
• Proven leadership in cross‑functional, multi‑disciplinary teams.

Knowledge, Skills, and Abilities

• Communication: Excellent verbal and written communication skills to explain complex security concepts to diverse audiences, including non‑technical personnel and executive management. Ability to draft comprehensive reports and deliver presentations.
• Interpersonal: Strong leadership capabilities, fostering an environment of trust and cooperation between IT and OT teams. Effective in conflict resolution and team motivation.
• Collaboration: Adept at collaborating with various internal teams (IT, OT, engineering) and external vendors or auditors.
• Problem‑Solving: Strategic thinker capable of identifying systemic vulnerabilities and proposing effective solutions across IT and OT domains.
• Adaptability: Quick to adapt to evolving threats, technologies, and standards in both IT and OT security landscapes. Must stay informed about the latest in cybersecurity and industrial automation security.