Director of Information Security

A non-profit organization is looking for a Director of Information Security to join their team in New York, NY.

Compensation: $160-170k

The Director of Information Security is responsible for the development, implementation, and management of the Information Security program at an enterprise level. The Director of Information Security serves as a departmental manager for cyber security related operations, including incident response, and will own technology controls/measures, and policies, procedures, and processes. This role will oversee security remediation efforts and ensure the protection of internet-facing applications, personal information, healthcare information, and children's privacy. The Director of Information Security will plan, design, and direct all risk assessment activities and audits as well own compliance controls and monitoring as it pertains to firm's data protection and governance program.

Reporting to the Chief Information Officer, this is a non-exempt, full-time position located at the NYC headquarters.

Responsibilities

• Define and implement the organization's information security program
• Conduct risk assessments and develop mitigation plans
• Manage security incidents and ensure timely remediation
• Oversee the organization's security operations
• Develop and maintain security policies and procedures
• Provide security awareness training to employees
• Work with other departments to ensure the security of the organization's systems and data
  
  

Qualifications

• Bachelor's degree in information security, computer science, or a related field
• Advanced degree preferred
• 5-8 years of experience in a combination of risk management, information security, and IT jobs. At least five must be in a senior leadership role. Employment history must demonstrate increasing levels of responsibility.
• Professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials
• Proven track record and experience in developing information security policies and procedures, as well as successfully executing programs that meet the objectives of excellence in a dynamic environment.
• Knowledge of common information security management frameworks, such as NIST 800-53, NIST Cybersecurity Framework, or ISO 27001
• Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences.
• Excellent knowledge of technology environments, including telecommunications, networks, programming, media, and desktops
• Strong understanding of security risks and threats
• Experience implementing security and protecting internet-facing applications in multiple major public cloud (Amazon Web Services, Microsoft Azure, or Google Cloud)
• Experience in protecting personal information, healthcare information, and children's privacy
• Working knowledge of HIPAA, GDPR, and CPPA
• Experience in data protections in a data and compute intensive environments
• Excellent communication and interpersonal skills
• Ability to work independently and as part of a team
• Experience in Microsoft 365 and Google Workspace environments, Hybrid Windows and MacOS endpoint environments, Cisco Networking equipment, Windows and Linux server environments, Cloud architecture (AWS, Azure, GDP), GitHub and server virtualization (VMWare).
• Strong interpersonal, communication, and customer service skills
• Excellent judgment and creative problem-solving skills, including conflict resolution.
• Experience with managing subject matter experts and cross-functional IT professionals including recruitment, supervision, scheduling, development, evaluation and disciplinary actions
• Professional demeanor and attitude
• Self-starter, attentive to detail and team player able to establish and maintain effective working relationships