The Information Security (INFOSEC) Manager will provide strategic and operational leadership as it relates to information and cyber security at Utah Transit Authority (UTA). The INFOSEC Manager develops and drives the cyber-security strategy towards protecting UTA from security threats and cyber-hacking.
This position will oversee enterprise cyber-security systems such as external firewalls, Intrusion Prevention Systems (IPS), endpoint AV protection, VPNs, Identity Management (MFA), AI Network Traffic Analysis, SIEM (Security Information and Event Management) systems, and others as assigned. This position will collaborate with technology, business, and audit partners to insure the access and data security of UTA systems. Establishes and enforces standards for technology security used at UTA, such as acceptable suppliers and devices, configuration standards and rules, and control of device administration permissions. This position will contribute to technical and project planning for the organization, as it relates to cyber-security and data security. This position will generate and update related INFOSEC policies across UTA. The INFOSEC Manager will track relevant KPIs, brief the Technology Steering Committee and the Board as directed on cyber-security and data protection measures to ensure security to UTA.
The INFOSEC Manager will develop incident response (IR) plans in collaboration with business and technology partners; will evaluate cyber-security events and classify incidents and report breach incidents to the IT Director, Business Leaders, and required governmental organizations as required by statute and regulation; will lead the IR cell to coordinate responses and communications through containment and resolution.
Ensures training and development of INFOSEC Division staff to support cyber-security systems and cloud services. Assists the IT Director in setting budget priorities and advises IT Director on budget opportunities, expenditures and efficiencies. Aligns the department to support the UTA Way and IT Director directives and initiatives regarding corporate technology applications and information systems strategy.
The successful candidate must have strong integrity, a high level of energy, excellent oral and written communication skills, and exceptional interpersonal relationship and team-building skills. Proven experience in leading enterprise-wide technology and governance change management efforts and communicating effectively with team members and stakeholders is critical. Equally significant qualifications include being highly collegial, consultative, the ability to develop and sustain collaborative relationships, assist other teams and peers, a team player (humble, hungry, and smart), and demonstrate a commitment to cultural diversity and equal opportunity.
Must have a bachelor’s degree in Computer Science, Cyber-Security, Information Systems Management, or related experience. Masters degree is preferred in Cyber-security or other technology related field.
Ten (10) years of experience in the support and management of cyber-security or network infrastructure, including external enterprise firewalls, Web Application Firewalls (WAF), Intrusion Prevention Systems (IPS), endpoint AV protection, VPNs, Identity Management (MFA), AI Network Traffic Analysis, email and web filtering, SIEM (Security Information and Event Management) systems, and cloud services (Azure, AWS).
Current or recent (within the past 12 months) direct supervisory experience of professional technology staff.
Budgeting and technology financial management experience; public-sector experience preferred.
Technology supplier management experience: negotiating, contracting, and supplier performance management. Experience must include management of telecomm service providers, major technology hardware suppliers, and cloud service providers.
Demonstrable, strong knowledge of infrastructure technologies and trends, including the supplier, devices, standards and trends in data networks, voice networks, data centers, centralized computing, centralized storage, and networks security.
Strong knowledge of organization development/change management, strategic planning, action planning and supervision.
Experience building functional teams with trust, healthy conflict management, commitment, accountability, and focusing on collective results. Equally important is followership related to the above aspects.
Must be able to pass BCI, FBI, and UCJIS background check.
CISSP (Certified Information System Security Professional) or
CISM (Certified Information Security Manager)
Current or recent (within the past 12 months) direct supervisory experience of INFOSEC staff.
Experience in the support and management of data centers, virtualized infrastructure, storage area networks, cloud-based infrastructure, data and voice networks, supplier provided internet access, dedicated circuits, and voice and data telecommunications.
Project Management experience in multiple large cyber-security or technology infrastructure systems implementations and major version upgrades.
Implementation of IT governance and GRC (Governance, Risk, and Compliance) that meets PCI standards.
Generation of multiple RFP contracts that resulted in successful engagements with 3rd Party entities.
Multiple successful presentations to executives and boards that resulted in approval of initiative and/or funding as requested.
Leading research, selection, implementation and upgrades of large cyber-security or technology infrastructure systems.
An independent thinker who can work cross-functionally with leadership of business units who are affected by cyber-security and data protection solutions.
Proven ability to deal with time sensitive problems using technical, industry, product knowledge and relationship building skills to achieve resolution to implementation issues.
Able to prioritize issues in challenging situations.
Able to manage client and supplier relationships (internal and external) at all levels of the business.
Excellent written and verbal communication skills with ability to appropriately address topics dependent upon audience and subject matter.
Strong interpersonal skills, a solid team player with strong initiative.
Strong focus on customer satisfaction.
- OR -
An equivalent combination of relevant education and experience.
[UTA reserves the right to determine the equivalencies of education and experience.]
A Credit Check and Utah CJIS (UCJIS) Background Check is Required for this Position.
This job requires regular and predictable attendance.
Additional Salary Information: Higher depending on experience.