Information Security at the Bill & Melinda Gates Foundation focuses on protecting foundation data. This Senior role is a collaborative member of a team of six information security professionals. As part of the larger Global Security team, the responsibilities for this role reach to all foundation locations across the globe. A key value delivered by this role is to help teams across the foundation securely innovate with technology – and will be the primary focus of this role. This role reports to the Director, Information Security.
Ensures the security of the foundation's information assets and systems through a systematic, proactive approach that balances risk with business requirements and outcomes. Supports the Director, Information Security in developing and executing the information security program including: risk assessment; controls design; standards development; awareness and communication; monitoring and incident response. Collaborates across all levels of the organization, partnering to manage information security risk.
- Program Execution: Assist in developing and executing the foundation’s information security program, including: recommendations for capabilities and prioritization, strategy execution, development of standards and procedures. Identify key environmental data for communicating risk through information security metrics. Participate and lead Information Security awareness efforts.
- Risk Assessment: Conduct information security risk and vulnerability assessments. Collaborate with internal and external stakeholders to understand business requirements and recommend appropriate solutions and controls.
- Information Security Controls Design: Design and communicate technology and process controls, including aspects related to: network, infrastructure, applications, and services.
- Monitoring and Compliance: Understand the ever-changing technology environment to identify techniques to detect and address anomalies and security violations. Stay current with new developments in technology and the security industry, including adversary tactics, techniques, and procedures, vulnerabilities and malware.
- Collaboration: As a sub-team member of a broader Global Security team, to participate and collaborate with GS teams to develop and deliver comprehensive security solutions.
- Incident Response: Respond to information security incidents, including investigations and forensics, leading cross-functional teams as necessary.
- Vendor Management: Provide vendor management, resource allocation, budget, invoice, and/or billing reconciliation.
- Guidance: Guide the development and implementation of business solutions across multiple projects. Provide direction to technical teams during project delivery. May validate and approve the deliverables of the technical team.
- Experience with Information security program frameworks and best practices
- Experience with information security technologies and services (e.g., PKI, firewalls, secure web gateway, intrusion detection/prevention, endpoint protection, managed security services providers)
- Experience with infrastructure technologies (e.g., firewalls, routers, servers, databases, web servers).
- Strong written and verbal communication skills, including technical and non-technical presentations and documentation.
- Planning, organizational skills, ability to handle multiple projects without direct supervision.
- Strong analytical and problem-solving ability.
- Knowledge of technical architectures, common endpoint operating systems, and service platforms for SaaS, IaaS, PaaS, and Managed Security Services.
- Knowledge of programming or scripting capability.
- Ability to create clear strategies, policies, procedures and system documentation.
- Ability to work on, facilitate, and support multiple projects and real-time support issues.
- Ability to lead small teams of engineers and vendors, overseeing work delivery and quality.
- Strong interpersonal and customer relationship skills, including the ability to communicate to multiple levels of the organization and with non-technical partners to derive technical requirements and priorities.
- 7+ years of experience, or equivalent experience. May require technical certification depending on technology specialization.