INFORMATION SECURITY
SPECIALIST
Pittsburgh Regional Transit is seeking an Information Security Specialist to lead and maintain technical and human-centered initiatives centered around Information Security for Port Authority of Allegheny County d/b/a Pittsburgh Regional Transit (PRT). Maintain policies, procedures, standards, and documentation to assess, monitor, report, escalate and remediate IT risk and compliance issues. Use knowledge and skills obtained through education and experience to evaluate business objectives, derive technical requirements, and develop secure, reliable, and efficient security solutions for the business. Work collaboratively with PRT’s technical personnel, Internal Audit and external auditing agencies in the design and implementation of audit, risk assessment and compliance practices for IT. Advise IT and management on the status of technology risks and compliance issues based on assessment results and information from various monitoring systems. Implement mitigation strategies and approaches based on both audit and assessment feedback and management participation. Provide oversight regarding audit, regulatory and risk assessment activities across all IT functional areas. Perform independently with general direction from management.
Essential Functions:
- Develop, lead, and assist in human-centered information security awareness, training, informational campaigns, and other activities focused on ensuring that internal customers are well-prepared for Information Security risks.
- In support of secure authentication environment, process password reset requests and further the implementation of single sign-on and self-service authentication management.
- Monitor and analyze alerts to identify security issues for remediation.
- Support the implementation of critical security controls as they relate to PCI/HIPPA and risk assessments.
- Assist in ensuring the integrity and protection of networks, systems, and applications by technical enforcement of organizational security policies through monitoring of vulnerability scanning devices and software review.
Job requirements include:
- BA or BS in Information Security, Computer Science, Management Information Systems, or related field from an accredited school. Directly related experience plus certifications may be substituted for education on a year-for-year basis.
- Knowledge of information security standards (e.g., PCI/DSS, ISO 17799/27002, etc.), along with rules and regulations related to information security and data confidentiality.
- Ability to develop and execute:
- Information Security training (both live and recorded)
- policies and standards
- and network penetration testing (and evaluation)
- Ability to evaluate vulnerability assessments, risk analysis, contract review, management of gap remediation and compliance testing.
- Strong analytical and problem- solving skills are necessary.
- Strong documentation and organizational skills.
- Excellent written and verbal communication and inter-personal skills.
- Demonstrated ability in the use of Microsoft 365 platform.
- Valid PA driver’s license.
Preferred attributes:
- Ability to employ risk identification/analysis of desktop, server, application, database, and overall network security principles.
- CISSP, GSEC, GIAC, or other security certifications are desired (training for these can be provided by Authority, if necessary).
We offer a comprehensive compensation and benefits package. Interested candidates should forward a cover letter (with salary requirements) and resume to:
Danielle Jacobson
Employment Department
345 Sixth Avenue, 3rd Floor
Pittsburgh, PA 15222-2527
DJacobson@RidePRT.org
TO PLACE AN AD:
Classifieds
412-481-8302 Ext. 136
E-mail:
ads@newpittsburghcourier.com
Deadline/Closing/Cancellation Schedule
for copy, corrections, and cancellations: Friday noon preceding Wednesday publication
About Post Author
