Tuesday , March 21 2023



Job Description:

The Principal Governance and Policy Specialist is an experienced Governance/Policy management professional proficient in implementing NIST management key controls and standards, supporting and monitoring Amtrak’s Cybersecurity control environment, and collaborating with the Risk and Compliance teams to ensure that Cyber policies and associated controls are developed, implemented and maintained in a timely manner. The incumbent works with internal audit, external audit firms, and regulatory agencies to provide supportive documentation as applicable. This position works closely with risk and compliance teams to ensure adherence with internal controls, regulatory and information security policies, standards, guidelines and procedures. Position ensures that work plans and measures are instituted and assessed to achieve scope, objectives and potential risks, and adequate key IT Controls meets Internal Policy and Compliance Standards. This role supports all security (GRC) related policies, associated governance, ensuring that controls and associated metrics, as well key risk and performance indicators are aligned appropriately to information security policies, standards, procedures, and compliance principles.

Job Responsibilities:

  • Works with internal audit, external audit firms, and regulatory agencies to provide supportive documentation as applicable.
  • Develops and/or supports development of system security plan, contracts, and legal agreements’ cybersecurity language.
  • Works with Infrastructure systems team to develop standards for various ITGC processes and lifecycles.
  • Generates appropriate communication, process, and educational plans for mitigating the disruption of change and identifies and removes obstacles to change.
  • Performs other related duties as assigned.
  • Works with GRC senior managers, directors, and other appropriate leadership to formulate, develop and review audit responses for external audits (OIG, TSA, etc.).
  • Reviews, revises, and where appropriate, proposes new policies and procedures to ensure compliance with applicable laws and regulations (NIST, PCI-DSS, GDPR/CCPA, etc.).
  • Develops and/or supports development of new policies, standards, guidelines, and procedures to ensure compliance with NIST, PCI-DSS,
  • GDPR/CCPA, and other applicable laws, rules, practices, and regulations.
  • Identifies major risk factors which may prevent Amtrak from achieving its strategic, operational, financial reporting and compliance objectives.
  • Develops and/or supports management to develop GRC Administrative, Physical, and Technical Controls Catalog.

Job Requirements:

  • Excellent attention to detail.
  • Familiarity with industry frameworks (e.g. CIS, COBIT, NIST, etc.), best practices and methodologies.
  • Must possess strong communication and interpersonal skills, work well with others in an integrated team environment, and must be self‐motivated.
  • Solid understanding of data handling best-practices, information management, and governance.
  • Understanding of the Service Now platform ecosystem.
  • Familiarity with the risk‐based frameworks associated analysis and data analytics.
  • Strong writing and oral skills with ability to effectively communicate technical issues to diverse audiences.

Qualification & Experience:

  • Bachelor’s Degree in accounting, information systems or computer science with 7+ years relevant experience or equivalent work experience.
  • 11+ years of relevant work experience to satisfy education and experience requirements.
  • Experience in GRC/IRM space with leading, developing and maintaining Cyber security and ITGC Policies and associated controls management.
  • Master’s Degree.
  • Experience working in large complex companies, that heavily rely on real time 24×7 operations to successfully service external customers. Experience in the transportation industry.
  • Technical Writing experience.

Job Details:

Company: Amtrak

Vacancy Type: Full Time

Job Functions: Rail Transportation

Job Location: Portland, ME, US

Application Deadline: N/A

Apply Here