9 days old

Sr Dir IT Cyber Risk Management - 90284261 - Washington

Washington, DC 20004

Your success is a train ride away.

Amtrak connects businesses and communities across the country and we move Americas workforce toward the future. We employ more than 20,000 diverse, energetic professionals in a variety of career fields throughout the United States. The safety of our passengers, our employees, the public and our operating environment is our priority and the success of our railroad is the result of our employees.

Are you ready to join our team?

The Sr Director Cyber Risk Management is responsible for providing leadership, as well as operational and tactical direction to Information Security teams providing the security, protection and cyber risk management of all information entrusted to Amtrak by its customers, partners, and employees. Identifying, assessing, mitigating, and monitoring information and data risk in information and operational technology environments fall directly within the Sr Directors purview.  As a business enabler, the Sr Director ensures business decisions are not obstructed by cybersecurity but instead are made using sound security principles and supporting corporate security policies and plans.  

The Sr Director Cyber Risk Management is expected to be skilled at effective communication and possess business acumen to align and work closely with business leaders. In addition to direct reports, the Sr Director must be capable of working closely with C-level leadership, third parties, law enforcement, and occasionally the board of directors. Serves as the business liaison to the Office of Inspector General Investigations, Amtrak Police Department and other government and law enforcement agencies. Additionally, serves as the business subject matter expert on all cyber hygiene, technology vulnerability management, data loss prevention, information protection, cyber threat intelligence requirements. Responsible for planning, performing, and continuously executing risk assessments, vulnerability assessment, penetration testing, red and purple team exercises, advisory activities, and managing large, complex, and highly visible engagements, projects, and initiatives.

Sr Director Cyber Risk Management as an IT Service Owner is the single point of contact (SPOC) in front of the customer for all aspects of a service and is accountable for ensuring that a service is managed with a business focus. Position is responsible to the customer for the initiation, elaboration, construction, transition and ongoing maintenance and support of the service. The Service Owner is accountable to the IT Service Executive leadership for the performance of the dedicated service. The Service Owner is also responsible for producing and maintaining documentation and materials regarding the service. 


    Conducts thorough assessments of Amtraks technology and information risk requirements and identifies opportunities to visualize, create, and execute IT risk management programs.
    Designs and develops risk management roadmaps to align and scale with company growth. Develops long-term security strategy and planning, including initiatives geared to ensure the company achieves, maintains, and sustains cyber resiliency.
    Sets and leads the strategic development of security practices, assessments, risk registers, policies, and procedures for business and operational technology networks and conducts continuous reviews to ensure effectiveness across the enterprise.
    Implements a continuous vulnerability assessment and exposure analysis process and aligns technical teams to address a timeline for remediation and validation across applications and infrastructure.
    Sponsors vendor and technology solution selection, as well as third-party consulting services as needed.
    Requires and supports independent verification and validation testing of company networks and data protection through internal team resources and independent consulting engagements. 
    Understands industry trends and best practices: engage with the industry and broader ecosystem to understand industry trends, create business cases for best practices and implement changes.
    Identifies major risk factors for IT leadership and develop and coordinate the implementation of strategies to reduce/remediate process, operational, regulatory and compliance risks.
    Works with business leaders, Chief Information Officer, Chief Information Security Officer, and other appropriate leadership to formulate action plans, develop mitigation strategies, and review risk assessment results.
    Provides support and oversight to Amtraks various IT audit projects and testing initiatives, including audits of its internal controls.
    Analyzes current and proposed IT systems, programs, and initiatives to ensure adherence to applicable business, industry, and regulatory standards.
    Generates appropriate communications, process and educational plans for mitigating the disruption of change. Identify and remove obstacles to change.
    Serves as the overall owner of all IT and operational technology risk registers.
    Reviews, revise, and, where appropriate, propose new policies and procedures to provide confidentiality, integrity, and availability of all business and technical information and data.
    Meets regularly with team leads to gather work statuses. Discuss work progress and obstacles. Provide advice, guidance, encouragement and constructive feedback. Ensure work, information ideas, and technology flow freely among teams.
    Responsible for managing risk and security within the service in partnership with the CISO, IT Governance Risk & Compliance, Security Operations Center, and Security Architecture & Engineering teams.
    Manages service governance and applies metrics to services to measure against defined Key Performance Indicators (KPIs).
    Establishes measurable individual and team objectives that are aligned with business and organizational goals. Document and present performance assessments. Implement organizational practices for staffing, Equal Employment Opportunity (EEO), diversity, performance management, development, reward and recognition, and retention.
    Identifies the roles, skills and knowledge required. Ensure staff has the resources and skills needed to support all work initiatives. Participate in IT workforce deployment activities.


    Bachelor's degree in related technical/business field with 13+ years relevant experience or equivalent work experience including technical hands-on security assessment, security operations, vulnerability management, and risk management practitioner experience.
    13+ years of relevant technical and business managerial experience. 
    Knowledge of regulations and laws related to IT compliance standards.
    Proven ability to receive security team recommendations and act assertively to support objectives.
    Demonstrated experience in effective stress management in a constantly changing environment.
    Driven to build a strong, cohesive team and positive enterprise-wide security culture.
    May require in-depth knowledge of one or more processes/services. Experience should include assignments in multiple business and technical processes and financial management.
    Relevant professional certification (e.g., CISSP, CISA, CISM).
    Puts the Customer First, Does the Right Thing and Excels Together.


    Requires leadership experience in managing large teams and influencing executive level management and key stakeholders.
    Demonstrated expertise in governance, risk, and compliance management within an IT organization.
    Possess a proven track record for being detail-oriented with a demonstrated ability to motivate and follow-through on projects.
    Demonstrated expertise in developing and reviewing policy.
    Expertise in overseeing IT risk assessment, operational technology domain, and knowledge of relevant industry standards (e.g. COBIT, NIST, ITIL, CIS, ISO).
    Ability to deliver through others in a matrix environment while fostering collaboration.
    Must possess strong written and verbal communication and interpersonal skills, work well with others in an integrated team environment, and must be self-motivated.


    Master's degree in related technical/business areas or equivalent.
    15+ years of experience managing IT risk, including penetration testing projects 
    Experience working in large complex companies, that heavily rely on real time 24x7 IT operations to successfully service external customers.
    Experience in the transportation industry



Requisition ID:50023
Posting Location(s):District of Columbia
Job Family/Function:Information Technology
Relocation Offered:No
Travel Requirements:None

Amtrak employees power our progress through their performance.

We want your work at Amtrak to be more than a job we want it to be a fulfilling experience where you find challenging and rewarding opportunities, respect among colleagues, competitive pay, benefits that protect you and your family, and a high performance culture that recognizes and values your contributions and helps you reach your career goals.

We proudly support and encourage U.S. Veterans to apply for Amtrak job opportunities.

All positions require pre-employment background verification, medical review and pre-employment drug screen. Amtrak is committed to a safe and drug-free workplace and performs pre-employment substance abuse testing. All new hires are required to undergo a hair drug test which detects the presence of illegal drugs for months prior to testing.Marijuana,notwithstanding any statute, ordinance, regulation, or other law that legalizes or decriminalizes the use or possession ofmarijuana, whether for medical, recreational, or other use. Candidates who engage in the usage ofmarijuanawillnotbe qualified for hire.We appreciate your cooperation in keeping Amtrak safe and drug-free.

In accordance with DOT regulations (49 CFR section 40.25), Amtrak is required to obtain prior drug and alcohol testing records for applicants/employees intending to perform safety- sensitive duties for covered Department of Transportation positions. If an applicant/employee refuses to provide written consent for Amtrak to obtain these records, he/she will not permitted to perform safety-sensitive functions.

Note that any education requirement listed above may be deemed satisfied if you have an equivalent combination of education, training and experience.

Amtrak is an Affirmative Action/Equal Opportunity Employer and we welcome all to apply. We consider candidates regardless of race, color, religion, sex, sexual orientation, gender identity, national origin, disability (including blindness), or veteran status.

POSTING NOTES: Information Technology|| Information Technology



  • Transportation
Posted: 2021-04-05 Expires: 2021-05-05

Amtrak, the national rail operator, connects America in safer, greener and healthier ways. With 21,000 route miles in 46 states, the District of Columbia and three Canadian provinces, Amtrak operates more than 300 trains each day — at speeds up to 150 mph — to more than 500 destinations. Amtrak is the operator of choice for state-supported corridor services in 17 states and for four commuter rail agencies.

Sponsored by:
ADP Logo

Before you go...

Our free job seeker tools include alerts for new jobs, saving your favorites, optimized job matching, and more! Just enter your email below.

Share this job:

Sr Dir IT Cyber Risk Management - 90284261 - Washington

Washington, DC 20004

Join us to start saving your Favorite Jobs!

Sign In Create Account
Powered ByCareerCast