Information Security at the Bill & Melinda Gates Foundation focuses on protecting foundation data. This senior role is a collaborative member of a team of six information security professionals. As part of the larger Global Security team, the responsibilities for this role reach to all foundation locations across the globe. This role will require you to bring your technical capabilities, intellectual curiosity, and problem-solving skills to ensure the security of the foundation's information assets and systems. Our team is executing and continually evolving the information security program which includes: technical risk assessment; controls design; standards development; awareness and communication; monitoring and incident response. You’ll be collaborating across all levels of the organization, partnering to manage information security risk.
We believe that energized people, working well together, fueled by great leadership in an inclusive environment in which they thrive, will do phenomenal things.
- Information Security Controls Design: Design and communicate technology and process controls, including aspects related to: network, infrastructure, applications, cloud and managed services.
- Risk Assessment: With your technical background, you’ll conduct information security risk and vulnerability assessments. You’ll collaborate with internal and external stakeholders to understand business requirements and recommend appropriate solutions and controls.
- Guidance: Provide direction to technical teams during project delivery to ensure the solution’s security and business value. You may be required to validate and approve the deliverables of the technical team.
- Monitoring and Compliance: Understand the ever-changing technology environment to detect and address anomalies and security violations. Partner with IT to operationalize your recommendations.
- Incident Response: Respond to information security incidents, including investigations and forensics, leading cross-functional teams as necessary.
- Vendor Management: Provide vendor oversight, service performance reviews, service redesign.
- Collaboration: As a sub-team member of a broader Global Security team, to participate and collaborate with GS teams to develop and deliver comprehensive security solutions.
- Program Execution: We provide value to the foundation through the decisions we make as we execute our program. Everyone on the team participates.
- Experience with information security technologies and services (e.g., PKI, firewalls, secure web gateway, intrusion detection/prevention, endpoint protection, managed security services providers)
- Experience with infrastructure technologies (e.g., firewalls, routers, servers, databases, web servers).
- Knowledge of technical architectures, common endpoint operating systems, and service platforms for SaaS, IaaS, PaaS, and Managed Security Services.
- Knowledge of programming or scripting capability.
- Experience with Information security program frameworks and best practices
- Strong written and verbal communication skills, including technical and non-technical presentations and documentation.
- Self-directed planning, organizational skills, and the ability to handle multiple projects.
- Strong analytical, critical thinking, and problem-solving abilities.
- Ability to create clear strategies, policies, procedures and system documentation.
- Ability to lead small teams of engineers and vendors, overseeing work delivery and quality.
- Strong interpersonal and customer relationship skills, including the ability to communicate to multiple levels of the organization and with non-technical partners to derive technical requirements and priorities.