Digital Security and Risk Manager - Charlotte, United States - TTX

Description

Come join us

TTX is now in Charlotte Following a robust assessment, TTX determined Charlotte to be an ideal location to sustain our business success and provide continued value to the North American rail industry. Beyond that, locals know that Charlotte is a fast-growing hub for a diversified set of industries. Its also a very nice place to live with nearby mountains, beaches, and an outdoor-friendly, year-round climate. Weve chosen office space at The Line, a new office complex in the heart of Charlottes up and coming South End, which is the place to be with over 200 shops and restaurants, 2,500 multi-family residences, and lots of entertainment and art to enjoy. Over 11,000 residents now call South End home. Many of the 17,000 employees who work in the South End commute via the convenient Rail Trail. Were excited about the opportunities for our business and our employees. Why dont you come join us?

About TTX

TTX is a unique and creative provider of service to the rail industry. Our signature yellow cars move the goods and raw materials that consumers and businesses rely upon every day. TTX has a friendly and helpful culture with smart, curious people who enjoy working together. At TTX you can expect: Professional development with continuing learning opportunities. Financial rewards for excellent performance through competitive pay and bonuses. TTXs Total Rewards package includes fully paid Health, Dental and Vision benefits.

The Manager Digital Security and Risk is responsible for identifying, evaluating, and reporting on information security risks, and for establishing and maintaining a corporate-wide information security and risk management program to ensure that data and system assets are adequately protected. This position is also responsible for understanding the current and future needs across lines of business to recommend and champion improvements and enhancements to existing and future implementations. The Manager Digital Security and Risk must drive a culture of excellence by leading and mentoring a team of security analysts and engineers on both technical and soft skills, focusing on straightforward, automated, and modern solutions and processes that address risks as well as potential problems before they result in service interruption. This position works with business units to implement practices that meet defined policies and standards for information security and oversees a variety of IT-related risk management activities and is responsible for management of and coordination with third-party service providers that are integral to the information security program. This is a hands-on technical management role.

Service Delivery

• Develop, implement, and monitor a strategic, comprehensive enterprise information security and IT risk management program to ensure the confidentiality, integrity, and availability of information and systems owned, controlled, or processed by TTX.
• Develop, maintain, and publish up-to-date security policies, standards and guidelines, and oversee training and dissemination of security policies and procedures. Recommend and coordinate the implementation of technical controls to support and enforce defined security policies.
• Work directly with business units and other IT teams to facilitate IT risk assessment and risk management processes, and work with stakeholders throughout the enterprise on identifying acceptable levels of risk.
• Facilitate a metrics and reporting framework to measure the efficiency and effectiveness of the program and increase the maturity of security.
• Understand and interact with related disciplines to ensure the consistent application of policies and standards across all technology projects, systems, and services, including, but not limited to, privacy, risk management, compliance, and business continuity management.
• Responsible for all information security related support issues on a day-to-day basis, and long-term planning for maintaining technologically current, reliable, secure, and cost-effective solutions.
• Oversee and provide leadership direction during operational security incidents, ensuring necessary resourcing and availability of subject matter expertise as well as proactive, business communications.
• Collaborate with other IT department teams on designing and building secure infrastructure, applications, and systems that are compliant with applicable government regulations and industry security requirements.
• Oversee software security reviews and third-party risk assessment efforts.

Management

• Establish and enable a proactive, outcomes-oriented culture of accountability and partnership within the teams, where not my job is not an answer.
• Drive successful business outcomes beyond the immediate incident or need.
• Understand the strategic direction of the enterprise and the supporting IT systems and architectures.
• Develop and implement strategic direction as well as short- and long-term enterprise IT goals and objectives.
• Provide leadership and hands-on technical direction to deliver problem, solution, tactical, and incident response capabilities.
• Maintain knowledge of emerging technological trends and utilize this knowledge to educate IT and other lines of business on opportunities to deliver more secure IT solutions that support and drive business needs.
• Assist in the definition of the architecture and technology needs of the organization based on new and emerging technologies.
• Responsible for reporting effectiveness of the information security program and making recommendations for the development and adoption of new best practices and methodologies.
• Recommend and incorporate technology with long-term business plans.
• Assist the with monthly budget management as well as annual budget planning.
• Provide employee leadership, guidance, performance feedback and reviews, and individual/career development.
• Establish appropriate team standards, policies, and procedures.
• Ensure the efficient use of company resources while yielding rapid access and reliability with maximum safeguards on information security and integrity.
• Provide tactical and strategic vendor and service assessments; manage vendors and external service providers; accountabilities include the development of options and recommendations for service selection, contract negotiations, and service level management.
• Evaluate, plan, organize, and coordinate project and maintenance efforts of the team in support of department objectives.
• Maintain and improve incident response policies and procedures, including 24x7 monitoring and production support for TTX.

Qualifications

• Bachelor's degree in information science, Information Management, similar STEM degree, or equivalent practical experience
• Minimum 8 years work experience combining information security, risk management, infrastructure, and other IT positions.
• Minimum 5 years managing technical teams, supporting bi-modal IT environments.
• Certified Information Security Manager (CISM) certification highly preferred
• Must keep current with technology and an understanding as how to best deploy it
• Ability to communicate security and risk-related concepts to both technical and non-technical audiences, at all levels of the organization.
• Must be able to explain complex technical and analytical concepts using laymen's terms while articulating their value.
• Deep knowledge of information security technologies, including perimeter, host-based, and web application firewalls, as well as endpoint detection and response systems
• Experience with networking technologies covering routers, switches, local area networks, wide area networks, and storage area networks.
• Experience with identity management concepts and technologies, including Microsoft AD, Entra, and Cisco Duo
• Experience with Microsoft and VMware server technologies, server operating systems (Windows, Linux), perimeter firewalls, web servers, and e-mail systems.
• Experience with private and public cloud technologies, especially Microsoft Azure and Microsoft 365
• Understanding of network microsegmentation concepts and relation to Zero Trust Architecture model
• Independent, motivated, and creative thinker
• Strong, clear and concise communication skills, both orally and in writing
• Strong management skills with ability to collaborate, build consensus, and influence decisions.
• Strong planning, organizing, and problem analysis skills, with a high attention to detail.
• Ability to use the principles and practices of project management.
• Required to carry a cell phone and respond to off hour emergencies within 30 minutes of being contacted.
• Other duties and projects as assigned by the senior management team.