VP Chief Information Security Officer - 90212630 - Washington

VP Chief Information Security Officer - Washington

Chief Information Security Officer (CISO) to lead the cybersecurity strategy and risk management functions for our national passenger rail organization. As a senior executive and key advisor to leadership and the Board of Directors, the CISO will oversee the protection of enterprise systems, operational technologies, rolling stock and customer / employee data, while ensuring alignment with both commercial best practices, industry standards, regulatory compliance and federal mandates for critical infrastructure security. This role demands strategic vision, technical depth, understanding of Operational Technology (OT) Industry and deep familiarity associated with evolving federal cybersecurity directives, insider threat mitigations and compliance with Presidential Policy Directives and related homeland security mandates, policies and guidance. The role also serves as the HIPAA Security Officer responsible for ensuring that an organization's Protected Health Information (PHI) is secure by developing and implementing policies, procedures, and safeguards to protect electronic PHI (ePHI) from unauthorized access, loss, or breach.

Define and lead the enterprise-wide cybersecurity strategy in alignment with the organization's transportation mission, operational continuity, and national security priorities.

Oversee the cybersecurity posture of both enterprise IT and mission-critical operational technologies (OT), ensuring the security of connected systems, and driving secure adoption of advanced and emerging technologies.

Ensure full compliance with applicable laws, regulations, and directives by leading federal cybersecurity reporting, audit readiness, and coordination during joint assessments or tabletop exercises.

Establish and oversee a comprehensive cyber risk management framework across the enterprise and operational environments by also integrating insider threat detection, penetration testing and mitigation into the broader risk management strategy.

Lead the Cybersecurity Incident Response Team (Cyber Fusion Center) by ensuring readiness to detect, respond to and recover from nation-state threats, criminal, ransomware, insider threats, and supply chain attacks targeting transportation infrastructure.

Serve as the liaison to Amtrak Police Department (APD), federal law enforcement, and Office of Inspector General (OIG) as well as participate in national level cyber security exercises and federal initiatives.

Bachelor's Degree or equivalent combination of education, training and / or relevant experience.

20 + years of relevant experience.

Extensive experience in senior management roles overseeing information technology and operational technology / security for large enterprises

Strong management background with hands-on experience in security, audit, and risk management

Proven ability to support security team recommendations decisively

Demonstrated capacity for effective stress management in dynamic environments

Capable of designing, budgeting, and executing corporate cybersecurity strategies, consistently delivering multiple initiatives on time and within budget. Can effectively communicate these strategies to the Executive Leadership Team and the board of directors

Excellent written and oral communication skills across all organizational levels

Understanding of service design, delivery concepts, and control frameworks

Solid organizational skills, capable of multitasking, prioritizing workloads, and delegating responsibilities

Ability to motivate teams and recognize their contributions

Skilled in working effectively with diverse personalities, adapting approaches to reach and develop teams while maintaining credibility