Salary: $125,000.00 Annually
Location : 10 Park Plaza, Boston
Job Type: Full-Time
Job Number: 24-20111
Department: MBTA - Information Technology Dept
Area: 031-ITD
Opening Date: 02/27/2024
Closing Date: 6/21/2024 11:59 PM Eastern
Licenses / Certifications: None Required
Union Affiliation: STW Steelworkers
Safety Sensitive: No; this is not a Safety Sensitive position.
Essential Classification (Emergency Staff): Yes; this position is classified as essential. Employees in this role are required to report to work for their assigned work hours or as directed by supervisory personnel during declared States of Emergency.
On-Call or 24/7: Yes; this position is classified as on-call or 24/7. Employees in this role must be available to respond to page / text / call and report to work as directed by supervisory personnel.
At the MBTA, we envision a thriving region enabled by a best-in-class transit system. Our mission is to serve the public by providing safe, reliable, and accessible transportation. MBTA's core values are built around safety, service, equity, and sustainability and each employee that works for the MBTA performs their roles based on our vision, mission, and values. This includes attendance, participation, and contribution in local safety committee meetings as needed.
Job Summary

The MBTA IT Department's Security Architect will assist the office of the CISO with operationalization of a portfolio of programs, projects, and activities as directed to include information security program management, risk management, and GRC-related projects and activities. The Security Architect will review and evaluate current security solutions while providing recommendations and support to strengthen IT infrastructure.
Duties & Responsibilities

• Provide Information Security and Risk Program Management Support.
• Ensure Information Security, Risk, and Privacy Documentation is accurate, current, and relevant to the MBTA in support of the Information Security Portfolio.
• Evaluate and enhance alignment of procedures to ensure alignment with the Office of the Executive Office of Technology Services and Security (EOTSS).
• Advise on the implementation of security technologies to strengthen IT architecture.
• Work with system owners to ensure that appropriate security controls are designed and implemented.
• Document and maintain a log of security risks associated with projects and production support.
• Identify security design gaps in existing and proposed architectures and recommend changes or enhancements.
• Advise on the remediation or patching of vulnerabilities.
• Evaluate and provide recommendations for planned changes and transformation of hybrid and cloud hosting environments.
• Provide security architecture and engineering recommendations for enterprise infrastructure and applications, SaaS services, Secure Dev Ops, Operational Technologies, and asset management strategies.
• Review security and deployment configurations for server and end-user devices including mobile, emerging BYOT (Bring Your Own Technology) strategies, and encompassing threat detection and response solutions.
• Ensure that the MBTA vendor ecosystem is properly evaluated, assessed, and managed to minimize risk exposure and risk impacts to the organization.
• Utilize the MBTA NIST-based Security and Privacy controls framework, Regulatory environment, and both Commonwealth and MBTA Information Security policy when providing risk-based recommendations.
• Perform all other duties and projects that may be assigned.

Additional responsibilities may include a focus on one or more departments or locations. See applicable addendum for department or location-specific functions.
Physical Demands and Working Conditions

• The physical demands and work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
• Available to work all shifts and locations as assigned or directed.
• Available to work as per assignment by the MBTA twenty-four (24) hours per day, seven (7) days per week as directed by supervisory staff for severe weather conditions, emergencies or any other circumstances that may potentially impact service or the safety of service.
• Have the ability to work any and all shifts and/or locations assigned or directed.

Supervision
Supervises data and security consultants.
Minimum Requirements & Qualifications

Minimum Education

• Bachelor's degree from an accredited institution in Computer Science, Information Technology, Cybersecurity, or a related field.

Minimum Experience and Required Skills

• Five (5) years of experience in information security, with a focus on security architecture.
• Proven experience in providing security architecture and engineering recommendations for enterprise infrastructure and applications, SaaS services, Secure Dev Ops, Operational Technologies, and asset management strategies.
• Experience in application architecture and development patterns.
• Strong Understanding of Regulatory Compliance Requirements relevant to the transit industry.
• Expertise in Risk Management and Governance, Risk Management, and Compliance (GRC).
• Proficiency in Designing and Implementing Security Solutions for IT infrastructure.
• In-depth Knowledge of SaaS Technologies: Experience with assessing, implementing, and securing various SaaS solutions.
• Experienced in Assessment, Mitigation, and Remediation of Security Vulnerabilities: Ability to identify and address security weaknesses effectively.
• Server Experience: Familiarity with server configurations, security, and management.
• BYOT (Bring Your Own Technology) Strategy Knowledge: Understanding the security implications and management of BYOT environments.
• Network Infrastructure Experience: Proficient in designing and securing network infrastructures, including understanding of network protocols and hardware.
• Security Audit Logging and Monitoring: Experience in implementing and managing security log systems, and the ability to analyze and respond to security incidents.
• Ability to Evaluate and Recommend Security Architecture and Engineering Solutions.
• Familiarity with Vendor Risk Management.
• Excellent Communication Skills, both written and verbal.
• Strong Interpersonal and Collaborative Skills.

Substitutions Include

• A High School Diploma or GED with an additional seven (7) years of Computer Science, Information Technology, Cybersecurity, or a related field experience substitutes for the bachelor's degree requirement.
• An associate degree from an accredited institution an additional three (3) years of Computer Science, Information Technology, Cybersecurity, or a related field substitutes for the bachelor's degree requirement.
• A master's degree in a related subject substitutes for two (2) years of general experience.
• A nationally recognized certification, or statewide/professional certification in a related field substitutes for one year of experience.

Job Conditions:

• Ability to effectively read, comprehend, communicate, and respond to instructions, orders, signs, notices, inquiries, etc. in English
• Ability to provide internal and external customers with courteous and professional experiences
• Ability to work effectively independently and as part of a team (or supervise, if required)
• Ability to uphold the rights and interests of the MBTA while building and maintaining effective relationships with employees and co-workers
• Ability to adhere to rules, regulations, collective bargaining agreements (if applicable), and policies of the MBTA, including the EEO, anti-discrimination, anti-harassment, and anti-retaliation policies
• Have a satisfactory work record for the two (2) years immediately prior to the closing date of this posting (unless if recent graduate), including overall employment, job performance, discipline, and safety records (infractions and/or offenses occurring after the closing of the posting and before the filling of a vacancy may preclude a candidate from consideration for selection)
• Ability to pass a Criminal Offender Record Information (CORI) check, comprehensive background screening, and medical Clinic screening, potentially including a physical examination and drug and alcohol screenings
• Ability to work all shifts and / or locations assigned, directed, or necessary for this position, including (for some transit / operations roles) up to twenty-four (24) hours per day, seven (7) days per week as necessary to accommodate severe weather conditions, emergencies, or any other circumstances that may potentially impact service or the safety of service

Disclaimers and Definitions:

1. General Disclaimer: The statements contained in this job description are intended to describe a summary, general nature, and complexity of typical job functions and do not represent an exhaustive list of all duties, tasks, and responsibilities required of staff assigned to this position.
2. Application Deadlines: Applicants should apply as soon as possible, as the MBTA may stop considering applicants after a sufficiently large applicant pool is established.
3. Work Environment: The physical demands and work environment characteristics described here-in are representative of those an employee may encounter while performing the essential functions of this job. Reasonable accommodations can be made to enable individuals with disabilities to perform essential functions. See job description for role-specific requirements.
4. Work Eligibility: Although the MBTA is an all employees must be legally authorized to work in the United States for any employer and on an unrestricted basis (the MBTA does not sponsor non-US citizens). However, if you have an unrestricted work authorization, or sponsored by a separate entity, you are welcome to apply for open positions. International students taking part in CPT / STEM / OPT programs through a university are eligible for internships and co-ops with the MBTA. In compliance with federal law, all persons hired will be required to complete a Form I-9 to verify their identity and eligibility to work in the U.S.
5. Interviews: Candidates should ensure they arrive on time, are prepared, can remain for the duration, and if remote, are in a quiet place without distraction, for the interview. Candidates who do not attend their interview without advance authorization, including an email confirmation of a rescheduled time/date from Human Resources, will be considered a no-show and disqualified from consideration for the position. Related to rescheduling, on a one-time basis, and due to something emergent, you may be allowed to reschedule the interview. In addition, Human Resources may require documentation supporting the request. However, should you need to reschedule, you will need to contact your Recruiter directly by email.
6. Safety Sensitive Positions: Employees working in this classification will be subject to periodic physical examinations plus random drug and alcohol testing.
7. On-call or 24/7 Positions: Employees working in this classification must be available to respond to page / text / call and report to work as determined by assigned department or the Authority.
8. Essential / Emergency Staff: During declared "states of emergency," employees working in this classification are required to report to work for their assigned work hours or as directed by management.
9. ADA Accommodations: The MBTA makes reasonable accommodations for applicants with disabilities. If you require an accommodation during this process, please contact the MBTA's ADA Unit at 617-222-5751 or
10. Diversity, Equity, and Inclusion: The MBTA is an For terms, descriptions, and definitions related to diversity, equity, inclusion, veteran status, and immediate family members that you may find on the application form, please visit

Employment Benefits at the MBTA
The MBTA offers comprehensive benefits packages to employees. Types of benefits offered at the MBTA are subject to the union affiliation / Collective Bargaining Agreement (CBA) of the position to which you apply. Benefits that may apply to your position include the following:

• Insurance: Health, Dental, Vision, Life (basic and supplemental), Long-Term Disability
• Paid Time Off (PTO): Vacation, Personal Days, Sick Leave, Paid Holidays
• Retirement: pension or deferred compensation 401(a), plus MBTA contributions
• Tuition Reimbursement (up to $10,000 per year)
• Public Service Loan Forgiveness (PSLF) for student loans
• Commuter Choice Parking Program: pre-tax benefits for parking
• Flexible Spending Account (FSA): pre-tax benefits for healthcare-related expenses
• Discounted tickets for concerts, movies, travel / vacation, etc. via TicketsAtWork.com
• Shopping discounts via GovX.com
• Verizon and AT&T service discounts
• And more...

The above information is meant to be a general overview of the benefit programs offered by the MBTA. This summary is not a contract andis not meant to change the provisions of union contracts or Authority policy and does not establish a binding past practice.

The MBTA is an Affirmative Action/Equal Opportunity Employer
01

What is the highest level of education you have completed?

• I did not attain a high school diploma or equivalent / GED.
• High School Diploma or Equivalent
• Associate's Degree
• Bachelor's Degree
• Master's Degree or higher

02

If you have a college degree, what was your field of study?
03

Do you have a bachelor's degree from an accredited institution in Computer Science, Information Technology, Cybersecurity, or a related field and at least five (5) years of experience in information security, with a focus on security architecture? OR Do you have an associate's degree and at least eight (8 years of the above experience? OR Do you have at high school diploma or GED and twelve (12) or more years of experience to substitute for the degree requirement? OR Do you have a master's degree in a related subject to substitute for 2 of the required years of experience? Additionally, a nationally recognized certification, or statewide/professional certification in a related field substitutes for one year of the required experience.

• Yes
• No

04

Do you have proven experience in providing security architecture and engineering recommendations for enterprise infrastructure and applications, SaaS services, Secure Dev Ops, Operational Technologies, and asset management strategies?

• Yes
• No

05

Do you have experience in application architecture and development patterns?

• Yes
• No

06

Do you have a strong understanding of Regulatory Compliance Requirements relevant to the transit industry?

• Yes
• No

07

Do you have expertise in Risk Management and Governance, Risk Management, and Compliance (GRC)?

• Yes
• No

08

Do you have proficiency in Designing and Implementing Security Solutions for IT infrastructure?

• Yes
• No

09

Do you have in-depth knowledge of SaaS Technologies: Experience with assessing, implementing, and securing various SaaS solutions?

• Yes
• No

10

Are you experienced in Assessment, Mitigation, and Remediation of Security Vulnerabilities: Ability to identify and address security weaknesses effectively?

• Yes
• No

11

Do you have server experience: familiarity with server configurations, security, and management?

• Yes
• No

12

Do you have BYOT (Bring Your Own Technology) Strategy Knowledge: Understanding the security implications and management of BYOT environments?

• Yes
• No

13

Do you have Network Infrastructure experience: Proficient in designing and securing network infrastructures, including understanding of network protocols and hardware?

• Yes
• No

14

Do you have Security Audit Logging and Monitoring: Experience in implementing and managing security log systems, and the ability to analyze and respond to security incidents?

• Yes
• No

15

Do you have the ability to evaluate and recommend Security Architecture and Engineering Solutions?

• Yes
• No

16

Do you have familiarity with Vendor Risk Management?

• Yes
• No

Required Question