Director of Cybersecurity Assessments - 90400986 - Washington D.C.
Washington, DC, US, 20002
Your success is a train ride away!
As we move America’s workforce toward the future, Amtrak connects businesses and communities across the country. We employ more than 20,000 diverse, energetic professionals in a variety of career fields throughout the United States. The safety of our passengers, our employees, the public and our operating environment is our priority, and the success of our railroad is due to our employees.
Are you ready to join our team?
Our values of ‘Do the Right Thing, Excel Together and Put Customers First’ are at the heart of what matters most to us, and our Core Capabilities, ‘Building Trust, Accountability, Effective Communication, Customer Focus, and Proactive Safety & Security’ are what every employee needs to know and do to be most impactful at Amtrak. By living the Amtrak values, focusing on our capabilities, and actively embracing and fostering diverse ideas, backgrounds, and perspectives, together we will honor our past and make Amtrak a company of the future.
Job Summary
The Director DT Cyber Defense Assessments oversees enterprise cybersecurity assessments for both Information Technology (IT) and Operational Technology (OT) networks and systems. This role is critical to safeguarding Amtrak’s operational and business systems, directly influencing national infrastructure resilience. The director will lead a unified strategy for identifying, prioritizing, and assessing critical business and safety systems across both IT and OT environments.
They ensure cybersecurity measures align with leading industry standards including NIST (National Institute of Standards and Technology), IEC 62443 (Industrial Automation and Control Systems Security), ISO/IEC 27001, and PCI DSS (Payment Card Industry Data Security Standard). This position bridges the gap between IT and OT security, ensuring comprehensive protection against cyber threats. The director will manage capital and operational budgets associated with assigned Service Offerings / Services and ensure optimum utilization of investment against company priorities. This position regularly interfaces with senior leadership and plays a key role in shaping Amtrak’s cybersecurity posture across critical infrastructure.
Essential Functions
- Enterprise Penetration Testing: Oversees enterprise penetration testing and cyber assessments against both IT and OT systems, using industry standard tools and in compliance with NIST SP 800-53, IEC 62443-2-1, and PCI DSS.
- Risk Assessment: Conducts risk assessments following NIST SP 800-30, tailored for both IT and OT contexts, to prioritize findings and vulnerabilities based on potential impact to operations and safety.
- Mitigation Strategies: Develops and implements remediation plans, ensuring OT-specific considerations like maintaining operational continuity while findings are addressed.
- Policy and Procedure Development: Crafts policies that address security in both IT and OT, in compliance with NIST 800-53 and IEC 62443-2-3.
- Leadership and Team Management: Directs a team that includes both IT and OT security specialists, promoting collaboration and knowledge sharing.
- Compliance and Reporting: Ensures adherence to regulatory standards, manages audits, and reports on key findings to executive leadership.
- Incident Response: Coordinates with IT and OT incident response teams to manage vulnerabilities that could lead to security incidents, leveraging frameworks like NIST SP 800-61.
- Cybersecurity SME Support: Assigns or serves as cybersecurity SME in support of Amtrak projects.
Minimum Qualifications
- Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or an equivalent combination of training, education, and relevant experience.
- 10 plus years of experience in cybersecurity, with at least 4 years specifically in penetration testing across IT and OT.
- In-depth knowledge of cybersecurity frameworks such as NIST, ISO/IEC 27001, IEC 62443, and PCI DSS.
- Experience with penetration testing tools tailored for both IT and OT environments.
- Proficiency in operating systems including Windows and Linux.
- Strong understanding of IT and OT networking and associated protocols.
- Familiarity with industrial control systems (ICS) and their security implications.
Preferred Qualifications
- Master’s degree in Cybersecurity, Information Assurance, or a related field.
- Certifications such as CISSP, GICSP, or CSSLP.
- Demonstrated experience in managing security for SCADA systems, PLCs, or other OT environments.
- Familiarity with scripting for automation (Python, PowerShell) in both IT and OT contexts.
- Proven leadership in cross-functional, multi-disciplinary teams.
Knowledge, Skills, and Abilities
- Communication: Excellent verbal and written communication skills to explain complex security concepts to diverse audiences, including non-technical personnel and executive management. Ability to draft comprehensive reports and deliver presentations.
- Interpersonal: Strong leadership capabilities, fostering an environment of trust and cooperation between IT and OT teams. Effective in conflict resolution and team motivation.
- Collaboration: Adept at collaborating with various internal teams (IT, OT, engineering) and external vendors or auditors.
- Problem-Solving: Strategic thinker capable of identifying systemic vulnerabilities and proposing effective solutions across IT and OT domains.
- Adaptability: Quick to adapt to evolving threats, technologies, and standards in both IT and OT security landscapes. Must stay informed about the latest in cybersecurity and industrial automation security.
The salary/hourly range is $179,300.00 – $232,416.00. Pay is based on several factors including but not limited to education, work experience, certifications, etc. Depending on an employee’s assigned worksite or location, Amtrak may consider a geo-pay differential to be applied to the employee’s base salary. Amtrak may offer additional incentive and pay programs to recognize and reward our employees, including a short-term incentive bonus based upon factors such as individual and company performance that is commensurate with the level of the position and/or long-term incentive plan compensation. In addition to your salary, Amtrak offers a comprehensive benefit package that includes health, dental, and vision plans; health savings accounts; wellness programs; flexible spending accounts; 401K retirement plan with employer match; life insurance; short and long term disability insurance; paid time off; back-up care; adoption assistance; surrogacy assistance; reimbursement of education expenses; Public Service Loan Forgiveness eligibility; Railroad Retirement sickness and retirement benefits; and rail pass privileges. Learn more about our benefits offerings here.
Requisition ID:165522
Work Arrangement:06-Onsite 4/5 Days Click here for more information about work arrangements at Amtrak.
Relocation Offered:No
Travel Requirements:Up to 25%
You power our progress through your performance.
We want your work at Amtrak to be more than a job. We want your career at Amtrak to be a fulfilling experience where you find challenging work, rewarding opportunities, respect among colleagues, and attractive compensation. Amtrak maintains a culture that values high performance and recognizes individual employee contributions.
Amtrak is committed to a safe workplace free of drugs and alcohol. All Amtrak positions requires a pre-employment background check that includes prior employment verification, a criminal history check and a pre-employment drug screen.
Candidates who test positive for marijuana will be disqualified, regardless of any state or local statute, ordinance, regulation, or other law that legalizes or decriminalizes the use or possession of marijuana, whether for medical, recreational, or other use. Amtrak's pre-employment drug testing program is administered in accordance with DOT regulations and applicable law.
In accordance with DOT regulations (49 CFR § 40.25), Amtrak is required to obtain prior drug and alcohol testing records for applicants/employees intending to perform safety-sensitive duties for covered Department of Transportation positions. If an applicant/employee refuses to provide written consent for Amtrak to obtain these records, the individual will not be permitted to perform safety-sensitive functions.
In accordance with federal law governing security checks of covered individuals for providers of public transportation (Title 6 U.S.C. §1143), Amtrak is required to screen applicants for any permanent or interim disqualifying criminal offenses.
Note that any education requirement listed above may be deemed satisfied if you have an equivalent combination of education, training and experience.
Amtrak is an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race/color, to include traits historically associated with race, including but not limited to, hair texture and hairstyles such as braids, locks and twists, religion, sex (including pregnancy, childbirth and related conditions, such as lactation), national origin/ethnicity, disability (intellectual, mental and physical), veteran status, marital status, ancestry, sexual orientation, gender identity and gender expression, genetic information, citizenship or any other personal characteristics protected by law.
