Chief Information Security Officer

About The Position

Requirements

• Minimum 7-10 years of experience in IT and security, with at least 5 years in management capacity.
• Bachelor’s degree in Management Information System (MIS), Computer Science, Information Technology or related field preferred.
• Experience in a fast-paced non-profit or professional services environment strongly preferred.
• Familiarity with network security, cloud security (e.g., Office 365), and endpoint protection.
• Working knowledge of security frameworks such as NIST CSF, CIS Controls and ISO 27001.
• Ability to translate complex technical risks into business impact for non-technical stakeholders.
• Ability to leverage free or low-cost tools and prioritize the "80/20" rule (20% of effort that mitigates 80% of risk).
• Ability to define and build a team that fits the ANSI Enterprise size, risk and budget.
• Exceptional organizational and time-management skills with a strong attention to detail.
• Superior verbal and written communication skills; ability to represent senior leaders professionally.
• Proficiency in Microsoft Office Suite (Outlook, Word, Excel, PowerPoint) and collaboration platforms (Teams, Zoom, WebEx).
• Strong interpersonal skills and the ability to build relationships across all organizational levels.
• Knowledge of standards industry, manufacturing or process-oriented business preferred.

Nice To Haves

• CISSP (Certified Information Systems Security Professional) or CISM (Certified Information Security Manager) are highly preferred.

Responsibilities

• Develop, implement, and maintain a practical, risk-based information security program aligned with the non-profit's mission and budget. This includes an overall strategy and related policies.
• Conduct regular risk assessments to identify vulnerabilities and prioritize remediation efforts.
• Create, test, and lead the incident response plan to handle security breaches, ransomware, or data leaks.
• Ensure adherence to relevant data protection regulations (e.g., GDPR, HIPAA, PCI-DSS) and member privacy requirements.
• Implement employee awareness training to mitigate risks from phishing and social engineering.
• Assess and monitor the security posture of third-party vendors (e.g., cloud fundraising platforms).
• Provide regular updates on security posture and risk to senior leadership and the Board of Directors.
• Attend/complete assigned information security training by the designated completion date.
• Read and adhere to published ISMS policies and procedures.
• Report timely any observed violations of ISMS policy - or known encroachments on information security - to your department leader and/or the Information Technology Department.

Benefits

• Equal employment opportunities to all employees and applicants for employment