Under general direction, assists with the operation of the Compliance and Audit Support functions of the Agency’s Information Security Management System (ISMS). Support service owners, system owners, and other relevant stakeholders in ensuring and maintaining compliance of all systems and data under their responsibility, with applicable regulatory or contractual regulation with an information security component, as well as applicable information security internal standards.
Responsible for assisting with the audit, analysis, and identification of applicable regulatory/contractual requirements, as well as the ongoing support to stakeholders to maintain compliance, including evaluating evidence artifacts for sufficiency and adequacy to meet applicable requirements. Responsible for operating the Compliance service offered by the Information Security Division, including all administrative duties as prescribed by ITIL and standard management best practices.
ESSENTIAL FUNCTIONS: The following duties are a representative summary of the primary duties and responsibilities. Incumbent(s) may not be required to perform all duties listed and may be required to perform additional, position-specific duties.
• Act as the subject matter expert for the Compliance and Audit Support functions. • Maintain the inventory of known compliance obligations, affected systems, and their respective owners. • Maintain compliance evidence files to meet the information security related requirements for all laws, regulations, contractual provisions, and industry standards (PCI DSS, ISO, NIST). • Conduct security assessment, evaluate controls, and provide feedback to management and system owners on the design and effectiveness of control processes. • Participate in the lifecycle of audit (planning, pre-audit work, field work, closing) for audits impacting IT and information security. • Act as liaison between audit teams and agency stakeholders subject to audits with an IT and information security component. • Participate in the overall implementation of the agency’s information security program, under the direction of the Chief Information Security Officer (or delegate), where appropriate. • Participate in the creation of information security governance documents (policies, standards, baselines, guidelines, and procedures) under the direction of the Chief Information Security Officer (or delegate), where appropriate. • Facilitate the implementation and management of an information security compliance program. • Participate in ensuring compliance with laws, regulations, and industry standards (PCI, ISO, NIST). • Facilitate compliance auditing of both IT and information security controls. • Maintain up-to-date detailed knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes, compliance strategies, and the development of new attacks and threat vectors. • Participate in ongoing information security education, awareness, and outreach activities as required for compliance activities. • Inform and train staff members on their responsibilities concerning information security procedures and compliance activities. • Assist with ensuring that agency technology assets, systems, services, and facilities are compliant with information security procedures. • It is the responsibility of all employees to follow the Agency safety rules, regulations, and procedures pertaining to their assigned duties and responsibilities, which could include systems, operations, and/or other employees. • It is the responsibility of all employees to integrate sustainability into everyday business practices. • Other duties as assigned.
Education and Experience: Bachelor’s Degree in computer science, information technology, business administration, engineering, or closely-related field and five years of information technology experience with a focus on IT Security, Risk Management, Data Protection or Compliance, OR an equivalent combination of education and experience.
Required Licenses or Certifications: • Valid Driver’s License. • One or more of the following certifications is preferred: - Certified Information Systems Auditor (CISA) - Certified Information Systems Security Professional (CISSP) - Certified Information Security Manager (CISM) - ITIL - COBIT 5 - Project Management
Required Knowledge of: • Strong command of ITIL core processes and principles. • Strong command and experience with information security auditing and compliance principles. • General knowledge of the NIST 800 series standards, PCI DSS standard, and the ISO 27001/2 frameworks. • Demonstrated work experience in one or more of the following areas: Information Security, IT Governance, Compliance Management, IT Auditing, Internal Auditing, Security Analysis, Security Project Management, Security Architecture, and implementing best practices, tools, and technology. • Demonstrated work experience conducting security control analysis, IT control analysis, and compliance reporting. • Strong understanding of information technology and security controls. • Strong understanding of and experience with security-related technologies, systems, and tools. • Working technical knowledge of general IT system architectures, software, hardware, protocols, and standards.
Required Skills: • Proven competency in the use of MS Office applications (Microsoft Project, Word, Excel, PowerPoint, and SharePoint). • Strong team leadership and communicational (verbal/written) skills. • Ability to work in highly collaborative environments. • Strong workload prioritization and self-organization skills. • Solid project management skills. • Experience with ServiceNow is preferred.
Physical Demands / Work Environment: • Work is performed in a standard office environment. • Subject to standing, walking, bending, reaching, stooping, and lifting of objects up to 25 pounds. • The Agency promotes a safe and healthy work environment and provides appropriate safety and equipment training for all personnel as required.
Sound Transit is an equal employment opportunity employer. No person is unlawfully excluded from employment action based on race, color, religion, national origin, sex (including gender identity, sexual orientation and pregnancy), age, genetic information, disability, veteran status or other protected class.
About Sound Transit
Sound Transit plans, builds and operates regional transit service throughout the urban region of Seattle. Sound Transit is currently experiencing major growth and is in the process of planning and building the most ambitious transit expansion in the country. Named by Kiplinger’s as one of the “10 Best Cities to live in the Next Decade”, Seattle is a vibrant city surrounded by unmatched natural beauty, economic opportunity, cultural events and educational excellence. It is home to a diverse and growing population with hundreds of thousands of commuters riding Sound Transit services daily.We contribute toward this growth by providing the community with quality service that will generate a better quality of life for commuters and Seattle as a whole. This is an exceptional opportunity with a progressive organization that offers growth potential both professionally and personally. We offer an attractive compensation package to include competitive benefits and a chance to have a positive impact on the environment as well as becoming a key contributor toward Seattle’s quality of life. Join Sound Transit and be a part of its culture which is built around inclusion and respect where everyone is treated fairly and every voice is heard.