Senior Director, Security Operations
New York, NY
Operations – InfoSec Operations
Planned Parenthood Federation of America (PPFA) is the nation’s leading women’s health care provider, educator, and advocate, serving women, men, teens and families. For over 100 years, PPFA has done more than any other organization in the United States to improve women’s health and safety, prevent unintended pregnancies, and advance the right and ability of individuals and families to make informed and responsible health care decisions.
Planned Parenthood Federation of America (PPFA) seeks a dynamic and effective Senior Director, Security Architect. This job reports directly to the CISO in the Information Security division of PPFA. The Office of Information Security provides the strategy and implementation of the information security program that safeguards the data entrusted to Planned Parenthood by its patients, supporters, donors and staff. The Senior Director, Security Operations is the senior-level manager of the Information Security Operations team that is expected to direct and manage information security operations to include information security operational and incident response functions, MSSP vendor management, liaison with IT Operations and conduct day-to-day operational oversight. This position requires extensive practical experience leading security operations teams at scale for distributed environments.
DUTIES AND RESPONSIBILITIES
- Develop, direct and manage both local and organization wide information security operations.
- Manage documentation of standard operating procedures and processes; security policy development and enforcement; security risk assessments, audits, and remediations.
- Collaborate with Program and Project Managers and IT to develop and manage the initiation, planning, execution and maintenance of security programs and projects, to include strategy, prioritization, resource management, budget management, vendor management, risk analysis and ongoing testing, continuous monitoring and improvement as appropriate.
- Ensure all entities are aware of their responsibilities and expected outcome of security programs and projects.
- Act as a IR lead throughout incident scenarios and provide subject matter expertise in cybersecurity incident response.
- Responsible for the successful execution of incident handling procedures as well as direct response to security incidents.
- Ensure all entities are aware of their Incident Response responsibilities, planning, and escalation processes.
- Develop and conduct IR Tabletop exercises annually, include all relevant levels of management.
- Assist in the development and implementation of Incident Response Plans for both local and organization wide entities.
- Advise on information security strategy, own tactical planning, and operational/technical implementation.
- Stay knowledgeable about current security technologies, news and events and how they impact the security policies, procedures and portfolio.
- Benchmark, analyze, and make recommendations for the improvement and growth of PPFA’s technology and security operations and services.
- Assist and recommend specific intel for security threat notices to organization wide entities.
- Drive threat analysis and intelligence, tuning of security detection rules/policies/models, and implementation of effective countermeasures.
- Stay abreast of the security industry threat landscape and brief management team on current intelligence.
- Review and recommend threat intel sources that match needs of organization.
- Captures and regularly reports status, progress, operational & performance metrics and value to leadership.
- Collaborate across teams to ensure compliance with cybersecurity policies and developing reporting metrics to communicate the efficacy of tools and programs.
- Identify and assist in metrics development and management for both business and technical consumption.
- Experience leading diverse, distributed technical and operational teams with strong meeting management, relationship building and negotiating skills; able to gain trust of diverse stakeholders. Ability to translate technical information into easily understandable information for non-technical audiences.
- Ability to adapt, re-prioritize project work, and help drive the team’s focus as priorities shift or requirements change.
- Right balance of being collaborative, open, and approachable while still being firm on security policies and in facilitating progress and compromise.
- Ability to discuss and present on Security topics to various management groups from both local and organization wide entities.
- Able to manage in-house and vendor teams, develop partnerships, and manage vendors.
- Direct experience with MSSP relationship building, management and oversight.
- Assist in vendor security assessments .
- Assist in legal in vendor security requirements .
- Ensure MSSP is properly handling lower level incidents.
- Manage incident response for mid-level incidents.
- Lead the Technical Security Incident Response Team during Incident Response.
REQUIREMENTS / TECHNICAL EXPERTISE
- Bachelor’s degree or equivalent demonstrated experience and knowledge.
- 6 + years of progressive experience in a leadership or technical role managing information security engineering, teams, functions, and/or operations.
- Experience managing outsourced managed security service provider (MSSP) or in-house security operations center (SOC).
- Skills o Practical experience with modern information security technologies and vendor solutions to include but not limited to strong authentication, network security, endpoint security, cloud/SaaS/PaaS security, security information and event management, user behavior analytics, vulnerability management, information assurance, security operations, anti-DDoS SDLC, DevSecOps, mobile security, privacy, and regulatory compliance.
- Knowledge or experience with HIPAA or healthcare information security is a plus, but not required.
- Abilities o Ability to develop, manage, and execute on detailed strategy, tactical plans and operational implementation by coordinating with technical and operational teams.
- Strong, clear and concise verbal and written communication skills across all mediums and across all levels of the organization.
- At least one security industry certification (i.e., CISSP, CISA, CISM, SANS).
- Experience with information security frameworks: NIST, ISO 27001.E
- Experience with HIPAA, PCI-DSS and HiTRUST a plus
PERSONAL QUALITIES /OTHER ATTRIBUTES
- Proven negotiation skills and industry relationships.
- Proven ability to present and discuss highly complex technical information to users with varying technical expertise.
- Demonstrated ability to develop and maintain collaborative working relationships with varying constituencies and teams.
- Ability to work in a Federated model and provide insight and communications to technical and non-technical senior level staff.
- Exceptional consulting skillset with ability to provide appropriate direction to other groups and executives on security matters.
Planned Parenthood Federation of America is an equal employment opportunity employer and is committed to maintaining a non-discriminatory work environment, and does not discriminate against any employee or applicant for employment on the basis of race, color, religion, sex, national origin, age, disability, veteran status, marital status, sexual orientation, gender identity, or any other characteristic protected by applicable law. Planned Parenthood is committed to creating a dynamic work environment that values diversity and inclusion, respect and integrity, customer focus, and innovation.
Planned Parenthood Federation of America participates in the E-Verify program.