We use cookies. Find out more about it here. By continuing to browse this site you are agreeing to our use of cookies.
I agree and accept cookies
Main menu
Post a Job
Request a Demo
Yes
No
Both
Advanced search
#alert
Back to search results / More jobs like this
Back to search results
New
Amtrak jobs

Dir DT Cyber Defense Ops - 90388139 - Washington

Amtrak
life insurance, paid time off, long term disability, 401(k), retirement plan
United States, D.C., Washington
Jan 30, 2025

Your success is a train ride away!

As we move America's workforce toward the future, Amtrak connects businesses and communities across the country. We employ more than 20,000 diverse, energetic professionals in a variety of career fields throughout the United States. The safety of our passengers, our employees, the public and our operating environment is our priority, and the success of our railroad is due to our employees.

Are you ready to join our team?

Our values of 'Do the Right Thing, Excel Together and Put Customers First' are at the heart of what matters most to us, and our Core Capabilities, 'Building Trust, Accountability, Effective Communication, Customer Focus, and Proactive Safety & Security' are what every employee needs to know and do to be most impactful at Amtrak. By living the Amtrak values, focusing on our capabilities, and actively embracing and fostering diverse ideas, backgrounds, and perspectives, together we will honor our past and make Amtrak a company of the future.

SUMMARY OF DUTIES:

The Director IT Vulnerability Management is responsible for overseeing the support, implementation and continuous improvement of IT services and technologies for multiple functional areas within the organization, with a specific focus on enterprise vulnerability management for both Information Technology (IT) & Operational Technology (OT) networks and systems.

The Director partners with business leadership to develop an overarching common vision and multi-year technology roadmap, as well as the associated annual budget and plan based on business priorities, for assigned areas/domains of responsibility. Assesses high-level business/functional requirements and assigns work to subordinate resources to include complex upgrades, enhancements and/or new implementations. Evaluates budgetary implications of changing, expanding, upgrading or implementing new technologies.

The Director may serve as a "Service Owner" or "Service Offering Lead" and oversees end-to-end services within the assigned domain to address business needs and improve internal efficiencies. This role owns the "change the business" and "run the business" budget associated with their services and ensures optimum utilization of investment against the company priorities.

The IT Service Owner is the single point of accountability for the respective business partners for all IT services related to the supported technologies and is accountable for ensuring that services are managed with a business focus. He/she is responsible to the business partners for the initiation, elaboration, construction, transition and ongoing maintenance and support of these technologies and services. The role is accountable to IT executive leadership for the performance of these services, including financial performance, and is also accountable for producing and maintaining documentation and materials regarding the services and supported technologies.

ESSENTIAL FUNCTIONS:




  • Collaborates with senior business and IT management to ensure cross-functional ownership of assigned technologies and facilitates a common vision and roadmap for such technologies to meet business needs and IT requirements.



  • Provides leadership for teams supporting a unified strategy for identifying, assessing, prioritizing, and mitigating vulnerabilities across both IT and OT environments and ensures coordination, collaboration, and alignment across groups.



  • Serves as a subject matter expert for vulnerability scanning and assessment in both IT and OT systems, using tools compliant with NIST SP 800-53, IEC 62443-2-1 (Establishing an Industrial Automation and Control Systems Security Program), and PCI DSS (Payment Card Industry Data Security Standard).



  • Ensure adherence to regulatory standards, manage audits, and report on the effectiveness of vulnerability management strategies to executive leadership.



  • Identifies technology-related opportunities and works with team and business to develop multi-generational roadmap to leverage additional functionality/capabilities in existingsystems to drive internal efficiencies and other business benefits.



  • Responsible for creating an integrated information technology plan to support services within area of responsibility.



  • Develops and owns service definition and service design partnering with business owners and architecture. Ensures adoption of services within the IT service catalog for areas of responsibility.



  • Leads a team of functional, technical, and project management resources to maintain, support, enhance, and implement technologies within supported areas/domains.



  • Partners with business leaders and other IT groups to develop strategies and roadmaps and to rationalize the technology portfolio within area(s) of responsibility.



  • Directs large-scale and complex technology initiatives ensuring delivery of projects and programs on time, on budget, with agreed scope, and high quality.



  • May be responsible for planning and managing the services budgets for both capital and operating expenses. Manages and monitors spend and takes appropriate actions to stay within budget.



  • Oversees all IT service offerings within area of responsibility and manages corresponding service delivery teams.



  • Partners with the business to ensure appropriate organizational change management (OCM) plans and actions for changes affecting services or technologies to minimize business impact and risk. This includes communications, training, process and system documentation, etc.



  • Meets regularly with the team to review work status and discuss progress and obstacles. Provides advice, guidance, encouragement and constructive feedback.



  • Establishes measurable individual and team objectives that are aligned with business and organizational goals. Documents and presents performance assessments. Recognizes and rewards team members commensurate with performance.



  • Implements organizational practices for staffing, Equal Employment Opportunity (EEO), diversity, performance management, development, reward and recognition, and retention.



  • Manages risk and security in partnership with the CISO and the Risk and Compliance Teams.



  • Manages service governance and applies metrics to measure against defined KPIs and SLAs. Responsible for delivering capabilities within the agreed service levels or partnering with other responsible IT teams to ensure strong performance and delivery within targets.



  • Ensures staff have the resources and skills needed to support all work initiatives. Forecasts new skill requirements based on emerging technologies. Participates in IT workforce deployment activities.





MINIMUM QUALIFICATIONS:




  • Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or an equivalent combination of training, education, and relevant experience may be considered in lieu of a degree.



  • At least 10 years of experience in cybersecurity, with at least 4 years specifically in vulnerability management across IT and OT.



  • In-depth knowledge of cybersecurity frameworks like NIST, ISO/IEC 27001, IEC 62443, and PCI DSS.



  • Demonstrated experience leading globally distributed development teams to deliver mission critical business technology systems and services



  • Demonstrated experience working with matrixed and distributed technology teams to provide the appropriate level of SLA for business-critical systems



  • Technical and/or ITIL, or equivalent Certifications



  • Experience managing critical systems that require 24/7/365 days a year uptime and are expected to perform against the agreed upon metrics



  • Demonstrated experience leading a team of Managers, Technical Leaders, and others and inspiring them and their teams to deliver at the highest level



  • Leadership experience in managing cross-functional teams and influencing stakeholders





MINIMUM KNOWLEDGE, SKILLS, AND ABILITIES:




  • Experience with vulnerability assessment tools tailored for both IT (e.g., Nessus, Qualys, Invciti, Checkmarx) and OT (e.g., Nozomi Networks, Dragos).



  • Understanding of web application vulnerabilites



  • Well versed in IT operating systems to include Windows and Linux based systems.



  • Knowledgeable in networking and associated protocols.



  • Basic understanding of industrial control systems (ICS) and their security implications.



  • Strong experience building, leading and developing teams



  • Process improvement experience and demonstrated experience implementing process improvements via technology solutions



  • Solid understanding of information security and application of good and relevant security practices



  • Strong and proven financial management skills and experience managing operating and capital budgets of $1M+



  • Demonstrated ability to launch and deliver multiple, concurrent IT initiatives on time and within budget



  • Strong communication and interpersonal skills, works well with others in an integrated team environment, self-motivated



  • Ability to translate and communicate complex technical issues into language that senior business executives can easily comprehend



  • Excellent teambuilding skills, both within the team and motivating resources across teams



  • Proven ability to lead diverse and distributed teams, manage performance, coach and mentor team members, and manage conflicting priorities





PREFERRED QUALIFICATIONS:




  • Experience working in companies that heavily rely on real-time 24x7 IT operations to successfully service external customers.



  • Experience working in Transportation, Utiities, Large Corporation, Hospitality, or High-Tech Industry



  • Master's degree in Cybersecurity, Information Assurance, or a related field.



  • Certifications such as CISSP, GICSP (Global Industrial Cyber Security Professional), or CSSLP.



  • Demonstrated experience in managing security for SCADA systems, PLCs, or other OT environments.



  • Familiarity with scripting for automation (Python, PowerShell) in both IT and OT contexts.



  • Proven leadership in cross-functional, multi-disciplinary teams.





WORK ENVRIORNMENT:




  • This position is Hybrid or Remote.Environment



  • May travel up to 10% of the time.





COMMUNICATIONS AND INTERPERSONAL SKILLS:

Must have excellent oral and written communication skills.

The salary/hourly range is $179,300-$232,416. Pay is based on several factors including but not limited to education, work experience, certifications, internal equity, etc. Depending on an employee's assigned worksite or location, Amtrak may consider a geo-pay differential to be applied to the employee's base salary. Amtrak may offer additional incentive and pay programs to recognize and reward our employees, including a short-term incentive bonus based upon factors such as individual and company performance that is commensurate with the level of the position and/or long-term incentive plan compensation. In addition to your salary, Amtrak offers a comprehensive benefit package that includes health, dental, and vision plans; health savings accounts; wellness programs; flexible spending accounts; 401K retirement plan with employer match; life insurance; short and long term disability insurance; paid time off; back-up care; adoption assistance; surrogacy assistance; reimbursement of education expenses; Public Service Loan Forgiveness eligibility; Railroad Retirement sickness and retirement benefits; and rail pass privileges. Learn more about our benefits offeringshere.

Requisition ID:163941

Posting Location(s):District of Columbia

Work Arrangement:04-Hybrid WeeklyClick here for more information about work arrangements at Amtrak.

Job Family/Function:Information Technology

Relocation Offered:Yes

Travel Requirements:Up to 25%

You power our progress through your performance.

We want your work at Amtrak to be more than a job. We want your career at Amtrak to be a fulfilling experience where you find challenging work, rewarding opportunities, respect among colleagues, and attractive compensation. Amtrak maintains a culture that values high performance and recognizes individual employee contributions.

Amtrak is committed to a safe workplace free of drugs and alcohol. All Amtrak positions requires a pre-employment background check that includes prior employment verification, a criminal history check and a pre-employment drug screen.

Candidates who test positive for marijuana will be disqualified, regardless of any state or local statute, ordinance, regulation, or other law that legalizes or decriminalizes the use or possession of marijuana, whether for medical, recreational, or other use. Amtrak's pre-employment drug testing program is administered in accordance with DOT regulations and applicable law.

In accordance with DOT regulations (49 CFR * 40.25), Amtrak is required to obtain prior drug and alcohol testing records for applicants/employees intending to perform safety-sensitive duties for covered Department of Transportation positions. If an applicant/employee refuses to provide written consent for Amtrak to obtain these records, the individual will not be permitted to perform safety-sensitive functions.

In accordance with federal law governing security checks of covered individuals for providers of public transportation (Title 6 U.S.C. *1143), Amtrak is required to screen applicants for any permanent or interim disqualifying criminal offenses.

Note that any education requirement listed above may be deemed satisfied if you have an equivalent combination of education, training and experience.

Amtrak is an EOE/Affirmative Action Minority/Female employer, and we welcome all to apply. We consider candidates regardless of race/color, religion, sex (including pregnancy, childbirth and related conditions), national origin/ethnicity, age, disability (intellectual, mental and physical), veteran status, marital status, ancestry, sexual orientation, gender identity and gender expression, genetic information, citizenship or any other personal characteristics protected by law.
Applied = 0
MORE JOBS LIKE THIS

(web-6f6965f9bf-g8wr6)