Cyber Security Manager – Job Opening – Pennsylvania Turnpike Commission Middletown, PA
Note: We are reader supported and may earn a small commission when you click on links in posts
Job Purpose and Summary
This position is responsible for managing the efforts of highly skilled technical staff responsible for securing the enterprise information systems, networks, communications, and other technologies that support the operations of the Pennsylvania Turnpike Commission (PTC). Work is performed with considerable independence and reviewed for attainment of program goals and overall performance. Supervision is exercised over internal and external professional staff responsible for securing PTC systems and data.
Essential Functions & Responsibilities
Manages lower-level staff involved in the administration and support of the organization’s network and application security. Provides technical supervision and guidance. Manage internal/external staff functions including delegation of work assignments and review of work product, staff performance evaluation, goal settings, and mentoring.
Manages the design and implementation of complex network security enhancements, systems, architecture, and platforms. Reviews existing and proposed enterprise security architecture. Identifies security design gaps and makes recommendations for changes or enhancements.
Reviews technology projects lead by other groups to verify that they meet security standards and requirements. Identifies security design gaps and makes recommendations for changes or enhancements.
Coordinates with other IT units to perform regular vulnerability testing, risk analysis and IT security assessments periodically or as needed. Identifies and/or anticipates threats and/or weaknesses. Communicates current or emerging security threats to the Information Security Officer quickly and effectively. Manages security tabletop exercises as part of Continuity of Operations Planning (COOP).
Manages daily operational and infrastructure support of all security-related systems. Manages the design, deployment, and support of internet-facing systems and business partner communications solutions.
Manages daily operational and program support for all security threat analysis/prevention activities, the IT Security Third Party Risk Program, and IT Security code scanning requirements.
Conducts incident response analysis and provides post-event analysis. Monitors key performance indicators for incident and request resolution in ServiceNow. Assign tickets to staff as needed.
Manages cybersecurity awareness and training programs including, annual training requirements, regular phishing tests, cybersecurity monthly programs, and application of the discipline process outlined in the IT Security Awareness Training Standard.
Manages the design and implementation of IoT program controls and implementation including asset identification, development of security templates, and the performance of device audits.
Acts as a first responder for security-oriented problems. Mobilizes teams to initiate corrective action when a security event is reported or detected. Acts as incident commander if the Information Security Officer is not available.
Reviews and approves short/long-range strategic plans and the operational/capital budgets for the security and incident response environments.
Reviews and approves requests for proposals (RFPs) for security related services/systems. Evaluates proposals and makes recommendations. Oversees and monitors contract performance. Ensures specifications and statements of work (SOWs) are met to ensure the efficient and cost-effective delivery of services.
Maintains superior technical knowledge of the PTC’s security environment and tools including an in-depth understanding of future directions and technologies related to unit.
Coordinates with various departments and managers to ensure compliance with the PTC security and risk program is achieved and maintained.
Participates in meetings to provide guidance, subject matter expertise and recommendations. Researches and maintains a thorough understanding of the latest security standards, systems, products, practices and protocols.
Uses situational awareness to anticipate and prevent accidents.
Performs related duties as assigned.
Need Security Training? Certifications at Your Own Pace
- IBM Cybersecurity Analyst Professional CertificateIntroduction to Cybersecurity Tools & Cyber Attacks by IBM
- Generative Adversarial Networks (GANs) Specialization from DeepLearning.AI
- Agile Leadership Specialization from the University of Colorado
- International Cyber Conflicts from the State University of New York (SUNY)
- IT Fundamentals for Cybersecurity Specialization by IBM
- Google Cloud Security Professional Certificate from Google Cloud
- Google Cloud Networking Professional Certificate from Google Cloud
- Introduction to Blockchain Specialization from Association of International Certified Professional Accountants
Bachelor’s degree in computer science, information systems or electronic engineering. Equivalent combination of education and/or experience may be accepted.
Possession of CISM (Certified Information Security Manager), CISSP (Certified Information Systems Security Professional), CCNP (Cisco Certified Network Professional), CCND (Cisco Certified Network Designer) or CCSP (Cisco Certified Security Professional) credentials are preferred. Possession of a valid driver’s license. Must obtain and maintain a valid Pennsylvania driver’s license within six (6) months of employment.
Seven (7) years of experience in information security engineering/architecture and cyber security incident response. Equivalent combination of education and/or experience may be accepted. Four (4) of the years of experience must be in a supervisory capacity.
Competencies Decision Making and Independent Judgment Developing Others Leadership Problem Solving/Analysis Reliability Research Skills Strategic Thinking/Planning Technical Capacity Physical Demands and Work Environment
Position requires frequent work at a computer utilizing business programs and PTC specific operating systems. Position requires some heavy lifting and physical labor. Position requires some travel and/or fieldwork with exposure to roadway traffic. Occasionally works outside of normal business hours for assigned work assignments.
Office environment with low levels of noise, adequate lighting, and comfortable temperature. Field environment may include exposure to moderately adverse and undesirable conditions. Physical environment is generally safe, but safety equipment or precautions must be followed in field conditions.