Senior Director - Information Technology & Digital Security

About The Position

Requirements

• Minimum 10 years of progressive management and leadership experience in technology, data governance, and/or information security roles. Ideally, in a nonprofit, press freedom media, or human rights context.
• Demonstrated experience developing and leading enterprise-wide technology or information security strategy within a distributed or multi-regional organization.
• Experience managing outsourced IT providers and complex SaaS ecosystems.
• Strong understanding of cloud-based infrastructure, identity and access management, endpoint security, and enterprise collaboration platforms.
• Experience working with enterprise CRM or structured data platforms (e.g., Salesforce or comparable systems) in a governance or oversight capacity.
• Experience with organization-wide data governance policies, including data classification, access controls, retention standards, and stewardship models.
• Understanding of data architecture principles, system integration, and information lifecycle management.
• Ability to interpret data models, architecture diagrams, and governance documentation to assess areas of integrity, risk, and compliance.
• Experience developing and implementing information security programs, including incident response frameworks and compliance mechanisms.
• Familiarity with risk assessment methodologies for mission-driven or international organizations.
• Understanding of cross-border data storage considerations, jurisdictional exposure, and privacy implications in international operations.
• Experience translating technical risk into clear decision-making and organizational policy.
• Demonstrated ability to balance security, usability, and operational realities in complex operating environments.
• Ability to lead complex, matrix-managed teams, set standards and ensure adoption across decentralized teams and regions.
• Experience working across cultures, time zones, and international contexts.
• Ability to work with compassion and professionalism, maintaining confidentiality and trust.
• Proactive approach to work, with experience working independently.
• Strong communication and interpersonal skills.
• Ability to work with a high degree of confidentiality.
• Ability to work calmly and professionally in high-pressure situations, when rapid response is sometimes required.
• Excellent written communication skills.
• Fluency in English.

Nice To Haves

• Fluency in additional language(s).
• Experience in international human rights, press freedom, journalism, or nonprofit organizations.
• Experience engaging stakeholders in national and international forums.
• Experience supporting teams operating in higher-risk or restrictive environments.
• Experience integrating security reporting and operational risk indicators into decision-making processes.
• A professional certification in information security, governance, or risk management (e.g., CISSP, CISM, CISA, or equivalent).

Responsibilities

• Set and drive an enterprise technology strategy aligned with CPJ’s mission and global operating model.
• Lead a comprehensive evaluation of CPJ's current technology platforms, including core infrastructure, collaboration platforms, CRM systems, and broader SaaS ecosystem, assessing them against security, operational, and organizational needs, and implementing recommendations for consolidation, migration, or improvement
• Establish and enforce organization-wide technology standards across regions and departments.
• Establish and enforce identity and access management standards, including onboarding and offboarding protocols, to ensure appropriate access to systems and data throughout the staff lifecycle.
• Lead vendor strategy and performance oversight, including managed IT service providers and key platform partners.
• Direct system selection, approval processes, and portfolio management to ensure alignment with security, compliance, and operational priorities.
• Establish lifecycle management practices, including regular system review, modernization, and decommissioning.
• Ensure operational resilience and identify and mitigate single points of failure by formalizing documentation, ownership, and continuity planning across critical systems.
• Provide day‑to‑day leadership and supervision to staff, including setting clear expectations, delegating work, monitoring performance, coaching and developing team members, conducting evaluations, addressing performance or conduct issues, supporting hiring and onboarding, and fostering an inclusive, accountable, and high‑performing team culture.
• Lead CPJ’s organization-wide data governance strategy and framework.
• Define and ensure standards for data quality, classification, access control, retention, and stewardship.
• Oversee data architecture across structured and unstructured systems
• Provide strategic oversight of our Salesforce-based CARTA data system and related data systems, working closely with the internal team and consultants who lead day-to-day development.
• Establish and operationalize lifecycle management processes for data retention, archiving, and system retirement.
• Ensure the integrity, consistency, and reliability of data used in reporting, advocacy, and public outputs.
• Clarify and formalize data stewardship roles and decision rights across departments and regions.
• Develop and implement an organization-wide information security strategy aligned with CPJ’s global profile and operating environment.
• Establish and ensure baseline technical and procedural controls across systems and regions.
• Design, maintain and oversee formal incident response and escalation pathways for information security events.
• Establish mechanisms to measure compliance with security standards and ensure timely resolution of identified gaps.
• Leverage security reporting and risk indicators to inform policy, strengthen controls, and guide organizational decision-making.
• Integrate security considerations into procurement, vendor selection, and technology adoption processes.
• Conduct periodic risk assessments and maturity reviews to strengthen organizational resilience.
• Ensure policies and controls account for jurisdictional, legal, and hosting risks relevant to CPJ’s operations.
• Own and strengthen CPJ's digital safety function, ensuring it is consistently applied and integrated into the organization's broader security architecture.
• Develop systematic digital safety onboarding for all staff, ensuring baseline practices are established from day one.
• Design and implement training frameworks appropriate to the different risk profiles across CPJ's global workforce.
• Proactively assess the digital threat landscape affecting CPJ staff, particularly those in higher-risk regions, and adjust safety standards and practices accordingly.
• Establish and enforce baseline device and communications security standards, including secure device configuration, VPN usage, and encrypted communications protocols.
• Provide direct advisory support to staff traveling or operating in higher-risk environments.
• Establish clear reporting and escalation pathways for information security events, including device compromise, account breach, or suspected surveillance.
• Ensure CPJ has a defined organizational response to digital harassment targeting staff, including clear escalation pathways, support mechanisms, and coordination with relevant external partners.
• Partner with regional leadership to ensure digital safety standards reflect the operational realities of teams working in diverse, sometimes high-risk contexts.
• Perform all other duties as assigned.

Benefits

• Benefit packages are specific to the hiring location. More specific information will be provided as part of the interview process. If this position is hired outside of the United States, it will ultimately be managed by an Employer of Record (EOR) firm that is engaged by CPJ for the purpose of employing international staff. Benefits will be consistent with those typically offered by the EOR firm in the country of hire.