Job Specifications
Description
Cybersecurity Engineering Services develop advanced security solutions in line with Metro specifications, regulations, and compliance.
Basic Functions
Assist with security strategy updates addressing the evolving risk landscape.
Assist with security governance, aligned to NIST CSF, as required to sustain an effective cybersecurity program.
3Assist with 3rd parties/projects/initiatives security risk assessments and provide solutions recommendations as needed.
Assist with security operations management update/improvement as required.
Manage information security-related activities of the agency including the analysis, identification, estimation of InfoSec efforts and the development, planning, testing, and documenting of remediation measures.
Develops, conducts, and documents executive-level reporting and strategy formulation.
Creates and maintains a centralized information security register to manage all InfoSec information and document changes relevant requirements.
Collaborates with internal and external stakeholders to maintain an understanding of current risks, new systems, and changes to the environment.
Supports development, implementation, and maintenance of strong security risk & compliance processes for new and existing deployments.
Participates in vendor due-diligence processes and third-party security risk management efforts; in addition to performing contract reviews as it relates to Information Security.
Supports internal and external audit and assessment processes for relevant compliance (PCI DSS, Privacy, etc.).
Creates security guidelines, checklists, and other documentation to support projects and initiatives.
Develops and presents metrics, reports, and dashboards.
Develops documentation for information security controls, acquisitions, and process or system changes.
Stays up to date on developing regulatory concerns, evolving IT, and information security trends.
Contributes to ensuring that the Equal Employment Opportunity (EEO) policies and programs of Metro are carried out.
May be required to perform other related job duties.
Knowledge & Experience Requirements
Experience working with a transit Universal Fare System (UFS) and the Cubic Payment Application (CPA) as it relates to transportation agency data compliance.
Knowledge of cybersecurity technology and compliance in transit systems.
Demonstratable strong background in the processes, policies, procedures, systems, practices, and professional standards of cybersecurity.
Demonstratable knowledge of industry best practices and relevant legal requirements as they pertain to cybersecurity, compliance, and privacy laws and regulations including TSA/DHS transport directives, DMV rules and regulation and other transportation agency cyber security rules and regulations.
Consultant must have delivered similar services (as stated above) during the past 10 years.
Experience with modern Security Operations Center (SOC) monitoring, detecting, analyzing, and responding to cyber threats.
Experience with conducting Cyber forensics.
Experience with major Cyber Incident handling.
Experience with preparing and guiding organizations to achieve and sustain compliance with Payment Card Industry Data Security Standard (PCI DSS).
Experience with vulnerability scanning, penetration testing, etc. using commercial products.
Experience with risk-based prioritization of security vulnerabilities and providing actionable remediation guidance.
Experience with cloud based and on-premise Security Information and Event Management (SIEM) tools including administering the tools, reviewing alerts, and providing actionable steps.
Experience with Security Orchestration, Automation, and Response (SOAR) platform.
Minimum Requirements:
15+ years’ experience supporting companies of a similar size to LA Metro with skills performing above listed technical security activities.
Two of the certifications below:
Certified Information Systems Security Professional (CISSP)
Certified Information Systems Auditor (CISA)
Certified Information Security Manager (CISM)
GIAC Security Professional (GSEC)
Certified Data Privacy Solutions Engineer (CDPSE)
Cyber Security Nexus (CSX)
Full time position
Hybrid to start, then 100% remote
Duration: Aug. 2025 - June 2027
Salary Range of $156,000 to $238,000 YR
About the Company
Cornerstone Concilium, Inc. is a privately held professional consulting firm formed in 1986 to provide engineering and management consulting services within the facilities, transportation and technology industries. Responding to the increasingly complex and rapidly changing nature of the business environment, we have established a single source organization to provide flexible and responsive services specifically suited to individual client needs for both privately and publicly funded projects.
Know more