ISSO - Risk and Compliance

Washington D.C.
Mar 30, 2017
Jun 15, 2017
Full Time
Job Description
Job Title: ISSO - Risk and Compliance
Job ID: 170156 Location: DC -Jackson Graham Bldg-8th Fl
Posting Open-Close 03/29/2017
- 06/17/2017
Full/Part Time: Full-Time
Union NRP
Regular/Temporary: Regular Job Description

Position/Posting Details:

All WMATA  posted job openings are available through 11:59 pm the night before the noted Close Date. To ensure successful submission of application applicants are encouraged to apply well before this cut-off.  The noted Close Date is the date on which the posting is automatically removed from the website as of 12:00am at which time submission of an application is no longer possible. (WMATA reserves the right to remove postings at any time without notice as business needs demand.)


ISSO – Risk and Compliance marketing statement

  • Knowledge and application of the NIST RMF 800-30 or other similar Risk Management Frameworks

  • PCI DSS (Compliance) Experience – Managing Audit Cycle, Collecting Evidence, Running Quarterly Scans, Managing PCI Process/Project

  • Understanding of IT Security Policy and being able to enforce WMATA internal IT security policies, or update policies, policy structure or contribute content

  • Understanding of Network architecture and able to suggest secure methods of design and implementation

  • Conduct risk assessments for compliance with security controls and deficiencies and make recommendations

  • Clearly document and define risks and potential impacts with probability and update a risk register

  • Ability to review and analyze risks to the environment and categorize them based on criticality

  • Ability to write security policies that speak to risk management

  • Continually establish and improve security policy, processes and procedures for completenes

  • Collect, analyze and report metrics for processe\Ability to use Tenable Nessus Security Center to scan as well as produce reports

  • Familiar with Vulnerability management and assist customers with the remediation of vulnerabilities found

  • Stay knowledgeable of current advances in all areas of information security technology concerning vulnerabilities, security breaches or malicious attack

  • Knowledge of general computer controls

  • Knowledge of SDLC and OWAS

  • Tool Knowledge:¿Working knowledge of Tenable Security Center, HP WebInspect, Core Impact and RSA Archer

  • CISSP certification is preferred

  • Supervisory or Management or lead experience is highly desired

Minimum Qualifications:

Extensive and progressively more responsible and diversified experience and expertise with information security engineering, operations, or management.

Graduation from an accredited college or university with a Bachelor’s Degree in Computer Science, Engineering, or Mathematics and five (5) years experience in progressively responsible and diversified executive level information systems, information security, data processing management and technical experience in a large organization including extensive experience in the development of major IT policies and related supervisory experience.

Or, an equivalent combination of post-high school education, and at least eleven (11) years of experience in progressively responsible and diversified executive level information systems, data processing management and technical experience in a large organization including extensive experience in the development of major IT policies and related supervisory experience.

Medical Group:

Satisfactorily complete the medical examination for this position, if required.  The incumbent must be able to perform the essential functions of this position either with or without reasonable accommodations.

Job Summary/Duties:

The ISSO will manage the confidentiality, integrity, and availability of Metro's information and resources. The ISSO will have broad knowledge of security policies, procedures and best practices, along with hands-on experience designing, implementing and supporting security products and technologies.

The incumbent of this position is responsible for tactical direction of security policy and systems development, implementation, and technical oversight of the Metro IT Security Program as directed by the Chief, IT Security.  Under the direction and supervision of Deputy Chief, IT Security, the ISSO will:

Generate, review, and submit system security plans for relevant systems and implement security policy throughout the system’s life cycle and provide technical engineering services for the support of integrated security systems and solution.

Plan and develop security measures to safeguard information and systems against accidental or unauthorized modification, destruction, or disclosure.

Identify deficiencies with information systems and recommend/implement design changes as appropriate.

Participate in investigations of suspected information security misuse or in compliance reviews as needed.

Communicate unresolved security exposures, misuse or non-compliance situations to management.

Ensures security-related documentation is created and updated in a timely manner and recommends installation, modification or replacement of any system component, hardware or software, and any configuration change that affects the confidentiality, integrity, and availability of The Authority’s systems.

Use extensive knowledge of the Metro's business/industry to identify technological developments and evaluate impacts on the client's business.

Demonstrate excellent project management skills, inspire teamwork and responsibility with engagement team members, and use current technology/tools to enhance the effectiveness of deliverables and services.

Manage group(s) responsible for technical security which includes firewalls, content servers, mutli-factor authentication, disk encryption, load balancers, intrusion detection prevention systems, anti-virus, certificate servers, desktop firewalls and vulnerability scanners.

Maintains and recommends to the Chief, IT Security methods to maintain strict confidentiality in respect to all WMATA records kept in any electronic or magnetic form,  including those developed or maintained by the Board of Directors or WMATA with regard to labor relations and collective bargaining.  Maintains strict confidentiality with respect to his or her access to "sensitive" information relating to the Authority's business including but not limited to collective bargaining.

The above duties and responsibilities are not intended to limit specific duties and responsibilities of any particular position. It is not intended to limit in any way the right of supervisors to assign, direct and control the work of employees under their supervision.

Evaluation Criteria:

Consideration will be given to applicants whose resumes demonstrate the required education and experience. Applicants should include all relevant education and work experience.

Evaluation criteria may include one or more of the following:

  • Personal Interview
  • Skills Assessments
  • Verification of education and experience
  • Criminal Background Check
  • Credit history report for positions with fiduciary responsibilities
  • Successful completion of a medical examination including a drug and alcohol screening
  • Review of a current Motor Vehicle Report


Washington Metropolitan Area Transit Authority, a Federal contractor, is an Equal Opportunity / Affirmative Action employer.  All qualified applicants receive consideration for employment without regard to race, color, creed, religion, national origin, sex, gender, gender identity, age, sexual orientation, genetic information, physical or mental disability, or status as a protected veteran, or any other status protected by applicable federal law, except where a bona fide occupational qualification exists.  Our hiring process is designed to be accessible and free from discrimination.

This posting is an announcement of a vacant position under recruitment.  It is not intended to replace the official job description.  Job Descriptions are available upon confirmation of an interview.

Similar jobs