This is a Limited Term Employee role to backfill someone who will be out on parental leave. The role is targeted for 15-18 months starting in August/September 2018 however the start and end dates for this assignment may change.
Internal candidates are required to have a conversation with their manager to confirm support before applying to this position. Managers have the right to decline a request to apply for a backfill assignment, regardless of tenure in role.
Please apply to this posting to indicate your interest in the role, rather than contacting the hiring manager directly. See additional internal information below.
Ensures the security of the foundation's information assets and systems through a systematic, proactive approach that balances risk with business requirements and outcomes. Supports the Director, Information Security in developing and executing the information security program including: risk assessment; controls design; standards development; awareness and communication; monitoring and incident response. Collaborates across all levels of the organization, partnering to manage information security risk.
- Program Execution: Assist in developing and executing the foundation’s information security program, including: recommendations for capabilities and prioritization, strategy execution, development of standards and procedures. Identify key environmental data for communicating risk through information security metrics. Participate and lead Information Security awareness efforts.
- Risk Assessment: Conduct information security risk and vulnerability assessments. Collaborate with internal and external stakeholders to understand business requirements and recommend appropriate solutions and controls.
- Information Security Controls Design: Design and communicate technology and process controls, including aspects related to: network, infrastructure, applications, and services.
- Monitoring and Compliance: Understand the ever-changing technology environment to identify techniques to detect and address anomalies and security violations. Stay current with new developments in technology and the security industry, including adversary tactics, techniques, and procedures, vulnerabilities and malware.
- Incident Response: Respond to information security incidents, including investigations and forensics, leading cross-functional teams as necessary.
- Vendor Management: Provide vendor management, resource allocation, budget, invoice, and/or billing reconciliation.
- Guidance: Guide the development and implementation of business solutions across multiple projects. Provide direction to technical teams during project delivery. May validate and approve the deliverables of the technical team.
- Experience with Information security program frameworks and best practices
- Experience with information security technologies (e.g., PKI, firewalls, secure web gateway, intrusion detection/prevention, endpoint protection)
- Experience with infrastructure technologies (e.g., firewalls, routers, servers, databases, web servers).
- Strong written and verbal communication skills, including technical and non-technical presentations and documentation.
- Planning, organizational skills, ability to handle multiple projects without direct supervision.
- Strong analytical and problem-solving ability.
- Knowledge of technical architectures, common endpoint operating systems, and service platforms for SaaS, IaaS, PaaS.
- Knowledge of programming or scripting capability.
- Ability to create clear strategies, policies, procedures and system documentation.
- Ability to work on, facilitate, and support multiple projects and real-time support issues.
- Ability to lead small teams of engineers and vendors, overseeing work delivery and quality.
- Strong interpersonal and customer relationship skills, including the ability to communicate to multiple levels of the organization and with non-technical partners to derive technical requirements and priorities.