• Sr Director, Corporate Information Security - 18072

    Job Locations US-DC-Washington
    Posted Date 5 months ago(5 months ago)
    # of Openings
  • Overview

    World Wildlife Fund (WWF), the world’s leading conservation organization, seeks a Sr Director, Corporate Information Security at our Washington, DC office. 

    Working with the CIO, the Sr Director, Corporate Information Security is responsible for WWF’s information security program and is an advocate for WWF’s total information security needs. This position will work closely with the Senior Director of Network Services and other IT staff to develop and deliver a comprehensive information security strategy across the organization to optimize the security posture of WWF. The Sr Director will lead information security planning processes to establish and implement an inclusive and comprehensive information security program. This position will provide guidance and counsel to the CIO to establish long range security compliance goals and define security strategies to maintain a security posture commiserate with the risk profile of the organization, while balancing with other priorities at the enterprise level.


    1. Risk Management and Strategic Planning

    • Identify and classify data and informational assets, systems and services across all business units. This includes departmental web sites, software solutions, data repositories (Box, Drop Box) and other technical services used by business units and IT in all WWF US domestic and international field offices
    • Lead efforts to internally assess and evaluate assets to identify security gaps and quantify risks and impact to WWF. Make recommendations to the CIO and senior management regarding the adequacy of the security controls for WWF’s information and technology systems. Build cohesive and comprehensive security and compliance programs for WWF appropriate for WWF’s risk profile.
    • Work with IT colleagues to develop, implement and administer technical security standards, policies, procedures, and controls as well as a suite of security services and tools to address and mitigate security risk. Maintain security by monitoring and ensuring compliance to WWF standards, policies, and procedures by all WWF staff and consultants.
    • Keep abreast of and understand the threat landscape and mitigation strategies. Track and understand emerging security practices and standards Continually assess strategy and adjust based on changing conditions.
    • Ensure that disaster recovery and business continuity plans are in place and tested.
    • Examine impacts of new technologies on WWF’s overall information security. Establish processes to review implementation of new technologies to ensure security compliance.
    • Provide leadership, direction and guidance in assessing and evaluating information security risks and monitor compliance with security standards and appropriate policies for all WWF US Field Offices.

    2. Policy, Compliance and Audits

    • Lead the development and implementation of effective and reasonable policies and practices to secure protected and sensitive data to effectively address state and federal statutory and regulatory requirements. Ensure compliance with the changing laws and applicable regulations (PCI, GDPR, etc.)
    • Work closely with the leaders of WWF’s teams to ensure compliance requirements are understood. Champion compliance initiatives across all WWF’s business units.
    • Coordinate third party system assessments/audits of both on-premise and cloud services to identify security vulnerabilities; assist IT colleagues with defining and managing remediation efforts.

    3. Outreach, Education, and Training

    • Create education and awareness programs and advise operating units at all levels on security issues, best practices, and vulnerabilities. Work with IT to conduct security awareness training to all WWF personnel and enforce compliance with training requirements.
    • Manage institution-wide information security governance processes, chair the Information Security Advisory Committee and lead Information Security Liaisons in the establishment of an information security program and project priorities.

    4. Incident Response

    • Develop and maintain an Incident Response Plan.
    • Keep abreast of security incidents and act as primary control point during significant information security incidents. Convene a Security Incident Response Team (SIRT) as needed, or requested, in addressing and investigating security incidences that arise.
    • Convene Ad Hoc Security Committee as appropriate and provide leadership for breach response and notification actions for WWF.

    5. Performs other duties as assigned.



    • Bachelor’s Degree required
    • Twelve years of progressive experience as an Information Security professional
    • Security certification preferred; certifications such as:
    • Hands-on experience in a wide range of security technologies, tools, and methodologies.
    • Knowledge of PCI, GDPR and other state and federal information security regulations, including awareness of regulations for the Non-Profit sector.
    • Experience developing strategies to be compliant with all applicable information security regulations (above).
    • Security information and event management (SIEM) expertise
    • Excellent written and verbal communication skills; ability to translate technical information to business risk to a non-technical audience
    • Able to adjust to changing priorities and ability to work under pressure
    • Strong documentation skills


    To Apply:

    • Submit cover letter and resume through our Careers Page,  Requisition #18072 
    • Due to the high volume of applications we are not able to respond to inquiries via phone

    As an EOE/AA employer, WWF will not discriminate in its employment practices due to an applicant’s race, color, religion, sex, national origin, age, marital status, genetic information, sexual orientation, gender identity and expression, disability, or protected Veteran status.


    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed