Cybersecurity and Compliance Administrator

Colorado Residents: In any materials you submit, you may redact or remove age-identifying information such as age, date of birth, or dates of school attendance or graduation. You will not be penalized for redacting or removing this information.

Company Name: Roaring Fork Transportation Authority (RFTA)

Title of Position: Cybersecurity and Compliance Administrator

Position Type: Full-Time, Exempt

Location: Candidate must be able to work onsite in Glenwood Springs, Colorado (remote work flexibility)

Pay Range: Hiring/Starting pay range is $89,880 - $125,000/annually, based on experience.

Benefits: Benefits include (but are not limited to): Paid time off, medical, dental, vision, and hearing insurance with FSA/HSA, short-term disability, long-term disability, life insurance, accidental death & dismemberment (AD&D), 401(a) and 457(b) retirement plans, EAP, ski pass, etc. For more detail - https://www.rfta.com/employment/benefits/

Position Purpose:

The Cyber Security and Compliance Administrator will be responsible for overseeing RFTA's cybersecurity posture and ensuring compliance with relevant laws, regulations, and standards. This role involves managing cybersecurity operations, implementing compliance programs, and working collaboratively across departments to safeguard critical infrastructure and sensitive data.

Essential Duties/Responsibilities:

The following duties and responsibilities are illustrative of the primary functions of this position and are not intended to be all-inclusive.

Cybersecurity:

• Develop, implement, enforce, and review cybersecurity policies, procedures, and standards in line with industry best practices and regulatory requirements.
• Collaborate closely with IT teams to design and implement secure system architectures, including Zero Trust principles, ensuring alignment with security best practices and business requirements. Provides technical guidance and support to IT during the implementation and maintenance of security controls.

Risk Management:

• Identify, assess, and mitigate cybersecurity risks to the agency's IT infrastructure including transportation management systems, employee data, and public-facing services.

Incident Response:

• Lead the development and execution of incident response plans.
• Manage and coordinate responses to cybersecurity incidents, ensuring swift and effective resolution.

Security Awareness Training:

• Develop and deliver cybersecurity awareness programs and training sessions for employees to promote best practices and reduce the risk of human error.

Vulnerability Management:

• Oversee regular vulnerability assessments, penetration testing, and security audits.
• Ensure timely remediation of identified vulnerabilities.

Network Monitoring:

• Manage network monitoring tools and systems to analyze network traffic, security logs, and intrusion detection/prevention system alerts.
• Direct the investigation of security events and collaborates with technical teams to implement appropriate remediation measures.

Identity and Access Management (IAM):

• Implement and manage IAM policies and technologies to ensure that only authorized personnel have access to critical systems and data.

Collaboration and Coordination:

• Work closely within the internal departments to ensure cybersecurity measures align with organizational goals.
• Serve as the main point of contact for cybersecurity-related matters.

Vendor Management:

• Evaluate and manage relationships with third-party vendors to ensure their security practices meet agency standards.

Emergency Preparedness:

• Participate in the development and testing of disaster recovery and business continuity plans.

Regulatory Compliance:

• Ensure the agency's operations comply with all applicable local, state, and federal regulations, including transportation-specific standards and cybersecurity laws.

Compliance Program Development:

• Design, implement, and maintain a comprehensive compliance program, including policies and procedures that address legal, regulatory, and ethical standards.

Internal Audits:

• Conduct regular internal audits to assess the effectiveness of the agency's compliance and cybersecurity programs.
• Recommend corrective actions and oversee their implementation.

Reporting:

• Prepare and present detailed reports on compliance and cybersecurity status to senior management and regulatory bodies.
• Ensure timely submission of required compliance documentation.

Training and Education:

• Develop and deliver compliance training programs for employees, ensuring they are aware of their responsibilities and the importance of compliance in daily operations.

Policy Development:

• Develop, update, and enforce compliance-related policies, ensuring they are aligned with current regulations and best practices

Monitor Regulatory Changes and Threat Intelligence:

• Stay current with changes in laws and regulations that could impact the agency, and adjust compliance strategies accordingly.
• Monitor cybersecurity news, vulnerability disclosures, and emerging attack trends to maintain a strong understanding of the evolving threat landscape and provide timely updates to leadership on emerging threats and their potential business impact.

Other Duties:

• Assist with special projects as directed by IT management.

Knowledge, Skills, and Abilities:

• Strong knowledge of cybersecurity frameworks, including NIST, CIS, and ISO 27001.
• Experience with IAM, cloud and IT Infrastructure security, incident response, and regulatory compliance.
• Familiarity with transportation systems and critical infrastructure protection is a plus.
• Relevant certifications such as CISSP, CISM, or CISA.
• Excellent communication skills, with the ability to convey complex technical and regulatory information to non-technical stakeholders.
• Strong problem-solving skills and the ability to work under pressure.
• Proficiency with common operating systems (Windows, macOS, Linux) and office software (Microsoft Office, Google Workspace).

Qualifications:

Education:

• Bachelor's degree in Cybersecurity, Information Technology, Compliance, or a related field. A combination of education and experience may be substituted in lieu of a degree.
• CISSP or equivalent certification highly desirable.

Experience:

• 5 years of experience in cybersecurity and compliance, with at least 2 years in a managerial or leadership role.

Working Conditions:

This position typically operates in an office environment. May require occasional evening or weekend work to address urgent technical issues or to perform system upgrades. Must be able to lift and move computer equipment as necessary. Must be able to sit for extended periods while working on computer tasks.

Salary : $89,880 - $125,000