mgr governance risk compl

SUMMARY

Develops and implements strategies and programs to proactively protect the enterprise's information technology data, systems, and networks. Focuses on setting the critical success factors, and operating plans for the GRC team, ensuring alignment with the enterprise's overall security standards and business objectives. Oversees the communication of the department's vision, strategies, critical success factors, and plans, including high-level migration plans. Manages the selection and deployment of resources required to improve security awareness, monitoring, compliance, and recovery. Identifies and addresses business, technical, and infrastructure issues, addressing potential risks, and leads initiatives to enhance information security readiness. Provides guidance to subject matter experts in completing their project tasks and daily GRC responsibilities and ensure effective management of technical design, integration, and security technologies.

ESSENTIAL DUTIES AND RESPONSIBILITIES

• Directs the development of a security program that proactively protects the integrity, confidentiality, and availability of MARTA's enterprise data, information systems, and networks with a focus on governance, risk, and compliance. Develops and implements critical success factors, and operating plans for the GRC program, ensuring alignment with overall business and technology standards.

• Oversee the development and implementation of global security policies, standards, guidelines, and procedures to ensure continuous adherence to security and compliance requirements. Ensure that these policies align with regulatory requirements and industry best practices.

• Develops proactive strategies for risk management, integrating emerging threats and technological advancements. Facilitates the development of security risk assessments, audits, and compliance monitoring policies.

• Facilitates employee education and security awareness programs with a focus governance, risk, and compliance. Provides training on GRC procedures and best practices to relevant staff and stakeholders.

• Collaborates with Incident Response Manager to ensure compliance with incident response policies and procedures. Administers the investigation of security breaches and ensures compliance with regulatory requirements during investigations.

• Hires and manages frontline Security Engineers specializing in GRC. Provides coaching and guidance on GRC techniques and best practices to team members. Oversees collaboration with external consultants for independent security audits and compliance assessments.

• Provides technical expertise to research, evaluate, recommend, and plan the implementation of new or enhanced GRC tools, devices, and software. Manages the monitoring of compliance with enterprise security policies and regulatory requirements.

• Develops and provides security metrics and key performance indicators (KPIs) specifically related to governance, risk, and compliance.

• Assists in managing the information security budget related to procurements and renewals of contracts for GRC tools and services.

• Performs other duties as assigned.

SUPERVISORY RESPONSIBILITIES

Responsible for supervision of the Governance, Risk and Compliance team.

EDUCATION and/or EXPERIENCE

Bachelor's degree in Information Systems, Computer Science, Mathematics, Engineering, or a related discipline. A minimum of nine years of directly related experience required. Three or more years of Network Security experience, which includes traditional attack methods, proxy gateways and secure multi-layer inspections required. Must have a strong familiarity with Information Security concepts, practices, and solutions, System Penetration Testing experience, and Payment Card Industry (PCI) experience. In-depth knowledge of Transit business operations, objectives and strategies is preferred. In lieu of a degree, directly related job experience may be substituted on a year for year basis.

CERTIFICATES, LICENSES, REGISTRATIONS, SPECIAL REQUIREMENTS

Must have one of the following: CISSP, CISM, CAPS or CASP required. Cisco CCNP/CCIE, ISC2 Inc., SANS GIAC, checkpoint Technologies Firewall-1 CCSE, Checkpoint Technologies Firewall –1 certification preferred.

PHYSICAL DEMANDS

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. The employee is regularly required to sit, stand, drive, lift, climb heights, use hands and fingers, handle, or feel, reach with hands and arms, talk, and hear.

Grade: 22A

Salary: $105,575-$158,000

MARTA is an Equal Opportunity Employer and does not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, religion, sexual orientation, gender identity and/or expression, status as a veteran, and basis of disability or any other federal, state or local protected class.