Key Responsibilities and Duties:

• Guide security policy and participate in broader Information Security governance efforts.
• Develop and maintain the Information Security Management System (ISMS) in collaboration with regional information security SMEs and technical consultants.
• Oversee and manage the ISMS and recommend appropriate mitigating controls.
• Oversees Information Security Risk Management activities, including risk identification, assessment, and communication to relevant interest holders.
• Provide valuable expertise and leadership directly to the governing  Joint Board executive leadership, including sharing metrics to reflect the performance of the regional security program functions, executive risk score reports, and other guidance on a variety of information security topics.
• Facilitate a committee of Information Security SMEs across the Agencies to ensure both regional compliance and concurrence on information security-related matters, recommending solutions, and working from the regional  perspective to achieve optimal solutions.
• Collaborate with the Systems Integrator, other vendors, and partner Agencies to ensure security best practices, standards, policies, and regulatory requirements are incorporated into core payment system design, implementation, and sustainment, as well as support other future phase projects.
• Conduct regular security reviews of both software and processes, advising on information security practices. Reviews and creates threat models and recommends security enhancements consistent with information security strategy and evolving threats.
• Support external IT security audits and assessments that focus on  operation.
• Develop, update, implement, and conduct information security training programs to support the ISMS objectives.
• Manage approvals for Identity and Access Management (IAM) and Access Control Administration.
• Act as Incident Commander for Security Incident Response activities, whenever the Information Security Incident Response Plan is invoked by the regional program; play an interest holder and oversight role if the plan is invoked by other partners or vendors.
• Participate in information security incident investigation and response efforts; perform root-cause analysis when incidents occur and prepare incident reports.
• Evaluate change requests to determine potential impacts to Information Security, including IT systems, processes, policies, and provide appropriate input to the Change Management process.
• Coach future Regional  Operations Team (ROOT) information security personnel as the ISMS becomes complete and mature.
• Keep up to date on latest information security trends, "best practices", threats, and countermeasures.

Required Skills and Qualifications:

• Enterprise-level information security plans, policies, standards, guidelines, methods, and practices based on current industry standards, best practices, tools, and techniques.
• Information Security Management Systems, and applicable industry standards (ISO 27001/2).
• Pertinent federal, state, and local laws, codes, and regulations; particularly those that affect information security for payment systems.
• Environments subject to the Payment Card Industry Data Security Standard (PCI DSS), including compliance-related duties.
• Knowledge and understanding of developing and administering information-security standards, practices, audits, risk management, and policy compliance.
• Information Security Audit principles and practices.
• Knowledge of one or more governance frameworks such as COBIT 5, ISO, NIST, or COSO.
• Strong understanding of IT Service Delivery (ITIL) core processes and methodologies.
• Principles, methods, and techniques used in the facilitation of managing projects and leading teams.
• Relevant experience and detailed technical knowledge in security engineering, system and network security, authentication and security protocols, cryptography.
• In-depth knowledge of security software threats and vulnerability mitigation techniques.
• Working knowledge of cloud platforms such as Azure/ AWS and relevant security controls.
• Establishing and maintaining collaborative working relationships with other department staff, management, vendors, and other interest holders.
• Documenting and explaining risks, recommendations, and incident data to technical interest holders.
• Interpreting and administering information security policies, standards, and procedures sufficiently to administer, discuss, resolve, and explain them to staff and other constituencies.
• Leading or supporting an Information Security Management System.
• Generating metrics and preparing reports to facilitate decision-making on security-related activities.
• Utilizing personal computer software programs affecting assigned work and in compiling and preparing spreadsheets and reports.
• Responding to inquiries with effective oral and written communication.
• Researching, analyzing, and evaluating new security processes, products, and techniques.
• Excellent time management skills including the ability to prepare, prioritize, and complete work plans.
• Working effectively under pressure, meeting deadlines, and adjusting to changing priorities.
• Writing of technical documentation and standards, including skill in English usage, spelling, grammar, and punctuation

Required Certifications or Licenses:

• At least one of the following (in valid status):
  • Certified Information Systems Security Professional (CISSP).
  • Certified Information Security Manager (CISM).
  • Certified Information Security Auditor (CISA).
• Other industry relevant certifications in the fields of information security, project management, auditing and/ or risk management, such as the Certification in Risk and Information Systems Control (CRISC)

Preferred Skills and Qualifications:

• Knowledge of Governance, Risk, and Compliance (GRC) tools.
• Principles of leadership, supervision, training, and performance evaluation.
• Extensive knowledge of risk-based methodologies, and one or more of the following frameworks: ISO 27001/2:2017, 27005:2011, and 31000; PCI-DSS; or NIST 800-53.

Duration:11/07/2025 to 2/28/2026
Location: Downtown Seattle (Hybrid)
M-F: 8 AM to 5 PM 
Hybrid: 3 days work onsite
Pay: $75  per hour