Sr Dir IT - 90237859 - Washington

Date: Jul 28, 2022

Location: Washington, District of Columbia, US, 20002

Company: Amtrak

Your success is a train ride away!

As we move America’s workforce toward the future, Amtrak connects businesses and communities across the country. We employ more than 20,000 diverse, energetic professionals in a variety of career fields throughout the United States. The safety of our passengers, our employees, the public and our operating environment is our priority, and the success of our railroad is due to our employees.


Are you ready to join our team?

Our values of ‘Do the Right Thing, Excel Together and Put Customers First’ are at the heart of what matters most to us, and our Core Capabilities, ‘Building Trust, Accountability, Effective Communication, Customer Focus, and Proactive Safety & Security’ are what every employee needs to know and do to be most impactful at Amtrak. By living the Amtrak values, focusing on our capabilities, and actively embracing and fostering diverse ideas, backgrounds, and perspectives, together we will honor our past and make Amtrak a company of the future.


The Sr. Director is accountable for the security and protection of all information entrusted to Amtrak IT by its customers, partners, and employees. Ultimately, The Sr. Director is responsible for creating an operational systems and organizational culture where information security is ingrained into the fabric of Amtrak standard business and technology operations.

As Sr. Director IT – Information Security own or oversee multiple IT services end to end which serve the needs of internal or external customers within Amtrak. Services may span across multiple functional areas. This role owns all organizational change to the business resulting from information security standards or policies and runs the business budget associated with the information security services. Additionally, the Senior Director ensures optimum utilization of investment against the company priorities.

Sr. Director IT – Information Security as an IT Service Owner is the single point of contact (SPOC) in front of the customer for all aspects of a service and is accountable for ensuring that a service is managed with a business focus. Sr. Director IT – Information Security is responsible to the customer for the initiation, elaboration, construction, transition and ongoing maintenance and support of the information security service. The Service Owner is accountable to IT executive leadership for the performance of the information security dedicated service (including financial performance). The Service Owner is also responsible for producing and maintaining documentation and materials regarding the information security service.




  • Conducts a thorough assessment of Amtrak’s information security needs, priorities and opportunities to visualize, create, and execute on an information security program
  • Designs and develops an information security roadmap to align and scale with company growth. Develops long-term Information Security strategy and planning, including initiatives geared toward information security excellence
  • Leads the Information Security Management team on a day-to-day, 24x7 basis including information security strategy, information security policy development, security policy governance / compliance, enterprise risk assessment, and industrial controls systems (ICS) security program governance.
  • Sets and leads the strategic development of security controls, policies, and procedures for both business networks and ICS networks. 
  • Continually reviews existing policies and processes to ensure effectiveness across the enterprise.
  • Provides strategic leadership in all information security compliance initiatives -- payment card industry (PCI), COBIT, NIST Cyber framework, etc.
  • Lead and increase the effectiveness and efficiency of the Information Security program, through improvements to each function as well as coordination and communication between support and business functions.
  • Responsible for creating an integrated information security technology roadmap to support all IT Services.
  • Partners with business leaders to develop service strategies, roadmaps and rationalize portfolio.
  • Develops and owns service definition and service design partnering with business owners and architecture. Ensures adoption of services within the IT service catalog.
  • Participates in the governance board that defines the IT mission, oversees operations, and determines IT investments, and pricing and product strategies.
  • Responsible for developing the Service Strategy and a strategic view to the sourcing options. Comes up with the right criteria to pick the right service offerings suiting the business and customer needs.
  • Responsible for planning service budget across both CapEx and OpEx vectors. Track budget and takes appropriate steps to stay within budget.
  • Oversees all service offerings within a service and corresponding service delivery teams.
  • Responsible for delivering services to business/clients.
  • Responsible for managing risk and security within the service in partnership with the CISO and the Risk and Compliance teams
  • Manages service governance and applies metrics to services to measure against defined KPI's and SLA's. Responsible for delivering the information security service within the agreed service levels with the customer and with dependent IT teams negotiating Operational Level Agreements (OLAs).
  • Partners to ensure IT Service Management processes, operational level agreements, and underpinning contracts are appropriate for the agreed service level targets.
  • Provides advice and counsel to the vendor relationship decision making and contract development processes.
  • Provides leadership in continuous service improvement.
  • Ensures service provider performance is reviewed and that contract managers are notified when necessary.
  • Meets regularly with team to gather work statuses. Discuss work progress and obstacles.
  • Provides advice, guidance, encouragement and constructive feedback. Ensures work, information ideas, and technology flow freely among the section.
  • Establishes measurable individual and team objectives that are aligned with business and organizational goals. Documents and presents performance assessments.
  • Recognizes and rewards associates commensurate with performance. Implements organizational practices for staffing, Equal Employment Opportunity (EEO), diversity, performance management, development, reward and recognition, and retention.
  • Ensures staff has the resources and skills needed to support all work initiatives.
  • Forecasts new skill requirements based on emerging technologies.
  • Participates in IT workforce deployment activities.
  • Generates appropriate communication, process and education plans for mitigating the disruption of change. Develops timelines and action steps for anticipating and framing the type of change.
  • Effectively perform all IT Controls as applicable




  • Bachelor’s Degree in Computer Science, Information Systems or related field plus 13+ year’s relevant experience.
  • Minimum of 17+ years of relevant work experience in business systems, development and/or support functions is required to satisfy education/experience requirements.
  • Client expectation management, Program management, Financial management and Technology product delivery experience is required.
  • 15+ years of relevant technical and business managerial experience.
  • May require in-depth knowledge of one or more processes/services. Business experience should include assignments in multiple business and technical processes and financial management.
  • Technical and/or ITIL, or equivalent Certifications 
  • Must have expert knowledge as described in amendment.
  • Requires leadership experience in managing cross-functional teams and influencing executive level management and key stakeholders.
  • Requires demonstrated ability to launch and deliver multiple, concurrent IT initiatives on time and within budget.
  • Must possess strong communication and interpersonal skills, work well with others in an integrated team environment, and must be self-motivated.




  • Master’s Degree in Computer Science, Engineering, Business Management or similar relevant field
  • 15+ years relevant technical experience
  • CISM/CISSP and/or ITIL certifications.
  • Experience working in large complex companies that heavily rely on real time 24x7 IT operations to successfully service external customers.



  • Must have excellent oral and written communication skills.

Requisition ID:116144
Posting Location(s):District of Columbia
Job Family/Function:Information Technology 
Relocation Offered:No 
Travel Requirements:Up to 25% 

Amtrak employees power our progress through their performance.

We want your work at Amtrak to be more than a job – we want it to be a fulfilling experience where you find challenging and rewarding opportunities, respect among colleagues, competitive pay, benefits that protect you and your family and a high performance culture that recognizes and values your contributions and helps you reach your career goals.

All positions require pre-employment background check verification, a pre-employment drug screen and proof of full vaccination against COVID -19. Amtrak is committed to a safe workplace free of drugs and alcohol and performs pre-employment substance abuse testing. Marijuana, notwithstanding any statute, ordinance, regulation, or other law that legalizes or decriminalizes the use or possession of marijuana, whether for medical, recreational, or other use.  Candidates who engage in the usage of marijuana will not be qualified for hire.   Successful applicants for employment with Amtrak must be fully vaccinated against COVID-19 by the date of hire as a condition of employment, subject to requests for accommodation.  Fully vaccinated means 14 days have elapsed since receiving the second dose of the Pfizer or Moderna vaccine or 14 days since receiving the Johnson & Johnson vaccine.

In accordance with DOT regulations (49 CFR § 40.25), Amtrak is required to obtain prior drug and alcohol testing records for applicants/employees intending to perform safety-sensitive duties for covered Department of Transportation positions. If an applicant/employee refuses to provide written consent for Amtrak to obtain these records, the individual will not be permitted to perform safety-sensitive functions.

Note that any education requirement listed above may be deemed satisfied if you have an equivalent combination of education, training and experience.

Amtrak is an EOE/Affirmative Action Minority/Female employer, and we welcome all to apply. We consider candidates regardless of race/color, religion, sex (including pregnancy, childbirth and related conditions), national origin/ethnicity, age, disability (intellectual, mental and physical), veteran status, marital status, ancestry, sexual orientation, gender identity and gender expression, genetic information, citizenship or any other personal characteristics protected by law.

POSTING NOTES: Information Technology || Information Technology