Assistant Director, Business Information Security Officer 50

Job Description

Company: Metrolink Trains

Location: US

Salary:
$129,971. 00 – $201,455. 00 Annually
Location :
Main Office, 900 Wilshire Boulevard Suite 1500, Los Angeles, California 90017, CA
Job Type:
At Will Full Time
Remote Employment:
Flexible/Hybrid
Job Number:
23-2400222
Department:
Information Technology
Division:
Integrated Digital & Technology Services
Opening Date:
06/26/2026
Closing Date:
7/17/2026 11:
59 PM Pacific

SUMMARYJob Title/Classification:
Assistant Director (Various)Working/Posting Title:
Assistant Director, Business Information Security OfficerPURPOSE OF POSITION

The Southern California Regional Rail Authority (SCRRA), operator of the METROLINK Commuter Rail System, is seeking a Assistant Director, Business Information Security Officer (BISO) who will understand the key assets and processes, define and evolve cybersecurity strategy, identify and evaluate risks and controls, and suggest incremental controls or risk mitigation strategies where necessary. Additionally, the Assistant Director, BISO will ensure business compliance with Information Security Policies and Standards while continuously monitoring and reporting on risks and documented exceptions. The Assistant Director, BISO helps the business achieve their objectives while not compromising the security posture. The Assistant Director, BISO will work under the general direction of SCRRA’s Chief Technology Officer, and the position will collaborate with internal and external auditors to ensure compliance with SCRRA’s cyber security procedures and industry standards.
DISTINGUISHING CHARACTERISTICS

This job description is not part of a job series.
SUPERVISION EXERCISED AND RECEIVED
• Receive general oversight from executive level management.
• This position will have no direct reports.
ESSENTIAL DUTIES AND RESPONSIBILITIESThe duties listed below are intended to describe the general nature and level of work being performed and are not to be interpreted as an exhaustive list of responsibilities.
• Lead, develop, and implement SCRRA-wide or large-scale business unit information and operational technology security strategies, programs, plans, programs, policies, and procedures designed to protect the integrity and security of the SCRRA network, data resources, operations, and other information assets in accordance with SCRRA policies and industry standards.
• Develop and maintain in-depth understanding of region/business unit processes, systems, technologies, data, customers, consumers, partners.
• Evaluate the overall technology portfolio for adherence to security policies and procedures for all SCRRA corporate and operational systems (e. g. positive train control (PTC)).
• Coordinate auditing and compliance and certification requirements.
• Leads cyber security training program for the agency, consumers, and partners as needed.
• Act as the key security resource for IT leadership and the IDTS Business Partners and other local personnel.
• Partner with all Departments to achieve effective working relationships that can further the effectiveness of the Security program.
• Lead development of the Information Security Policies and Standards throughout the agency.
• Lead implementation of cyber security solutions required to meet business objectives.
• Review and audit technical implementations of physical security solutions required to meet business objectives.
• Lead information security operations in partnership with all departments.
• Proactively identify noncompliance and areas of potential improvement, and issue corrective actions to department manager.
• Engage with clients and customers as needed to assist the business to achieve its objectives by representing our security program, supporting internal and external audits, assisting in customer communication of security incident, etc. ).
• Participate in region/business unit related conferences, client facing engagement, industry forums to represent the Cyber Security program.
• Provide regular and timely reporting on the status of cyber security throughout the agency.
• Provide escalation path for security issues, incidents and inquiries.
• Review work of the Security Incident Response and Crisis Management teams to ensure the effective driving of incidents to acceptable resolution; assist with investigations as needed.
• Provide Cyber Security Guidance for agency personnel.
• Drive remediation activities throughout the agency.
• Work with the Compliance and Information Risk Management team to drive policy and regulatory compliance.
• Responsible for the PCI-DSS annual compliance submission requirement and develop monitoring program to ensure SCRRA is PCI compliant.
• The responsibilities outlined above are representative of the role but not exhaustive. Additional duties may be assigned as needed, and reasonable accommodation will be provided to qualified individuals with disabilities in accordance with applicable laws.
MINIMUM REQUIREMENTS TO PERFORM ESSENTIAL JOB FUNCTIONSEducation and Experience
• Bachelor’s degree in Information Systems, Cybersecurity, Auditing or a related field.
• A minimum of (8) years of relevant work experience.
• A minimum of (5) years of experience in supervising and monitoring the work of subordinate staff or project managers, including monitoring and evaluating staff.
• A combination of training, education and or experience that provides the required knowledge, skill.

Source: Jobilize