Position Overview
The Illinois Tollway is dedicated to providing and promoting a safe and efficient system of highways while ensuring the highest possible level of service to our customers. Whether it's I-PASS, the Move Illinois Program, open road tolling or keeping you safe with our H.E.L.P. trucks, we are committed to delivering great benefits and services to customers.
The Tollway is a user-fee system – no state or federal tax dollars are used to support maintenance and operations. Operations are funded by toll and concession revenues.
Under the leadership of the Board of Directors and Executive Staff, the Tollway is committed to achieving the following goals: increase collaboration with regional transportation and planning agencies, promote the regional economy, maintain financial integrity, foster environmental responsibility and sustainability, maintain the safety and efficiency of the Tollway system, further transparency and accountability, enhance customer service, and maintain public trust.
In support of this vision, the Deputy Chief of IT Security The Deputy Chief of IT Security reports directly to the Chief of Information Technology. The incumbent has a minimum of one subordinate.
The incumbent has the challenge of protecting enterprise information assets while minimizing the impact upon those who need legitimate business access to the data.
The Deputy Chief of IT Security position provides leadership and oversight in the strategic planning, execution, and assessment of all Tollway wide cyber security strategies, policies, procedures and guiding practices to be implemented by all Tollway departments. The incumbent establishes and maintains a comprehensive information security program to insure that all information assets are adequately protected against current/future internal/external threats.
The Deputy Chief of IT Security will form and manage the Information Security and Privacy Office, a strategic office responsible for developing and writing and interpreting security and privacy policies, standards, procedures and oversight of data security operations management.
Essential Job Functions
Position Responsibilities
- Develop Information Technology Security Strategic Plan and Program for the entire enterprise.
- Design and write information security and privacy policies and standards.
- Provide interpretations of policies related to specific situations as they arise.
- Develop business cases for security initiatives.
- Plan, execute and evaluate security programs.
- Monitor security trends and legislation locally and nationally.
- Coordinate internal and external audits.
- Oversee incident response planning and security breach investigations.
- Serve as Chief Incident Manager to whom incidents are reported.
- Serve as Incident Management Lead on critical incidents including digital forensics.
- Supervise development of security awareness and training programs.
- Keep Tollway leadership apprised of security trends and vulnerabilities.
- Establishes, maintains and monitors all log-on identifications and access rules, defining specific access to network, files and database management systems.
- Perform other daily, quarterly and annual duties as required by PCI.
- Management of external vendors that are contracted to perform vulnerability analysis, scanning and pen testing against Authority systems.
- Participates in the Change Management process for all systems and applications for the movement of test systems to production. Works with the implementation review board for the approval of changes applied to system software and database software submitted by the applications development and technical support groups.
- Trains users in the application of all Authority security policies and conduct awareness
- programs.
- Acts as PCI Administrator for IT and vendor systems.
- Acts as the IT point person for all security related audits.
- Recruit and hire data security resources.
- Develop and deliver performance reviews to data security staff.
- Develop and deliver disciplinary action to data security staff if required.
- Has purchasing authority over data security products and services.
- Other duties as assigned.
Qualifications
- Combination of education, experience and training must qualify the candidate as an information security expert.
- Requires 10 years of information technology experience including 5 years of management experience with a specialty in information security and privacy protection.
- Candidate must have: the expertise to understand the Tollway's technical and business environment, familiarity with national security standards, experience with auditing, risk management, vulnerability assessments, and cyber-security and incident management.
- Candidate must have the proven ability to serve as an effective member of a senior management team, be an effective leader to a team of highly trained personnel and consultants; form, manage and lead advisory committees and interact effectively with law enforcement agencies, risk and data mangers, auditors, consultants, vendors, and stakeholders.
- Current security certifications, including CISSP, CISM or PCI QSA highly desired.
- BS or BA degree in computer science or related field preferred; or equivalent work experience in an Information Security management role.
- Knowledge at the expert level of current techniques and hardware/software capabilities of a large-scale, multi-location database and communications environment.
- Ability to understand and clearly relate to other members of the organization, technical manuals, software specifications, hardware principals of operations, and general methods of systems software and security.
- Thorough understanding of the build procedures, operating systems, database and programming languages used by the Tollway (MCP, UNIX, Windows Server, VMware, LINC, Oracle, Access, SMTP and TCP/IP).
- Must be detail oriented, analytical and highly organized, and be able to handle a variety of tasks in an efficient manner.
- Excellent written/oral communication and interpersonal skills are required.
- Must have valid driver's license.
- Must have the ability to work overtime as required including during off hours/holidays/weekends.
- Must participate in 24x7x365 scheduled support rotation.
- Must carry Tollway issued cellphone for on-call support and for response to calls/incidents before or after shift hours/weekends/holidays.
The Illinois Tollway is committed to creating a diverse environment and is proud to be an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, marital status, national origin or ancestry, disability, unfavorable discharge from military services, age, order of protection status, military status, **gender** or **gender** orientation.
Job seekers can contact jrao@getipass.com with questions.