Senior Principal DT Governance & Policy Specialist - Remote Opportunity

Date: May 12, 2023

Location: N/A, US

Company: Amtrak

Your success is a train ride away!

As we move America’s workforce toward the future, Amtrak connects businesses and communities across the country. We employ more than 20,000 diverse, energetic professionals in a variety of career fields throughout the United States. The safety of our passengers, our employees, the public and our operating environment is our priority, and the success of our railroad is due to our employees.


Are you ready to join our team?

Our values of ‘Do the Right Thing, Excel Together and Put Customers First’ are at the heart of what matters most to us, and our Core Capabilities, ‘Building Trust, Accountability, Effective Communication, Customer Focus, and Proactive Safety & Security’ are what every employee needs to know and do to be most impactful at Amtrak. By living the Amtrak values, focusing on our capabilities, and actively embracing and fostering diverse ideas, backgrounds, and perspectives, together we will honor our past and make Amtrak a company of the future.



The Sr. Principal DT Governance and Policy Specialist is an experienced Governance/Policy management professional proficient in implementing NIST controls and standards, supporting and monitoring Amtrak’s information technology (IT) control environment, and collaborating with the Risk and Compliance teams to ensure that Cyber policies and associated controls are developed, implemented, and maintained in a timely manner. The incumbent works with internal audit, external audit firms, and regulatory agencies (e.g., Transportation Security Administration, Cybersecurity, and Infrastructure Security Agency, etc.) to provide supportive documentation as applicable. This position works closely with the Risk and Compliance teams to ensure adherence to regulatory requirements and compliance mandates as well internal policies, standards, and procedures. This role supports all privacy and security-related policies and associated governance processes with the Governance, Risk, and Compliance (GRC) function.


  • Leverages domain expertise of compliance control frameworks, including risk assessments, compliance testing, monitoring, and governance systems to ensure adherence to policy, procedural and/or regulatory requirements.
  • Demonstrate strong analytic capacity and experience in adding structure in a complex, ambiguous environment in order to identify risk trends and draft solutions.
  • Draft and implement compliance policies and procedures.
  • Draft and maintain policies, procedures, and processes to prevent and detect compliance issues.
  • Manage all non-security-related policies and procedures.
  • Own all IT policy catalogs/repositories and conduct periodic (at least annual) IT policy reviews.
  • Review, revise, and where appropriate, propose new policies and procedures to ensure compliance with applicable laws and regulations.
  • Work with Digital Technology personnel to develop new or updated IT-related policies.
  • Identify major risk factors which may prevent Amtrak from achieving its strategic, operational, financial reporting, and compliance objectives.
  • Work with the Director DT GRC to navigate technical and non-technical obstacles that may prevent Amtrak from achieving its strategic, Operational, financial reporting, and compliance objectives.
  • Provide support and oversight to Amtrak's various IT audit projects and compliance initiatives, including audits of internal controls, identifying internal IT controls, assessing their design and operational effectiveness, determining risk exposures, and developing remediation plans.
  • Participate in the development of DT audit budgets. Tracks and takes appropriate steps to stay within budget.
  • Work with the Director DT GRC and other appropriate leadership to formulate, develop and respond to TSA security directives and other regulatory and compliance mandates.
  • Meets regularly with team to gather work status; discuss work progress and obstacles; provide guidance, encouragement, and constructive feedback.
  • Identify the roles, skills, and knowledge required. Ensure staff has the resources and skills needed to support all work initiatives. Participates in IT workforce deployment activities.
  • Generates appropriate communication, process, and educational plans for mitigating the disruption of change. Identifies and removes obstacles to change.
  • Effectively perform all IT Controls as applicable.


  • Bachelor’s Degree in accounting, information systems, or computer science with 9+ years relevant experience or equivalent work experience.
  • 13+ years of relevant work experience to satisfy education and experience requirements.
  • 9 or more years of IT audit or consulting experience including Big 4 experience.
  • Certified Information System Manager (CISM): Certified Information Security Specialist.
  • Experience developing IT policies and standards.
  • Experiencing working with external regulatory agencies.
  • Familiarity with the risk-based audit approach.
  • Familiarity with industry frameworks (e.g., COSO, COBIT, NIST, etc.), best practices, and methodologies.
  • Must possess strong communication and interpersonal skills, work well with others in an integrated team environment, and must be self-motivated.
  • Strong written communication skills.



  • Master’s Degree.
  • Experience working in large complex companies, that heavily rely on real-time 24x7 operations to successfully service external customers.
  • Experience in the transportation industry.
  • Federal government agency experience.
  • At least 11+ years of broad IT audit experience including executing internal audit or risk management consulting engagements.
  • Work is performed in an office environment.
  • May require travel up to 10% of the time.
  • Occasional after-hours work is required.
  • Additional duties as assigned.


  • Must have excellent oral and written communication skills


The salary range is $137,080 - $177,660 for the Sr Principal DT Risk & Compliance Spclst. Pay is based on several factors including but not limited to education, work experience, certifications, internal equity, etc. Depending on an employee’s assigned worksite or location, Amtrak may consider a geo-pay differential to be applied to the employee’s base salary. Amtrak may offer additional incentive and pay programs to recognize and reward our employees, including a short-term incentive bonus based upon factors such as individual and company performance that is commensurate with the level of the position and/or long-term incentive plan compensation. In addition to your salary, Amtrak offers a comprehensive benefit package that includes health, dental, and vision plans; health savings accounts; wellness programs; flexible spending accounts; 401K retirement plan with employer match; life insurance; short and long term disability insurance; paid time off; back-up care; adoption assistance; surrogacy assistance; reimbursement of education expenses; Public Service Loan Forgiveness eligibility; Railroad Retirement sickness and retirement benefits; and rail pass privileges. Learn more about our benefits offerings here.​

Requisition ID:158533
Posting Location(s):N/A
Job Family/Function:Information Technology 
Relocation Offered:No 
Travel Requirements:Up to 25% 

Amtrak employees power our progress through their performance.

We want your work at Amtrak to be more than a job – we want it to be a fulfilling experience where you find challenging and rewarding opportunities, respect among colleagues, competitive pay, benefits that protect you and your family and a high performance culture that recognizes and values your contributions and helps you reach your career goals.

All positions require pre-employment background check verification, a pre-employment drug screen and proof of full vaccination against COVID -19. Amtrak is committed to a safe workplace free of drugs and alcohol and performs pre-employment substance abuse testing. Marijuana, notwithstanding any statute, ordinance, regulation, or other law that legalizes or decriminalizes the use or possession of marijuana, whether for medical, recreational, or other use.  Candidates who engage in the usage of marijuana will not be qualified for hire.   Successful applicants for employment with Amtrak must be fully vaccinated against COVID-19 by the date of hire as a condition of employment, subject to requests for accommodation.  Fully vaccinated means 14 days have elapsed since receiving the second dose of the Pfizer or Moderna vaccine or 14 days since receiving the Johnson & Johnson vaccine.

In accordance with DOT regulations (49 CFR § 40.25), Amtrak is required to obtain prior drug and alcohol testing records for applicants/employees intending to perform safety-sensitive duties for covered Department of Transportation positions. If an applicant/employee refuses to provide written consent for Amtrak to obtain these records, the individual will not be permitted to perform safety-sensitive functions.


In accordance with federal law governing security checks of covered individuals for public transportation ( Title 6 U.S.C. § 1143), Amtrak is required to screen applicants for any permanent or interim disqualifying criminal offenses.

Note that any education requirement listed above may be deemed satisfied if you have an equivalent combination of education, training and experience.

Amtrak is an EOE/Affirmative Action Minority/Female employer, and we welcome all to apply. We consider candidates regardless of race/color, religion, sex (including pregnancy, childbirth and related conditions), national origin/ethnicity, age, disability (intellectual, mental and physical), veteran status, marital status, ancestry, sexual orientation, gender identity and gender expression, genetic information, citizenship or any other personal characteristics protected by law.

POSTING NOTES: Information Technology || Information Technology