Associate IT Security Director. New York. Posting Date: 08/08/2019. Deadline: 09/05/2019
The Information Technology department at Open Society Foundations is seeking an Associate Director based in New York City. The Open Society Foundations work to build vibrant and tolerant democracies whose governments are accountable and open to the participation of all people. Job Description
Reporting to the Global Head of Security, the Associate IT Security Director will oversee the execution of day-to-day operations and strategic initiatives which move forward OSF's Security mission. Key responsibilities will include managing the daily demands of a growing and changing global Security operation, including management of security polices, controls, global security standards and communications. The role will be responsible for carrying out the vision and strategic direction of Global Head of Security. Reporting to the Global Head of IT Security in New York. Some regular travel across the US and occasional travel to the EU is required.Essential Duties and Responsibilities include the following:
- Instruct, manage, and mentor security team consisting of direct reports and consultants including providing security guidance, hiring, training, staff development, and performance management.
- Report on and Track on Budgets and Spending
- Act as key stakeholder in assessing risks and threats to network security and design security controls to manage risks.
- Manage Team Projects, Support and Day to day Operations
- Review and provide inputs on software procurement process including in house IT solutions, off the shelf software products and/or contracted software development.
- Conduct Vendor and Software Risk Assessments
- Communicate information security goals and new programs effectively with other department managers within the organization
- Assists in the creation, implementation, and/or management of security solutions and policies.
- Report on information security metrics.
- Oversee security management and delivery mechanisms for all security related activities including security and data logs analysis, triage and investigation as well as detection and response to security incidents
- Implement industry standards with regard to formal security frameworks and regulations, and make sure that information security policies, procedures, and best practices are kept up-to-date and communicated to all personnel and that compliance is enforced
- Review investigations after breaches or incidents, including impact analysis and recommendations for avoiding similar vulnerabilities
- Schedule and oversee periodic security audits to ensure compliance with changing laws and regulations
- Maintain a current understanding of the IT threat landscape for the industry / OSF network and Identify risks and actionable plans to protect the business
- Create identity and access policies and oversee identity and access management, and work with HR to ensure that disaster recovery and business continuity plans are in place and tested
- Update the information security strategy to leverage new technology and threat information and as Subject Matter for Security
- Responsible for implementing end-user education and awareness programs
- Manages hardware and software life cycles to limit or avoid end of life or end of support milestones for IT Risk and Security
- Manages Security projects
- 5 years of relevant experience and/or training; or equivalent combination of education and experience.
- Degree in Computers, Technology or related field
- 5-8 Years of Experience in Information Security or IT OPS management and systems administration with at least 3 years specific to IT Security;
- Demonstrated experience managing, end to end, design, definition, and delivery of IT Risk and Security solutions in-line with strategic goals
- Strong experience with management and oversight of direct reports
- Previous experience in vendor management
- Strong experience with IT Risk and Security solutions and vendors, Cybersecurity, Identity and Access Management, Endpoint Security, Privileged Management, IIT Risk Assessments,
- Next Generation Firewalls, Next Generation End Point Detection, Vulnerability Scanning, Threat Hunting, Web and Email Security
- Relevant certifications such as CISSP (Certified Information System Security Professional), CISM (ISACA Certified Information Security Manager) or CISA (ISACA Certified Information Security Auditor) are preferred
- Familiarity with audit standards such as ISO, SOC, and SSAE
Along with your application, please include a resume and cover letter in one file.
Competitive rates of pay apply.
We are strengthened by the diversity of our colleagues across the Open Society Foundations. We welcome applications from people of all cultures, backgrounds, and experiences, and are committed to providing reasonable adjustments so that colleagues with disabilities are able to fulfill the essential functions of the job.