Cyber Governance, Risk & Compliance Manager

Santa Clara Valley Transportation Authority

Salary: $174,899.92 - $227,399.90 Annually
Job Type: Full-Time
Job Number: 25-MLJ-7304
Closing: 7/25/2025 11:59 PM Pacific
Location: CA 95134-1927, CA
Department:
Division: System Safety & Security

Job Description


Definition

Under general direction, the Cyber Governance, Risk & Compliance Manager develops, implements, manages, and maintains VTA's cyber security governance, risk, and compliance (GRC) programs.

Distinguishing Characteristics

This single-position classification is characterized by full managerial responsibility for cyber security compliance and regulatory initiatives within VTA. The incumbent oversees GRC strategy, incident response, cyber policy enforcement, and risk mitigation activities across all technical environments. This position requires significant expertise in security frameworks (e.g., NIST, ISO-27001), regulatory compliance, and real-time threat monitoring, as well as the ability to lead cross-functional collaboration across business units and external agencies. The incumbent leads cyber policy implementation, risk management, and incident response efforts to protect the agency's digital assets and ensure compliance with industry and regulatory standards.

The role may involve sensitive investigations related to digital security incidents.

Ideal Candidate

The ideal candidate for the Cyber GRC Manager position is a strategic, detail-oriented professional with a strong background in cybersecurity governance, risk management, and regulatory compliance. They bring a deep understanding of cybersecurity frameworks such as NIST, ISO/IEC 27001, CIS, and COBIT, and can translate complex security principles into actionable business practices.

They are adept at leading cross-functional teams to identify, assess, and mitigate information security risks, and have a proven track record of developing and maintaining GRC programs that align with enterprise objectives and evolving regulatory requirements. This candidate is comfortable presenting to executive leadership, audit committees, and regulatory bodies, offering both high-level strategy and operational clarity.

Highly Desired Qualities and Experience:

• 7-10 years of experience in cybersecurity, with 3-5 years focused on governance, risk, and compliance.
• Strong knowledge of data privacy laws and standards (e.g., HIPAA, GDPR, CCPA, FISMA).
• Experience leading vulnerability management practices in a transit environment.
• Hands-on experience with risk assessment methodologies, security audits, and compliance reporting.
• Expertise in policy development, control frameworks, vendor risk management, and third-party assessments.
• Familiarity with tools such as Archer GRC, ServiceNow GRC, RSA, or similar platforms.
• Relevant certifications such as CISSP, CISA, CRISC, CGEIT, or CISM are strongly preferred.
• Excellent communication and interpersonal skills to collaborate across IT, legal, internal audit, and business teams.
• Demonstrated ability to manage multiple projects and prioritize effectively under tight deadlines.

Leadership & Culture Fit:

• Forward-thinking with a proactive approach to anticipating and mitigating risks.
• A mentor and team leader capable of guiding junior analysts and fostering a culture of security awareness.
• Values integrity, transparency, and accountability in every aspect of the role.

About the System Safety & Security Division
This division oversees VTA's safety and transit system security and law enforcement functions, which include oversight of the Protective Services Department, management of contracted security services provided by Allied Universal Security, administration of VTA's contract with the Sheriff's Department for sworn law enforcement personnel and Cyber Security.

About VTA

The Santa Clara Valley Transportation Authority employs more than 2,000 people dedicated to providing solutions that move Silicon Valley. Unique among transportation organizations in the San Francisco Bay Area, VTA is Santa Clara County's authority for transit development and operations (light rail and bus), congestion management, transportation-related funding, highway design and construction, real estate and transit-oriented development, and bicycle and pedestrian planning. With local, state, and federal partners, VTA works to innovate the way Silicon Valley moves and provide mobility solutions for all.

Santa Clara Valley Transportation Authority (VTA) is an independent special district that provides sustainable, accessible, community-focused, innovative, and environmentally responsible transportation options promoting the region's vitality. VTA provides bus, light rail, and paratransit services and participates as a funding partner in regional rail services, including Caltrain, Capital Corridor, and the Altamont Corridor Express.

To learn more, go to: vta.org.

Our Community

Santa Clara County, sometimes referred to as "Silicon Valley", is unique for its innovation, natural attractions, and social diversity. With numerous amenities and perfect weather, it has long been considered one of the best places in the United States to live and work. calendar of festivals and celebrations supports the community spirit. Nearby open space provides easy access to mountain parks, trails, lakes, streams, and beautiful coastal beaches. San Jose has received accolades for its vibrant neighborhoods, healthy lifestyle, and diverse attractions from national media, including Business Week and Money magazines.

The county's population of 1.9 million is the largest in Northern California and is rich in ethnic culture and diversity. Enjoy access and the option to explore our closely neighboring counties of San Francisco and Alameda.

ADD: Classification Bargaining Unit: Non- Represented

Application Deadline: Posting will close 7/25/2025 at 11:59pm

Interviews are tentatively scheduled the week of August 11, 2025 or August 18, 2025

Essential Job Functions


Typical Tasks

• Develops and implements protocols to safeguard digital files and information systems against unauthorized access, modification, and destruction;
• Ensures adherence to established cyber security protocols across the agency;
• Plans, assigns, directs, manages, and reviews the work of assigned subordinate staff;
• Selects, supervises, trains, motivates, evaluates and disciplines staff;
• Supervises real-time monitoring of VTA's networks, applications, email systems, and server infrastructure to detect and respond to security intrusions;
• Coordinates incident response efforts and ensures effective resolution of security breaches;
• Supports the enhancement of VTA's Cyber Security program in alignment with industry standards such as NIST Cyber Security Framework, ISO-27001, CIS Controls, and MITRE ATT&CK;
• Collaborates with internal teams and external partners on cyber security best practices, compliance requirements, and incident investigations;
• Oversees the implementation and maintenance of cyber security policies and a comprehensive controls framework to protect technical systems and information assets;
• Conducts ongoing risk assessments across the agency to identify and mitigate cyber security threats ensuring 24/7 vigilance in identifying, mitigating, and responding to threats;
• Recommends and implements risk management strategies to strengthen cyber resilience;
• Plans and deploys cyber security measures and controls across VTA's infrastructure;
• Evaluates and recommends security tools, technologies, and countermeasures to mitigate emerging threats;
• Manages internal and external cyber security audits;
• Interprets audit findings, documents results, and oversees the implementation of corrective actions;
• Leads investigations into security breaches, conducts root cause analyses, and develops incident response plans;
• Implements security-by-design principles using frameworks such as OWASP;
• Ensures timely and effective incident response to minimize impact on VTA's operations and reputation;
• Ensures compliance with VTA policies and procedures regarding equal opportunity and discrimination and harassment prevention;
• Performs related duties as required.

Minimum Qualifications


Employment Standards

Sufficient education, training, and experience in the field of strategic planning and policy and program development which demonstrates possession of the following knowledge and abilities.

Development of the required knowledge, skills, and abilities is typically obtained through a combination of training and experience equivalent to graduation from an accredited college or university with a four-year degree in computer science, information technology, cyber security, or a related field; and six (6) years of increasingly responsible experience in cyber security operations, including significant involvement in the implementation and oversight of compliance frameworks, risk mitigation strategies, and incident response procedures for a public or private sector organization.

Supplemental Information


Knowledge of:

• Industry-standard cyber security frameworks (e.g., NIST, ISO-27001, CIS Controls, MITRE ATT&CK);
• Federal and state laws and regulations relevant to information security;
• Cyber security auditing, reporting, and risk management techniques;
• Security technologies and tools including intrusion detection, SIEM, encryption, endpoint protection, and vulnerability management;
• Cyber forensics, malware analysis, and incident response procedures;
• Principles of information governance, network security architecture, and cloud security models;
• Data privacy laws and regulations (e.g. HIPAA, CCPA, CPRA, GDPR);
• Principles and practices of supervision, management, conflict resolution, and employee training and development.

Ability to:

• Plan, direct, supervise, and evaluate the work of professional and technical personnel;
• Stay abreast of federal directives related to data privacy and information security;
• Define problem areas, evaluate, recommend, and implement solutions to complex issues and problems;
• Design, manage, and enforce effective cyber security governance frameworks and protocols;
• Identify, analyze, and mitigate digital threats across enterprise systems;
• Lead investigations, conduct forensic reviews, and implement response plans post-incident;
• Interpret and apply complex regulatory requirements to VTA's systems and operations;
• Develop and deliver cyber security training and awareness initiatives;
• Effectively communicate security risks and solutions to technical and non-technical audiences;
• Collaborate across departments and with external vendors to ensure cohesive security standards;
• Establish and maintain cooperative working relationships with those contacted in the course of work;
• Maintain composure and sound judgment during high-pressure security incidents.

Working Environment/Conditions and Physical Demands

Work Environment and Physical Effort:

Good Conditions

Primarily Sedentary Work



Work Locations:

Office or similar indoor environment - Frequently

Exposures:

Minimal exposure to environmental factors

What's in it for You?

Health: VTA participates in a CalPERS-sponsored medical plan with VTA contribution to employee and dependent premium health insurance premiums. Employees pay a monthly contribution of any amount in excess of the Kaiser Bay Area Family rate.

Flex Spending Account: $300 employer-funded Health FSA for eligible employees

Vision: VSP full premium for employees and eligible dependents

Dental: Delta Dental full premium for employees and eligible dependents

Leave (change per union):17 days of vacation (accrued), 80 Hours of sick time (accrued), 12 paid holidays per year, and 1 floating holiday after 1st year.

Retirement:

- Participation in CalPERS

• Classic Members: 2%@55

• PEPRA Members: 2%@62

- 457 Deferred Compensation Plan (voluntary)

• 457 pre-tax

• 457 Roth

• Self-directed brokerage account option for qualifying employees

- Retiree medical coverage for eligible employees with VTA contributions to the retiree's medical premium

Additional perks:

- All active full-time employees and their eligible dependents are eligible for transit passes for use over VTA lines, including VTA Paratransit services.

- Employee Assistance Program (EAP) is available to each employee, eligible dependent, and household member, 24 hours a day, seven days a week.

- Tuition Reimbursement

- Professional Development Fund

- Wellness Programs

As we continue to implement our VTA Forward Plan, we aim to strengthen and increase our workforce to take on future opportunities and challenges by elevating our people and our services.

For more information about our VTA Forward Plan, visit: https://www.vta.org/VTAForward

General Instructions
Please read this entire job announcement before applying for the position. Print and keep a copy of this announcement so that you can refer to it. Questions not answered within this job announcement may be sent to personnel@vta.org.

To ensure consideration, completed applications must be submitted online to the Human Resources department by the stated closing time and date posted. When the stated closing date is "continuous," apply immediately; the position may close without notice. You will receive an immediate email confirming receipt of your submitted application. If you do not receive this email, contact NEOGOV's Applicant Assistance Line at (855) 524-5627 between 8:00AM to 5:00PM (PST) Monday through Friday, excluding holidays.

Only on-line applications will be accepted for this recruitment (paper applications or resumes will not be accepted). Job Interest Notification Cards, or copies of previous, partial, or un-submitted applications, are not an acceptable substitute to a completed application.

ALL APPLICATION AND TESTING NOTIFICATIONS WILL BE SENT BY E-MAIL. Applicants should select e-mail as the preferred method of notification. Candidates must maintain an up-to-date, valid and reliable e-mail address. Candidates are also responsible for maintaining up-to-date phone numbers and addresses on their on-line account. Due to the number of applications received, candidates must check their application status through their on-line account. Contact NeoGov for assistance if needed.

Information on how to apply for jobs at the VTA is available on the VTA Employment website and from the NEOGOV's Applicant Assistance Line (855) 524-5627. NeoGov Applicant support is available from 8:00AM to 5:00PM (PST) Monday through Friday, excluding holidays.

Americans with Disabilities Act Accommodations

The Human Resources Department will make reasonable efforts in the recruitment/examination process to accommodate applicants with disabilities. If you wish to request an accommodation, call the Human Resources Department at (408) 321-5575 or email at Personnel@vta.org.


Application Processing Information

All related current and past work experience (including VTA experience) must be listed and fully described in the Work Experience section of the application ("See Resume" is not acceptable). Incomplete or improperly completed online applications may be rejected even if you are qualified for the position for which you are applying. It is your responsibility to ensure that the online application reflects the work experience and education needed to meet the requirements for the position you are applying for. Although your resume may have all your experience and education details, please make sure to complete each section of the online application to ensure that your information is accurately captured during our screening process.

All applications are subject to review as to meeting minimum qualifications at any point in the recruitment process. Passing any step is no guarantee of continuation if it is determined that the applicant does not meet the minimum qualifications as stated in the class specification.

Candidates found to have exaggerated/falsified their qualifications, experience, training, and/or education may be disqualified at any point in the recruitment process and may be denied future employment with the VTA.

If selected for the position, candidates will be required to complete a criminal conviction disclosure form. Candidates who successfully become VTA employees, andfail todisclose any of the criminal background information as required may be subject to discipline up to and including discharge.

Eligible Lists typically remain in effect for six (6) months. However, Human Resources may abolish Eligible Lists at any time during the six (6) month period. Human Resources may extend eligible Lists for up to two (2) years. Eligible Lists may be used for more than one recruitment. If you have questions related to an Eligible List you might be on or were on, you should contact Human Resources.

If you have questions regarding your status as an applicant for this position, please call the Human Resources Department at (408) 321-5575 or email at Personnel@vta.org.

VTA is committed to providing reasonable accommodations to applicants and employees with disabilities or religious needs, absent undue hardship.

VTA is an equal employment opportunity employer. VTA does not and will not tolerate discrimination against applicants or employees on the basis of age, ancestry, color, marital status, mental or physical disability, genetic information, national, origin, immigration status, political affiliation, race, religion, creed, sex, gender identity, gender expression, sexual orientation, pregnancy, medical condition, disabled veteran or veteran status, etc.



To apply, please visit https://www.governmentjobs.com/careers/vtasantaclara/jobs/5002021/cyber-governance-risk-compliance-manager








Copyright ©2025 Jobelephant.com Inc. All rights reserved.

Posted by the FREE value-added recruitment advertising agency




jeid-f17820119b4181479ed0e9da7b7153d3