Director of InfoSec Operations
Planned Parenthood Federation of America (PPFA) is the national umbrella organization for the nation’s leading network of women’s health care providers, educators, and advocates, serving women, men, teens and families. For over 100 years, Planned Parenthood has done more than any other organization in the United States to improve women’s health and safety, prevent unintended pregnancies, and advance the right and ability of individuals and families to make informed and responsible health care decisions. Planned Parenthood Action Fund (PPAF) is the advocacy and political arm of PPFA.
Planned Parenthood Federation of America (PPFA) seeks a dynamic and hands-on Director of InfoSec Operations for working within the InfoSec Operations group. This job reports directly to the Sr. Director, InfoSec Operations in the Information Security division of PPFA. PPFA Information Security provides the strategy and implementation of the information security program that safeguards the data entrusted to Planned Parenthood by its patients, supporters, donors and staff.
Purpose: The Director of InfoSec Operations will be responsible for managing the day to day operations of PPFA’s security solutions through management of the organization's security operations products, people and processes.
The Director of InfoSec Operations will interface with peers across IT as well as with peers of the business units to ensure the delivery of the InfoSec Operations services are aligned with PPFA frameworks and security policies.
They will contribute to and where appropriate create and maintain the PPFA's security operations documents (policies, standards, baselines, guidelines and procedures) with the greater InfoSec Operations team.
The Director of InfoSec Operations will work within a multi-disciplined position in the Information Security team that is expected to have a thorough understanding of complex systems and stay up to date with the latest security standards, products, and knowledge of the evolving threat landscape. Responsible for fostering trusted partnerships and relationships with the PPFA business application owners.
Delivery and Engagement:
● Oversee the deployment, integration and initial configuration of all new security solutions/products and of any enhancements to existing security solutions/products in accordance with standard best operating procedures generically and PPFA’s security policies specifically.
Select and acquire additional security solutions or enhancements to existing security solutions to improve overall enterprise security as per PPFA’s existing procurement processes.
● Expertise in technology disciplines which include but are not limited to, endpoint security, data loss protection, cloud security operations, intrusion detection and intrusion prevention, application and system scanning tools, log collection and monitoring.
● Ability to research, develop, and make presentations for tools, techniques, and process improvement opportunities in support of information security initiatives and evolving threats within the organization.
● Ensure Security Operations products are effectively utilized and operating, identify gaps in process or procedure and implement new solutions accordingly.
● Monitor key performance indicator (KPI) metrics; track and report on performance; provide reporting to senior management on performance.
● Stay abreast of industry trends and changing threat landscape and review technologies/products/services and make recommendations.
● Under the direction and guidance of the Senior Director Security Operations, design, implement and maintain procedures and controls necessary to ensure and protect the safety and security of all information assets within the organization, including prevention of intentional or inadvertent access, modification, disclosure, or destruction of PPFA data.
● Develop and maintain effective relationships with IT teams throughout the company to coordinate efforts to protect critical systems.
● Communicate vertically and horizontally to keep stakeholders informed and involved on Security Operations matters.
● Achieve high level of customer service satisfaction through timely execution of service requests and inquiries.
Knowledge, Skills and Abilities (KSAs): Reporting to the Sr. Director InfoSec Operations, these are the traits that mark a strong candidate as part of our InfoSec Operations leadership team.
● Bachelor's degree from an accredited college/university or equivalent experience; CISSP, CEH, CPT, CISM, CISA, CIPP, GIAC, GSEC, and/or GCFW certifications is preferred
● 5+ years of work experience in leading an Information Security Operations Team in a regulated environment one or more of the following industries: Healthcare, Insurance, Financial Services, or Pharmaceuticals, or in a related field such as IT Operations / Service Delivery.
● Demonstrated technical experience with the following disciplines: Data Leakage Protection, File Integrity Monitoring, SIEM, Vulnerability Management, Endpoint Protection, Endpoint Detection and Response, Email Gateways, Firewall Management, Web Application Firewall Management, Multi-factor Authentication, SSL Certificate Management, and CASB/SASE Web Proxies.
● Ability to research, develop, and make presentations for tools, techniques, and process improvement opportunities in support of information security operations initiatives and evolving threats within the organization.
● Demonstrated knowledge and understanding of relevant legal and regulatory requirements frameworks such as: PCI, NIST, SOX, MARS-E, HIPPA, ISO27000.
● Security expertise on cloud platforms such as Azure, AWS and GCP, and knowledge of Cloud Security Alliance (CSA) principles.
● Excellent project management skills including scheduling and resource management.
● Experience with security incident response of broad-based cyber threats.
Excellent relationship building skills across diverse cross-functional teams.
● Exceptional written/oral communication skills.
Location: Telecommute with 10% travel for conferences and annual team meetings