National Director, Information Security

About The Position

Requirements

• Bachelor’s degree in computer science, information systems, computer engineering, system analysis, or a related field, or equivalent work experience.
• 12+ years of IT and business/industry work experience including Information Security & Technology related experience.
• Certifications: At least one security industry certifications (i.e., CISSP , CISA, CISM, SANS).
• Progressive Leadership experience in managing technical functions and security engineering teams and influencing senior level management and key stakeholders.
• Proven ability to develop and implement strategic security initiatives.
• Strong understanding of security governance, risk management, and compliance frameworks.
• Excellent ability to conceive, draft, proofread and edit written materials quickly, including demonstrated ability to understand and communicate about complex, technical, or sensitive subjects in a clear, concise, and engaging manner.
• Experience managing outsourced managed security service provider (MSSP) or in-house security operations center (SOC).
• Knowledge of financial models and budgeting.
• Excellent organizational, collaborative leadership, decision-making and communication skills.
• Excellent business acumen and sound business judgment.
• Practical experience with modern information security technologies and vendor solutions to include but not limited to strong authentication, network security, endpoint security, cloud/SaaS/PaaS security, security information and event management, user behavior analytics, vulnerability management, incident response, information assurance, security operations, anti-DDoS SDLC, DevSecOps, mobile security, privacy, and regulatory compliance.
• Demonstrated experience integrating and operationalizing security frameworks such as: NIST CSF, ISO 27001, MITRE ATT&CK framework.
• Excellent skills in collaborating across divisions, functions, and geography, with a knack for engaging colleagues at all levels in projects and processes while continuing to own and drive them.
• Experience evaluating and maturing information security systems, controls, and processes, and leading internal control frameworks, regulatory compliance programs (e.g., HIPAA, PCI DSS, HITRUST, ISO 27001, NIST, CIS, SOC2, etc), and audit activities across complex environments
• Experience leading enterprise-level technology or security initiatives, preferably in a complex, federated or multi-site environment, including project management, system implementation, IT operations coordination, and day-to-day InfoSec operations (e.g., monitoring, incident response, SOC workflows, and vulnerability management).
• Flexibility and ability to adapt to quickly changing priorities and ambiguous situations
• A deep commitment to Planned Parenthood’s mission of promoting Sexual and Reproductive Health

Responsibilities

• Accountable for monitoring and analyzing PPFA’s security posture on an ongoing basis and managing the InfoSec operation’s team to protect, detect and respond to security issues according to standard operating procedures and best practices.
• Identifies opportunities and challenges for continued improvement across Information Security capabilities, delivering innovative and breakthrough cyber tech solutions.
• Oversee the National Office Security Operations including technology stack management for all cyber tech components.
• Lead and manage technology roadmaps and tech life cycle management for each tech component eg. ( Email Gateway, EDR, IAM, SIEM, Vuln Mgmt, etc)
• Provide technical oversight to ensure all tech stack components are configured, standard, stable according to SLAs and best practices.
• Drive SIEM alert tuning and provide technical leadership to MSSP to drive effective and efficient 24v7x365 alert monitoring.
• Responsible for management of standard operating procedures and processes; security policy development and enforcement; security risk assessments, audits, and remediations.
• Creates new InfoSec operations processes and approaches which accelerate delivery of shared services program and PPFA cyber support network.
• Act as the technical expert on all cyber technology products in collaboration with Affiliate Tech Services and IT to develop new cyber security services for the National Office and the federation.
• Act as a technical advisor and thought leader to the affiliates regarding cyber technology operational support for the InfoSec tech stack.
• Lead the InfoSec Architecture & Engineering function, overseeing the evaluation, design, and implementation of security technologies and enterprise architecture aligned to business objectives, industry frameworks (NIST, ISO 27001, CIS), and regulatory requirements (HIPAA, GDPR, PCI-DSS).
• Embed security into the software development lifecycle (SSDLC/DevSecOps) by defining secure architecture and coding standards, driving threat modeling and risk assessments, and ensuring security requirements are built into system and application specifications.
• Partner across IT and business units to integrate monitoring, detection, and response capabilities, continuously improve security tooling and processes, and strengthen the organization’s security posture through innovation, collaboration, and technology adoption
• In partnership with PPFA CISO, act as a co-IR lead throughout incident scenarios and provide subject matter expertise in cybersecurity incident response.
• Support the development and execution of IR Tabletop exercises annually, including all relevant levels of management.
• Assist in the development and implementation of Incident Response Plans.
• Oversee the executive IR plan and continuously improve to reflect the dynamic aspects of the business.
• Lead and evolve the strategic direction of Information Security technology capabilities in a collaborative, cross-discipline approach. Project senior-technical thought expertise on the information security strategy, and operational/technical implementation.
• Sought after as an expert on industry trends, current security technologies, news and events and how they impact the security policies, procedures and portfolio.
• Benchmark, analyze, and identify recommendations for the improvement and growth of PPFA’s technology and security operations and services to drive the advancement of division priorities
• Drive both internal and external threat analysis and intelligence, tuning of security detection rules/policies/models, and implementation of effective countermeasures.
• Stay abreast of the security industry threat landscape and brief executives and leadership team on current intelligence.
• Lead collaborative efforts between physical and cybersecurity threat management elements.
• Review and recommend threat intel sources that match the needs of the organization.
• Turns new concepts/approaches into functional reality through creation of InfoSec metrics and standards to drive optimization and operational excellence for all cyber tech products and services.
• Identify and drive assist in metrics development and management for both business and technical consumption
• Leads report status, progress, operational & performance metrics and value to executives across PPFA.
• Collaborate across teams to ensure compliance with cybersecurity policies and developing reporting metrics to communicate the efficacy of tools and programs
• Act as Security Change Approver for InfoSec on the PPFA IT Change Management Board to ensure IT system and configuration changes are not detrimental to PPFA’s information security posture, are authorized, and disruptions to services provided by Information Security and Information Technology to the PPFA National Office and its Affiliates are minimized.
• Facilitate InfoSec Accreditation Office Hours.
• Performs other duties as assigned.