Cyber Governance, Risk & Compliance Manager

Cyber Governance, Risk & Compliance Manager

The Santa Clara Valley Transportation Authority (VTA) is seeking a strategic and experienced manager to lead and advance our enterprise-wide cybersecurity governance, compliance, and risk management programs.

This critical leadership role oversees cyber policy enforcement, regulatory compliance initiatives, incident response coordination, and enterprise risk mitigation across all technical environments. The selected candidate will play a key role in safeguarding VTA’s digital infrastructure and ensuring alignment with leading security frameworks such as NIST, ISO‑27001, CIS Controls, and MITRE ATT&CK.

Under general direction, the manager develops, implements, manages, and maintains VTA’s cyber security governance, risk, and compliance (GRC) programs.

This single‑position classification is characterized by full managerial responsibility for cyber security compliance and regulatory initiatives. The incumbent oversees GRC strategy, incident response, cyber policy enforcement, and risk mitigation activities across all technical environments, requiring significant expertise in security frameworks, regulatory compliance, and real‑time threat monitoring, and the ability to lead cross‑functional collaboration.

There is a proven record of designing and maintaining enterprise cybersecurity governance programs; conducting risk assessments and overseeing mitigation strategies; managing internal and external security audits; developing and enforcing cybersecurity policies and control frameworks; and leading cross‑functional coordination during incident response activities. The candidate is comfortable advising executive leadership and presenting cybersecurity risk information in a clear, actionable manner to both technical and non‑technical stakeholders.

• 7–10 years of progressively responsible cybersecurity experience with a focus on governance, risk, and compliance
• Experience with in a regulated or critical infrastructure environment
• Knowledge of applicable data privacy and security laws (e.g., HIPAA, CCPA/CPRA, GDPR, FISMA)
• Experience with vulnerability management, vendor risk management, and third‑party assessments
• Familiarity with GRC platforms such as Archer, Service Now GRC, RSA, or similar systems
• Relevant professional certifications such as CISSP, CISA, CRISC, CISM, or CGEIT

• Develop and implement protocols to safeguard digital files and information systems
• Ensure adherence to established cyber security protocols across the agency
• Plan, assign, direct, manage, and review the work of assigned subordinate staff
• Supervise real‑time monitoring of VTA’s networks, applications, email systems, and server infrastructure
• Coordinate incident response efforts and ensure effective resolution of security breaches
• Support the enhancement of VTA’s Cyber Security program in alignment with industry standards such as NIST, ISO‑27001, CIS Controls, and MITRE ATT&CK
• Collaborate with internal teams and external partners on cyber security best practices, compliance requirements, and incident investigations
• Oversee the implementation and maintenance of cyber security policies and a comprehensive controls framework
• Conduct ongoing risk assessments across the agency to identify and mitigate cyber security threats
• Recommend and implement risk management strategies to strengthen cyber resilience
• Plan and deploy cyber security measures and controls across VTA’s infrastructure
• Evaluate and recommend security tools, technologies, and countermeasures to mitigate emerging threats
• Manage internal and external cyber security audits; interpret audit findings and oversee corrective actions
• Lead investigations into security breaches, conduct root‑cause analyses, and develop incident response plans
• Implement security‑by‑design principles using frameworks such as OWASP
• Ensure timely and effective incident response to minimize impact on VTA’s operations and reputation
• Ensure compliance with VTA policies and procedures regarding equal opportunity and discrimination and harassment prevention
• Perform related duties as required

VTA is an equal employment opportunity employer. VTA does not and will not tolerate discrimination against applicants or employees on the basis of age, ancestry, color, marital status, mental or physical disability, genetic information, national origin, immigration status, political affiliation, race, religion, creed, sex, gender identity, gender expression, sexual orientation, pregnancy, medical condition, disabled veteran or veteran status, etc. VTA is committed to providing reasonable accommodations to individuals with disabilities in the recruitment and examination process.

To request an accommodation, please contact the Human Resources Department at (408) 321‑5575 or email Personnel at least five business days before the test.