Cyber Security Manager

Cyber Security Manager

The Pennsylvania Turnpike Commission, opened on October 1, 1940, is known as “America’s First Superhighway”! Our mission is to operate a safe, reliable, customer-valued toll road system that supports national mobility and commerce. The PTC operates a 552-mile system used by 192 million vehicles a year. Together, we are building the highway of the future.

Job Purpose and Summary

This position is responsible for managing the efforts of highly skilled technical staff responsible for securing the enterprise information systems, networks, communications, and other technologies that support the operations of the Pennsylvania Turnpike Commission (PTC). Work is performed with considerable independence and reviewed for attainment of program goals and overall performance. Supervision is exercised over internal and external professional staff responsible for securing PTC systems and data.

Essential Functions & Responsibilities

Manages lower-level staff involved in the administration and support of the organization’s network and application security. Provides technical supervision and guidance. Manage internal/external staff functions including delegation of work assignments and review of work product, staff performance evaluation, goal settings, and mentoring.

Manages the design and implementation of complex network security enhancements, systems, architecture, and platforms. Reviews existing and proposed enterprise security architecture. Identifies security design gaps and makes recommendations for changes or enhancements.

Reviews technology projects lead by other groups to verify that they meet security standards and requirements. Identifies security design gaps and makes recommendations for changes or enhancements.

Coordinates with other IT units to perform regular vulnerability testing, risk analysis and IT security assessments periodically or as needed. Identifies and/or anticipates threats and/or weaknesses. Communicates current or emerging security threats to the Information Security Officer quickly and effectively. Manages security tabletop exercises as part of Continuity of Operations Planning (COOP).

Manages daily operational and infrastructure support of all security-related systems. Manages the design, deployment, and support of internet-facing systems and business partner communications solutions.

Manages daily operational and program support for all security threat analysis/prevention activities, the IT Security Third Party Risk Program, and IT Security code scanning requirements.

Conducts incident response analysis and provides post-event analysis. Monitors key performance indicators for incident and request resolution in ServiceNow. Assign tickets to staff as needed.

Manages cybersecurity awareness and training programs including, annual training requirements, regular phishing tests, cybersecurity monthly programs, and application of the discipline process outlined in the IT Security Awareness Training Standard.

Manages the design and implementation of IoT program controls and implementation including asset identification, development of security templates, and the performance of device audits.

Acts as a first responder for security-oriented problems. Mobilizes teams to initiate corrective action when a security event is reported or detected. Acts as incident commander if the Information Security Officer is not available.

Reviews and approves short/long-range strategic plans and the operational/capital budgets for the security and incident response environments.

Reviews and approves requests for proposals (RFPs) for security related services/systems. Evaluates proposals and makes recommendations. Oversees and monitors contract performance. Ensures specifications and statements of work (SOWs) are met to ensure the efficient and cost-effective delivery of services.

Maintains superior technical knowledge of the PTC’s security environment and tools including an in-depth understanding of future directions and technologies related to unit.

Coordinates with various departments and managers to ensure compliance with the PTC security and risk program is achieved and maintained.

Participates in meetings to provide guidance, subject matter expertise and recommendations. Researches and maintains a thorough understanding of the latest security standards, systems, products, practices and protocols.

Uses situational awareness to anticipate and prevent accidents.

Performs related duties as assigned.

Qualifications

Bachelor’s degree in computer science, information systems or electronic engineering. Equivalent combination of education and/or experience may be accepted.

Possession of CISM (Certified Information Security Manager), CISSP (Certified Information Systems Security Professional), CCNP (Cisco Certified Network Professional), CCND (Cisco Certified Network Designer) or CCSP (Cisco Certified Security Professional) credentials are preferred. Possession of a valid driver’s license. Must obtain and maintain a valid Pennsylvania driver’s license within six (6) months of employment.

Seven (7) years of experience in information security engineering/architecture and cyber security incident response. Equivalent combination of education and/or experience may be accepted. Four (4) of the years of experience must be in a supervisory capacity.

Competencies

• Decision Making and Independent Judgment
• Developing Others
• Leadership
• Problem Solving/Analysis
• Reliability
• Research Skills
• Strategic Thinking/Planning
• Technical Capacity

Physical Demands and Work Environment

Position requires frequent work at a computer utilizing business programs and PTC specific operating systems. Position requires some heavy lifting and physical labor. Position requires some travel and/or fieldwork with exposure to roadway traffic. Occasionally works outside of normal business hours for assigned work assignments.

Office environment with low levels of noise, adequate lighting, and comfortable temperature. Field environment may include exposure to moderately adverse and undesirable conditions. Physical environment is generally safe, but safety equipment or precautions must be followed in field conditions.

Disclaimer

The information provided in this job description has been designed to indicate the general nature and level of work performed by the incumbent(s) within this job. It is not designed to be interpreted as a comprehensive inventory of all duties, responsibilities, qualifications and working conditions required of the employee(s) assigned to this job. Management has the discretion to add or modify duties of the job and to designate other functions as essential at any time.

The Pennsylvania Turnpike Commission is an equal opportunity employer. We value diversity and are committed to creating an inclusive environment for all employees. If you need assistance or an accommodation due to a disability, you may contact the Human Resources Department by calling 717-831-7378.