Information Security Lead

Boston, MA /
At the Customer Technology Department (CTD), our mission is to apply modern principles of research, design, and technology to make our transit system easy for all riders to use. Effective and equitable public transit is essential to the social, economic, and environmental progress of Greater Boston.
The MBTA Customer Technology team is working to transform how people get around the Boston area.
We are a team of designers, engineers, product and content specialists charged with bringing novel ideas, modern standards and a user-centered approach to technology at the T. As the MBTA works to reinvent itself, we have a rare opportunity to craft the future of transportation for Boston and communities all around Eastern Massachusetts, as well as pioneer innovations for other transit agencies around the country.
Do you want to improve the daily transportation experience for 4.7 million people in the Boston region? Ready for the challenge? Then read on.

Duties and Responsibilities:

    • Responsible for developing, defining and governing the information security program and security projects that address identified risks and identified security requirements 
    • Manage the process of gathering, analyzing and assessing the current and future threat landscape, as well as providing the CIO with a realistic overview of risks and threats in the enterprise environment 
    • Research, evaluate, design, test, recommend or plan the implementation of new or updated information security hardware or software, and analyze its impact on the existing environment; provide technical and managerial expertise for the administration of security tools 
    • Design, coordinate and oversee security testing procedures to verify the security of systems, networks and applications, and manage the remediation of identified risks 
    • Manage production issues and incidents, and participate in problem and change management forums 
    • Manage a staff of information security professionals, hire and train new staff, conduct performance reviews, and provide leadership and coaching for team members 
    • Manage outsourced service providers that provide managed security services for compliance with contracted service- level agreements 
    • Services as lead for information security regulatory compliance and satisfying the requirements of MBTA 
    • Provide support and guidance for legal and regulatory compliance efforts, including audit support. Experience with defining and deploying a data loss prevention program 
    • Define metrics and reporting strategies that effectively communicate successes and progress of the security program 
    • Responsible for analysis, definition and auditing technology and policy architecture 

Minimum Requirements include:

    • Bachelor's degree in computer science, management information systems, or related field;
    • Four (4) years experience working in a professional management information systems setting with relevant information security skills;
    • Experience working with information security practices, networks, software, and hardware; security log analysis and follow-up; script writing and high level programming skills;
This will start out as a 1yr contract with the likelihood to extend.

Diversity and inclusion are essential to us at CTD. We believe that we can only design and build tools for our riders if our team reflects the wide variety of people who use MBTA services all over eastern Massachusetts. We strive to be inclusive in our approach to both hiring and product development, and we strongly encourage applicants from historically underrepresented groups to apply for this position.