• Corporate Information Security Manager - 18072

    Job Locations US-DC-Washington
    Posted Date 4 weeks ago(3/27/2018 9:56 AM)
    # of Openings
    1
    Category
    Operations
  • Overview

    World Wildlife Fund (WWF), the world’s leading conservation organization, seeks a Corporate Information Security Manager at our Washington, DC office. Working with the CIO, the Corporate Information Security Manager is responsible for WWF’s information security program and is an advocate for WWF’s total information security needs. The Corporate Information Security Manager will work closely with the Senior Director of Network Services and other IT staff to develop and deliver a comprehensive information security strategy across the organization to optimize the security posture of WWF. The Manager will lead information security planning processes to establish and implement an inclusive and comprehensive information security program. The CIO and the Manager will work together to establish long range security compliance goals and define security strategies to maintain a security posture commiserate with the risk profile of the organization while balancing with other priorities at the enterprise level.

     

    Key Responsibilities

    • Provide guidance and counsel to the CIO in defining objectives for information security
    • Work with the CIO to secure WWF informational assets across all business units by determining security requirements; preparing security standards, policies, and procedures.
    • Create a road map for meeting security strategies and for continual program improvements.

    Responsibilities

    Risk Management and Strategic Planning

    1. Identify and classify data and informational assets, systems and services across all business units. This includes departmental web sites, software solutions, data repositories (Box, Drop Box) and other technical services used by business units and IT in all WWF US domestic and international field offices
    2. Lead efforts to internally assess and evaluate assets to identify security gaps and quantify risks and impact to WWF. Make recommendations to the CIO and senior management regarding the adequacy of the security controls for WWF’s information and technology systems. Build cohesive and comprehensive security and compliance programs for WWF appropriate for WWF’s risk profile.
    3. Work with IT colleagues to develop, implement and administer technical security standards, policies, procedures, and controls as well as a suite of security services and tools to address and mitigate security risk. Maintain security by monitoring and ensuring compliance to WWF standards, policies, and procedures by all WWF staff and consultants.
    4. Keep abreast of and understand the threat landscape and mitigation strategies. Track and understand emerging security practices and standards Continually assess strategy and adjust based on changing conditions.
    5. Ensure that disaster recovery and business continuity plans are in place and tested.
    6. Examine impacts of new technologies on WWF’s overall information security. Establish processes to review implementation of new technologies to ensure security compliance.
    7. Provide leadership, direction and guidance in assessing and evaluating information security risks and monitor compliance with security standards and appropriate policies for all WWF US Field Offices.

    Policy, Compliance and Audits

    1. Lead the development and implementation of effective and reasonable policies and practices to secure protected and sensitive data to effectively address state and federal statutory and regulatory requirements. Ensure compliance with the changing laws and applicable regulations (PCI, GDPR, etc.)
    2. Work closely with the leaders of WWF’s teams to ensure compliance requirements are understood. Champion compliance initiatives across all WWF’s business units.
    3. Coordinate third party system assessments/audits of both on-premise and cloud services to identify security vulnerabilities; assist IT colleagues with defining and managing remediation efforts.

    Outreach, Education, and Training

    1. Create education and awareness programs and advise operating units at all levels on security issues, best practices, and vulnerabilities. Work with IT to conduct security awareness training to all WWF personnel and enforce compliance with training requirements.
    2. Manage institution-wide information security governance processes, chair the Information Security Advisory Committee and lead Information Security Liaisons in the establishment of an information security program and project priorities.

    Incident Response

    1. Develop and maintain an Incident Response Plan.
    2. Keep abreast of security incidents and act as primary control point during significant information security incidents. Convene a Security Incident Response Team (SIRT) as needed, or requested, in addressing and investigating security incidences that arise.
    3. Convene Ad Hoc Security Committee as appropriate and provide leadership for breach response and notification actions for WWF.

    Performs other duties as assigned.

    Qualifications

    • Six years of experience as an Information Security professional
    • Security certification preferred; certifications such as:
    • Hands-on experience in a wide range of security technologies, tools, and methodologies.
    • Knowledge of PCI, GDPR and other state and federal regulations. Awareness of regulations for the Non-Profit sector.Experience developing strategies to be compliant.
    • Security information and event management (SIEM) expertise
    • College degree in technical field or relevant work experience.
    • Excellent written and verbal communication skills; ability to translate technical information to business risk
    • Able to adjust to changing priorities and ability to work under pressure
    • Strong documentation skills

    To Apply:

    • Submit cover letter and resume through our Careers Page,  Requisition #18072 
    • Due to the high volume of applications we are not able to respond to inquiries via phone

    As an EOE/AA employer, WWF will not discriminate in its employment practices due to an applicant’s race, color, religion, sex, national origin, age, marital status, genetic information, sexual orientation, gender identity and expression, disability, or protected Veteran status.

    Options

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed