Ben Franklin Transit · 16 hours ago
Information Security Officer
Richland, WA
Full-time
Hybrid
Senior Level
$93K/yr - $128K/yr
5+ years expBen Franklin Transit (BFT) provides exceptional transportation services and is seeking an Information Security Officer to lead their cybersecurity governance and risk management program. The role involves developing cybersecurity policies, conducting training, and ensuring cybersecurity controls are effective and aligned with operational needs.
GovernmentPublic TransportationService IndustryTransportation
Responsibilities
Own and maintain the agency cybersecurity program charter, roadmap, and key performance indicators
Maintain a cybersecurity risk register; facilitate risk acceptance decisions with leadership and system owners
Chair or coordinate a cross-functional cybersecurity steering group (IT, operations, maintenance, safety/security, records, HR, procurement)
Ensure cybersecurity requirements are integrated into projects, change management, and system lifecycle activities
Develop and maintain cybersecurity policies, standards, and procedures with a defined review cadence and exception process
Establish minimum security standards for identity, access, endpoints, logging, backups, remote access, and vendor connectivity
Produce and maintain plain-language guidance that staff can follow (one-page standards, job aids, checklists)
Design and manage annual security awareness training and new-hire cybersecurity onboarding
Deliver role-based training for high-risk roles (e.g., finance, HR, dispatch supervisors, IT administrators, maintenance leads)
Coordinate phishing simulations and targeted coaching/remediation (where used)
Measure training effectiveness and report completion and risk trends to leadership
Partner with the Records Officer to align cybersecurity records (policies, acknowledgements, training records, incidents, and logs) with applicable Washington State retention requirements and agency records policies
Define and maintain a security evidence framework: what records are required, where they live, and how they are produced for audits/public records requests
Support legal holds and preservation requirements related to incidents, investigations, and litigation
Leverage security and compliance capabilities available in the agency’s Microsoft 365 Government G5 environment (e.g., Microsoft Defender, Microsoft Entra ID, and Microsoft Purview) to improve prevention, detection, and data governance
Coordinate configuration standards and monitoring for email and collaboration security, identity protection (MFA/conditional access), data protection (sensitivity labels/DLP), and retention/eDiscovery/audit capabilities as licensed
Develop operational runbooks and reporting dashboards so controls remain effective and measurable over time
Maintain and test the Cybersecurity Incident Response Plan, including playbooks for ransomware, business email compromise, and vendor compromise
Coordinate tabletop exercises with IT and operational stakeholders; track corrective actions through closure
Serve as a lead technical/program liaison during cybersecurity incidents (internal coordination and vendor coordination)
Establish cybersecurity requirements for vendors and contracts (secure remote access, MFA, incident notification, logging, and data handling)
Perform risk reviews for critical vendors and systems; validate that compensating controls are documented when needed
Coordinate vendor access lifecycle management (onboarding, periodic review, termination)
Other duties as assigned
Qualification
Required
Bachelor's degree in Cybersecurity, Information Technology, Computer Science, Information Systems, or a related field; or an equivalent combination of education and experience
Five (5) years of progressively responsible experience in cybersecurity, information security, IT risk management, or a related field
Knowledge of modern threat landscape (phishing, ransomware, credential theft, supply-chain compromise) and practical mitigations
Ability to develop clear policies, standards, and training content and to maintain document and evidence control
Ability to assess risk, prioritize work, and communicate risk to non-technical stakeholders
Understanding of identity and access management, endpoint protection, vulnerability management, logging, backups, and incident response
Ability to work effectively with operations and maintenance staff to design controls that do not disrupt service delivery
Strong written and verbal communication skills, including the ability to facilitate cross-functional discussions and influence outcomes without formal authority
Preferred
Security certifications such as CISSP, CISM, CRISC, Security+, GIAC, or equivalent
Experience in public sector, critical infrastructure, transportation, or a 24/7 operational environment
Working knowledge of NIST Cybersecurity Framework (CSF), NIST SP 800-53/800-171 concepts, or comparable control frameworks; ability to map controls to agency policy and evidence
Experience with Microsoft Defender, Microsoft Purview, Microsoft Entra ID (identity governance/conditional access), and security reporting/monitoring practices
Experience partnering with records management on retention, eDiscovery, and public records response readiness
Company
Ben Franklin Transit
Ben Franklin Transit is an operator of public transportation.
201-500 employees
Funding
Current Stage
Growth StageLeadership Team
Sarah F.
Chief Financial Officer
Joshua Rosas
Chief Operations Officer
Company data provided by crunchbase