Director, DevSecOps Architecture and Engineering

Telecommuter /
Office of the EVP & Chief Operating Officer (COO) – Information Security /
Full Time - Non-Union
Planned Parenthood Federation of America (PPFA) is the national umbrella organization for the nation’s leading network of women’s health care providers, educators, and advocates, serving women, men, teens and families. Planned Parenthood Action Fund (PPAF) is the advocacy and political arm of PPFA. For over 100 years, Planned Parenthood has done more than any other organization in the United States to improve women’s health and safety, prevent unintended pregnancies, and advance the right and ability of individuals and families to make informed and responsible health care decisions.  

Planned Parenthood Federation of America (PPFA) seeks a dynamic and effective DevSecOps Architect and Engineer. This job reports directly to the Sr. Director Architecture and Engineering in the Information Security division of PPFA. The Office of the Chief Information Security Officer provides the strategy and implementation of the information security program that safeguards the data entrusted to Planned Parenthood by its patients, supporters, donors and staff.

Purpose:

    • The Director DevSecOps Architecture and Engineering will work within a multi-disciplined position in the Information Security team that is expected to have a thorough understanding of complex systems and stay up to date with the latest Continuous Integration/Continuous Deployment (CI/CD) security standards, systems, and authentication protocols, as well as best practice security products. Responsible for fostering trusted partnerships and relationships with the Digital Products, DevOps, and AppDev. This will require both knowing the business, our digital strategy, and having a comprehensive awareness of its technology and information needs. This knowledge is ultimately used to develop and test security controls to protect the development pipeline and supporting systems. 

Delivery:

    • Foster a trusted partnership and relationships with the Digital Products, DevOps, AppDev, and business.
    • Analyze customer needs, issues and interests to formulate a strategy that will achieve business objectives.
    • Define and implement infosec standards for SDLC working closely with DevOps and business leaders to ensure they are adhered to the policies and standards
    • Manage or support complex security projects and other strategic security initiatives, in support of our digital and business priorities
    • Align standards, frameworks, and security with overall business and technology strategy
    • Design, build, and manage a scalable threat modeling framework, leveraging automation to integrate application security into the CI/CD pipeline, and act as the product owner of application security automation platform.
    • Provide engineering and architectural oversight for systems and projects that are required to be reliable, massively scalable, highly available, and maintainable
    • As SME, create, own, and update policies, standards, and procedures (DevSecOps), clarifying them when questions arise; is always prepared to accurately discuss these policies. Track risk acceptance not inline with policies, standards, and procedures.
    • Work directly with project development teams to enable successful project implementation applying the recommended security tools, technologies, and techniques. Provide expertise to project team engineers and architecture as needed.
    • Stay up to date on new tools & techniques in the information security space.
    • Conduct proof of concept activities with key business users in support of advanced use cases.
    • Design and demonstrate an information security solution that is scalable and easy to adapt with changing business requirements. 

Engagement:

    • The Director DevSecOps Architecture and Engineering will engage with senior, chief, and executive level staff, and as required, leading and mentoring direct and indirect reports.
    • Subject matter expert (SME) and owner of the DevSecOps engineering and architecture domain
    • Works independently with affiliates, InfoSec shared services. vendors and product managers, vendor account managers, vendor account support representatives, and purchasing to achieve company major business objectives.
    • Develop and maintain relevant engineering and architecture metrics to assess system and data integrity.
    • Create, review and/or evaluate technical business scopes of work.
    • Create architecture drawings depicting environments both existing and proposed.
    • Understand client’s business initiatives and requirements and map these business needs into technical and security architecture.
    • Provide technical thought leadership in overall security Solution development.
    • Provide assessment services, compliance audits, security consulting and advisory services.

Knowledge, Skills and Abilities (KSAs):

    • Reporting to the Sr. Director Architecture and Engineering, be part of our SME leadership team.
    • Prior experience with DevSecOps processes, standards, and strategies is required
    • Experience successfully leverages and drives automation for the integration of application security into the Continuous Integration and Continuous Deployment pipeline.
    • AWS Certified DevOps, SysOps, or Solutions Architect associate or professional required
    • Experience drafting policy and standards
    • PM Experience for a large implementation/migration project (10+ user team)
    • Bachelor’s degree and 6+ years of broad-based information security experience, with expertise in the following areas: software development, security operations/ administration, incident response, controls review, and risk management
    • Develop and maintain relevant metrics to assess system and data integrity; including release planning, sprint planning, execution, quality, and cadence management
    • Strong executive presence, communication, and collaboration skills with executive and senior leaders.
    • Practical experience with modern information security and cybersecurity technologies include but not limited to strong authentication, network security, endpoint security, cloud/SaaS/PaaS security, security information, and event management, user behavior analytics, vulnerability management, information assurance, security operations, anti-DDoS, privacy, and regulatory compliance

Location:

    •  Telecommute with 10% travel for conferences and annual team meetings
Starting Salary: 140k

*LI-KM1

Final offers for this job will be based on capabilities and will be made within the parameters of the PPFA compensation program. Total offer package to include generous vacation + sick leave + paid holidays, individual/family provided medical, dental and vision benefits effective day 1, life insurance, short/long term disability, paid family leave and 401k. We also offer voluntary opt in for Flexible Spending Account (FSA) and Transportation/Commuter accounts.   

We value a truly diverse workforce and a culture of inclusivity and belonging. Our goal is to attract qualified candidates and encourage applications from all individuals without regard to race, color, religion, sex, national origin, age, disability, veteran status, marital status, sexual orientation, gender identity, or any other characteristic protected by applicable law.  We're committed to creating a dynamic work environment that values diversity and inclusion, respect and integrity, customer focus, and innovation.

PPFA participates in the E-Verify program and is an Equal Opportunity Employer

*LI-KM1
*PDN-HR