Deputy Director, Information Security

The Foundation

We are the largest nonprofitfighting poverty, disease, and inequity around the world. Founded on a simple premise: people everywhere, regardless of identity or circumstances, should have the chance to live healthy, productive lives. We believe our employees should reflect the rich diversity of the global populations we aim to serve. We provide an exceptional benefits package to employees and their families which include comprehensive medical, dental, and vision coverage with no premiums, generous paid time off, paid family leave, foundation-paid retirement contribution, regional holidays, and opportunities to engage in several employee communities. As a workplace, we're committed to creating an environment for you to thrive both personally and professionally.

The Team

Technology is a critically important component to enable the foundation to fulfill our mission, but with this comes information security risk. Your role as Deputy Director, Information Security is to lead a team to help manage our risk - here's how!

• The design, development, and communication of technical security controls for both enterprise and information security solutions.

• The leadership and coordination of Information Security operations, monitoring the implementation and operation of technical security controls designs to detect risk and improve security design.

• The leadership of the information security incident response capability.

The Deputy Director, Information Security will report to the Director, Information Security - CISO. In the role of Deputy Director, you will manage a technical team of engineers and service providers responsible for the design of technical controls to protect our information assets. You will lead this extraordinary team and will be responsible for managing outcomes to prevent risk, monitor for signs of threat, and the coordination and execution of incident response. This is an exciting opportunity to lead and drive this important work!

• Lead and manage an Information Security team, with an emphasis on technical controls design and security operations.

• Responsibility for the strategy and direction for how we prevent risk through design to proactively protect our information assets, and to detect & respond to threats.

• Manage the services and service providers which form our Information Security operations capability.

• Build a culture of commitment through talent and performance management including coaching and mentoring team members to ensure continuous development of team members.

• Develop a comprehensive and scalable model for engagement both externally across the foundation and within our division.

• Stay up to date on relevant and emerging technologies and platforms, industry best practices, and security threat landscape to support initiatives and business needs.

• Evangelize Information Security solutions and value by way of collaboration, socialization of ideas, concepts, and building partnerships in alignment with change management methodologies.

We prefer 10 years of experience in Information Security management and leadership, to include 7 or more years of talent and people management experience.

• Passion to mentor others, develop and strengthen team members.

• Solid understanding of operational excellence and business lifecycles including but not limited to budget management, annual planning, quarterly business reviews, contract renewals, goal setting, talent management.

• Outstanding collaboration, interpersonal, communication and facilitation skills with ability to communicate and influence at all management levels.

• Excellent interpersonal, oral, and written communication skills; validated aptitude for communicating effectively with a variety of audiences.

• Expertise in security and regulatory compliance standards and frameworks such as: HIPAA, NIST CSF, ISO27001, and GDPR.

• 5+ years of experience in roles related to Information Security operations, including incident response.

• Expertise with enterprise architecture processes, principles and standards, frameworks, methods.

• Experience with Microsoft technologies and services, Linux (CentOS/Ubuntu/RedHat), and macOS.

• Experience with public IaaS cloud computing management: Microsoft Azure and Amazon AWS.

• Strong understanding of identity management, authentication, and authorization technologies, processes and protocols.

• BS in Engineering, Math, Computer Science, or related field or equivalent working experience; MBA preferred.

Must be able to legally work in the country where this position is located without visa sponsorship.

The salary range for this role is $208,600.00 to $323,400.00 USD. We recognize high-wage market differences in Seattle and Washington D.C., where our offices are located. The range for this role in these locations is $227,400.00 to $352,400.00 USD. As a mission-driven organization, we strive to balance competitive pay with our mission. New hires salaries are typically between the range minimum and the salary range midpoint. Actual placement in the range will depend on a candidate's job-related skills, experience, and expertise, as evaluated during the interview process.

Hiring Requirements

As part of our standard hiring process for new employees, employment will be contingent upon successful completion of a background check.

Candidate Accommodations

If you require assistance due to a disability in the application or recruitment process, please submit a request here.

Inclusion Statement

We are dedicated to the belief that all lives have equal value. We strive for a global and cultural workplace that supports ever greater diversity, equity, and inclusion - of voices, ideas, and approaches - and we support this diversity through all our employment practices.

All applicants and employees who are drawn to serve our mission will enjoy equality of opportunity and fair treatment without regard to race, color, age, religion, pregnancy, sex, sexual orientation, disability, gender identity, gender expression, national origin, genetic information, veteran status, marital status, and prior protected activity.