Senior Director, Security Architect
New York, NY
Operations – InfoSec Operations
Planned Parenthood Federation of America (PPFA) is the nation’s leading women’s health care provider, educator, and advocate, serving women, men, teens and families. For over 100 years, PPFA has done more than any other organization in the United States to improve women’s health and safety, prevent unintended pregnancies, and advance the right and ability of individuals and families to make informed and responsible health care decisions.
Planned Parenthood Federation of America (PPFA) seeks a dynamic and effective Senior Director, Security Architect. This job reports directly to the CISO in the Information Security division of PPFA. The Office of Information Security provides the strategy and implementation of the information security program that safeguards the data entrusted to Planned Parenthood by its patients, supporters, donors and staff. The Senior Director, Security Architect is a senior-level of the Information Security team that is expected to have a thorough understanding of complex IT systems and stay up to date with the latest security standards, systems and authentication protocols, as well as best practice security products. This requires knowing the business – a comprehensive awareness of its technology and information needs – which is used to develop and test security structures to protect its systems.
DUTIES AND RESPONSIBILITIES
- Develop Security Architecture for highly scalable and fault-tolerant applications that adhere to expected standards and discipline from a security posture.
- Introduce best practices and principles to enable consistent delivery and enable alignment with long-term direction.
- Gather and analyze requirements from product owners.
- Align standards, frameworks and security with overall business and technology strategy.
- Define and implement Security standards for SSDLC working closely with DevOps and business leaders to ensure they are adhered to.
- Identify security design gaps in existing and proposed architectures and recommend changes or enhancements.
- Provide technical and architectural oversight for systems and projects that are required to be reliable, massively scalable, highly available, and maintainable.
- Ability to drive DevSecOp models and integrate into existing DevOps.
- Identify and communicate current and emerging security threats within DevOps technologies in use.
- Identify and implement testing and code review technologies that improve the security posture of implemented systems including static & dynamic code scans.
- Work with our product organization to develop secure business requirements, develop the security architecture and integrate into our longer term platform strategy.
- Define solution level security architecture for project and work on reviews and conformance to PPFA’s Information Security standards.
- Work directly with project development teams to enable successful project implementation applying the recommended security tools, technologies and techniques. Provide expertise to project team engineers as needed.
- Stay up to date on new tools & techniques in the information security space.
- Conduct proof of concept activities with key business users in support of advanced use cases. Working knowledge of Data Security Best Practices: In Flight and In Use.
- Ability to build Risk Models and analyze security weaknesses in complex technology deployments.
- Assist as required in Vulnerability, Risk and Threat analysis ensuring maximum overall security architecture and enterprise posture.
- Assist as required in IR situations, Tabletops exercises and resulting remediations.
- Experience leading diverse, distributed technical and operational teams with strong meeting management, relationship building and negotiating skills; able to gain trust of diverse stakeholders.
- Exceptional consulting skill set with ability to provide appropriate direction to other groups and executives on security matters.
- Ability to translate technical information into easily understandable information for non-technical audiences.
- Ability to adapt, re-prioritize project work, and help drive the team’s focus as priorities shift or requirements change.
- Right balance of being collaborative, open, and approachable while still being firm in facilitating progress and compromise.
- Metrics development and management for both business and technical consumption.
- Proven ability to present and discuss highly complex technical information to users with varying technical expertise.
- Demonstrated ability to develop and maintain collaborative working relationships with varying constituencies and teams.
- Able to manage in-house and vendor teams.
- Foster development best practices within the team.
- Identify and drive process improvements.
- Facilitate communication with cross-functional groups.
- Assist as required in key vendor Security Reviews and approvals.
REQUIREMENTS / TECHNICAL EXPERTISE
- Bachelor’s degree and 5+ years of broad based information security experience, with expertise in the following areas: security engineering, security operations/ administration, incident response, audit, controls and risk management. If no degree, 7+ years of experience.
- Experience in a regulated industry a plus, specifically healthcare.
- Prior experience with architecture processes, strategies and standards is required.
- IT consulting and executive advisory experience with demonstrated skills in translating business requirements to technical solutions is necessary.
- Solid project management experience in a cross-functional environment is required.
- Has experience working with product teams on specifying and assisting in implementing Secure Application Requirements.
- Practical experience with modern information security technologies and vendor solutions to include but not limited to strong authentication, network security, endpoint security, cloud/SaaS/PaaS security, security information and event management, user behavior analytics, vulnerability management, information assurance, security operations, anti-DDoS SDLC, DevSecOps, mobile security, privacy, and regulatory compliance.
- Experience coordinating vendor solution delivery and partnering effectively with vendors to meet business needs.
- Secure cloud computing experience, specifically AWS, GCP required.
- At least one security industry certification (i.e., CISSP, CISA, CISM, SANS).
- Experience with information security frameworks: NIST, ISO 27001.
- Experience with HIPAA, PCI-DSS and HiTRUST a plus.
PERSONAL QUALITIES /OTHER ATTRIBUTES
- Exposure to multiple, diverse technical integrations, technologies and processing environments.
Planned Parenthood Federation of America is an equal employment opportunity employer and is committed to maintaining a non-discriminatory work environment, and does not discriminate against any employee or applicant for employment on the basis of race, color, religion, sex, national origin, age, disability, veteran status, marital status, sexual orientation, gender identity, or any other characteristic protected by applicable law. Planned Parenthood is committed to creating a dynamic work environment that values diversity and inclusion, respect and integrity, customer focus, and innovation.
Planned Parenthood Federation of America participates in the E-Verify program.