Manager, Information Security

Project Open Hand•San Francisco, CA

About The Position

The Manager, Information Security is responsible for managing and protecting the organization’s technology infrastructure, systems, and sensitive data while ensuring reliable day-to-day IT operations. This role plays a critical part in safeguarding client, health, and organizational information in a mission-driven environment. Working closely with the Director of Information Technology, the Manager, Information Security will monitor infrastructure for threats, maintain system integrity, and implement cybersecurity best practices. Manage servers, networks, end point devices, and security tools. The role supports a secure, resilient technology environment that enables staff to effectively deliver services.

Requirements

3–5+ years of experience in Information Security, IT Infrastructure, or Network Administration.
Strong knowledge of Windows Server environments and Microsoft 365 administration.
Experience managing endpoint protection platforms and patch management tools.
Familiarity with network security concepts including firewalls, VPNs, and network segmentation.
Experience with backup and disaster recovery solutions.
Familiarity with security frameworks and standards (i.e. HITRUST, NIST, SOC2)
Understanding of cybersecurity risk management and threat mitigation strategies.
Strong troubleshooting, analytical, and problem-solving skills.
Ability to communicate technical information clearly to non-technical staff.

Nice To Haves

Experience working in nonprofit, healthcare, or public health environments.
Familiarity with HIPAA security principles or healthcare data protection standards.
Experience with cloud infrastructure (Azure or similar).
Knowledge of identity management and multi-factor authentication systems.
Experience with endpoint management platforms (Intune, etc.).

Responsibilities

Monitor systems, networks, and endpoints for security threats, vulnerabilities, and suspicious activity.
Manage and maintain cybersecurity tools including endpoint protection, firewalls, email security, and intrusion detection systems.
Conduct vulnerability scans and coordinate remediation activities.
Support the organization’s incident response procedures and investigate potential security events.
Manage identity and access control systems, including user permissions, multi-factor authentication (MFA), and privileged access controls.
Assist in developing and maintaining cybersecurity policies, standards, and procedures.
Responsible for documentation of systems architecture, security configurations, and operational procedures.
Support IT audits, security reviews, and risk assessments.
Contribute to the organization’s long-term IT security strategy and roadmap.
Manage backup systems and disaster recovery solutions to ensure data integrity and recoverability.
Perform regular backup testing and document recovery procedures.
Support secure data migration and data storage practices.
Implements ransomware protection and data loss prevention strategies.
Administer cloud and on-premise infrastructure including servers, networks, and storage systems.
Manage Microsoft 365, identity services, and collaboration platforms.
Administer endpoint management systems and oversee patch management and software updates.
Network administration including VPNs, wireless networks, and firewall configurations.
Monitor system performance and ensure high availability of critical IT services.
Lead onboarding and offboarding processes, ensuring secure provisioning and deactivation of user accounts
Oversee cybersecurity awareness initiatives and staff training programs.
Provide guidance to staff on secure technology practices and data protection.
Provide technical support for staff across multiple departments.