Department Manager - Enterprise Cybersecurity & Cloud - Orange County Transportation Authority

Why OCTA:

Discover work that moves you in a dynamic and innovative setting. Be part of a team delivering Orange County’s transportation network of today and creating a vision for the future.

OCTA is the county’s transportation planning commission and public transit operator. With a focus on safety and accountability, we plan, fund, and implement countywide projects that include bus and rail transit, freeways and express lanes, rideshare, microtransit, paratransit, active transportation, and environmental programs.

We’re passionate about creating a balanced, equitable and sustainable transportation system that reflects the diverse travel needs of the county’s 34 cities and 3.2 million residents. 

Our employees rated OCTA as a top workplace in Orange County. Come join us on our mission of keeping Orange County moving.

Overview:

Under direction of the Chief Information Officer, responsible for establishing and maintaining the information security program to ensure that information assets and associated technology, applications, systems, infrastructure and processes are adequately monitored and protected in the digital ecosystem in which we operate. Directs the development and update of cloud strategies. Leads and manages staff responsible for information security policy development and the maintenance and design of security policy education, training, and awareness activities. Responsible for identifying, evaluating, and reporting on information security laws and applicable regulations, and cybersecurity risk to information assets, while supporting and advancing business objectives. Defines, documents, and implements cybersecurity and cloud strategy architectures, procedures, and roadmaps. Verifies that the data computing infrastructure is properly protected from internal and external threats. Responsible for the planning and response to cyber security incidents.

This is an exempt position in Salary Grade ­­260: Min $162,784.00 – Mid $195,341.00 – Max $227,897.00 annually. The starting salary will be within this range based on qualifications.

The position will remain open until a candidate is selected.

This list is intended to indicate the general nature and level of work performed by employees within this classification and is not designed to be interpreted as an exhaustive listing of all tasks required of employees assigned to this job.

Displays High Integrity & Honesty: Takes personal responsibility, acts with honesty and consistency.

Has Technical and Professional Expertise: Has the technical skills, product knowledge and professional skills to do the job.

• Develops, manages, and leads an information security governance structure.
• Develops an enterprise wide information security program.
• Leads in the establishment and update of the overall cloud strategy and roadmap. Aligns the cloud strategy with overall OCTA and IT direction and strategies.
• Provides regular reporting on the status of the information security program to senior leaders and the board of directors as part of a strategic enterprise risk management program.
• Ensures that information security and cloud requirements are included in contracts by liaising with vendor management and procurement organizations.
• Leads the information security function across the organization to ensure consistent and high-quality information security management in support of the business goals.
• Develops and maintains a document framework of continuously up-to-date information security and cloud policies, standards, and guidelines.
• Builds and nurtures external networks consisting of industry peers, ecosystem partners, vendors, and other relevant parties to address common trends, findings, incidents, and cybersecurity risks.
• Coordinates the development of implementation of incident response plans and procedures to ensure that business-critical services are recovered in the event of a security event; provides direction, support, and in-house consulting in these areas.

Champions Change: Leads projects or programs that support organizational goals so that others support them.

Innovates and brings new visionary ideas that add value to the agency

Customer & External Focus: Markets his/her workgroup effectively and influences others in the organization.

• Creates and manages a targeted information security awareness training program for all approved system users. Establishes metrics to measure the effectiveness of this security training program for the different audiences.
• Provides clear risk mitigating directives for projects with components in IT.
• Liaises with external agencies, such as law enforcement and other advisory bodies, as necessary, to ensure that the organization maintains a strong security posture and is kept well-abreast of the relevant threats identified by these agencies.
  

Solves Problems & Analyzes Issues: Has and applies problem analysis and problem-solving skills on a technical and interpersonal level.

• Creates a risk-based process for the assessment and mitigation of any information security risk consisting of supply chain partners, vendors, consumers and any other third parties.
• Manages and contains information security incidents and events to protect corporate assets, intellectual property, regulated data, and the agency's reputation.
• Monitors the external threat environment for emerging threats and advises relevant stakeholders on the appropriate courses of action.
• Responsible for the continuous monitoring, auditing, and assessment of vulnerabilities and security risks within the Authorities networks and IT systems.
  

Any combination of education and experience equivalent to a bachelor’s degree in Computer Science, Mathematics or Business, with a minimum of eight years related computer security experience in business environments. Four years or more experience in a computer security management position. Hands on experience with various network security services. One current and/or previously held security related certifications are required (e.g., CISM, CISSP, CISA, GSNA, GSAE). Advanced degree is preferred.

Working Conditions/Physical Activities:

(The physical demands described are representative of those that must be met by the employee to successfully perform the essential functions of this job. OCTA provides reasonable accommodation to enable individuals with disabilities to perform the essential functions.)

Positions in this class typically require:

• Work may be performed in a stressful, fast-paced office environment, depending upon assignment.
• Ability to understand verbal communication and to respond effectively.
• Reaching, Finger Dexterity, Grasping, Feeling, Talking, Hearing, Seeing, and Repetitive Motions in computer use.

Compensation and Benefits:

OCTA offers an attractive compensation and benefits package that includes medical, dental and vision health insurance programs, flex time (may be available), paid sick leave, paid vacation and holidays, short-term and long-term disability, life insurance, flexible spending accounts, retirement, deferred compensation plan, educational reimbursement, excellent in-house training programs, free transportation passes for the employee and dependents, wellness and ergonomic programs, and much more. OCTA has a hybrid remote work program. Eligibility is dependent on manager’s approval.

OCTA is an equal employment opportunity employer that recruits, hires, and promotes qualified people without regard to race, color, religion, creed, ancestry, national origin, age, sex, pregnancy, gender, gender identity and/or expression, sexual orientation, marital status, medical condition, disability, genetic information, military and veteran status, or other legally protected status.