Principal DT Gov Risk & Compliance - 90196170 - Washington

Date: Dec 2, 2022

Location: Washington, District of Columbia, US, 20002

Company: Amtrak

Your success is a train ride away.

Amtrak connects businesses and communities across the country and we move America’s workforce toward the future. We employ more than 20,000 diverse, energetic professionals in a variety of career fields throughout the United States. The safety of our passengers, our employees, the public and our operating environment is our priority and the success of our railroad is the result of our employees.

Are you ready to join our team?


The Principal IT Governance, Risk and Compliance is an experienced information security professional proficient in information security / cyber security compliance and IT risk management activities. The position evaluates controls supporting the Company’s information security program with a goal of ensuring compliance.  This role serves as a subject matter expert and will support the Compliance program. H/She will work with the Senior Principal IT Governance, Risk and Compliance and other appropriate leadership to manage a compliance program



  • Supports efforts to maintain a sustainable compliance program. Conducts ongoing monitoring activities to evaluate controls necessary to meet compliance requirements for NIST and PCI frameworks.  

  • Develops POA&Ms, information supplements, briefs, diagrams and other documents as required to convey control analysis and risk to the organization.    

  • Generates appropriate communication, process and educational plans for mitigating the disruption of change. Identifies andremoves obstacles to change


  • Bachelor’s Degree in cyber security, information systems, computer science or similar

  • Strong knowledge of multiple security concepts and methods such as vulnerability assessments, data classification, incident response, security policy creation, enterprise security strategies, architectures and governance.

  • 7+ years of Information Security / Information Assurance experience, with direct experience in  cyber security compliance and audit.

  • Exposure to Standards, Policies and Legislation, e.g., ISO27001, NIST CSF, PCI DSS, GDPR, CCPA, etc. in the development of security strategies.

  • Ability to create information security documentation and convey complex information security topics in a simple effective manner.

  • At least one of the following certification’s: CISSP, CISM, CISA, CCSP, GSNA, Certified ISO 27001,

  • Proficiency with Visio, Excel, PowerPoint and SharePoint

  • Willingness to travel to meet operational needs (not greater than 10%)



  • Extensive knowledge of PCI and NIST requirements and Information Security experience (e. g. Firewall, Network Admin, Architecture, Engineering, Pen Testing, etc.) 

  • Knowledge of:Cloud (Security (AWS, Azure, GCP),Windows and Linux operating systems,Cisco and Palo Alto router and firewalls configurations 

  • Experience designing and/or implementing risk management and security solutions 

  • 11+ years of relevant work experience to satisfy education andexperience requirements 

Must have excellent oral and written communication skills

Proactive, with ability to work independently and as part of a team, making informed decisions within short timelines

Ability to build relationships with and influence other functional areas

Requisition ID:70162
Posting Location(s):District of Columbia
Job Family/Function:Information Technology 
Relocation Offered:No 
Travel Requirements:None 

Amtrak employees power our progress through their performance.

We want your work at Amtrak to be more than a job – we want it to be a fulfilling experience where you find challenging and rewarding opportunities, respect among colleagues, competitive pay, benefits that protect you and your family and a high performance culture that recognizes and values your contributions and helps you reach your career goals.

All positions require pre-employment background check verification, a pre-employment drug screen and proof of full vaccination against COVID -19. Amtrak is committed to a safe workplace free of drugs and alcohol and performs pre-employment substance abuse testing. Marijuana, notwithstanding any statute, ordinance, regulation, or other law that legalizes or decriminalizes the use or possession of marijuana, whether for medical, recreational, or other use.  Candidates who engage in the usage of marijuana will not be qualified for hire.   Successful applicants for employment with Amtrak must be fully vaccinated against COVID-19 by the date of hire as a condition of employment, subject to requests for accommodation.  Fully vaccinated means 14 days have elapsed since receiving the second dose of the Pfizer or Moderna vaccine or 14 days since receiving the Johnson & Johnson vaccine.

In accordance with DOT regulations (49 CFR § 40.25), Amtrak is required to obtain prior drug and alcohol testing records for applicants/employees intending to perform safety-sensitive duties for covered Department of Transportation positions. If an applicant/employee refuses to provide written consent for Amtrak to obtain these records, the individual will not be permitted to perform safety-sensitive functions.

Note that any education requirement listed above may be deemed satisfied if you have an equivalent combination of education, training and experience.

Amtrak is an EOE/Affirmative Action Minority/Female employer, and we welcome all to apply. We consider candidates regardless of race/color, religion, sex (including pregnancy, childbirth and related conditions), national origin/ethnicity, age, disability (intellectual, mental and physical), veteran status, marital status, ancestry, sexual orientation, gender identity and gender expression, genetic information, citizenship or any other personal characteristics protected by law.

POSTING NOTES: Information Technology || Information Technology