Reports to: VP, Technology
Location: Hybrid NYC
POSITION SUMMARY:
The Information Security Manager is responsible for developing, implementing, and maintaining an information security program that ensures the confidentiality, integrity, and availability of our data and systems. Collaborating on privacy initiatives with appropriate team members and consultants, as needed. A key responsibility of this position is to balance security needs without restricting the organization's mission, enabling us to achieve our goals while safeguarding our data and privacy. AFSP is primarily a US based organization with a minimal EU and UK presence.
RESPONSIBILITIES:
- Develop and implement a comprehensive information security strategy.
- Perform risk assessments and vulnerability analyses to identify potential threats.
- Design and enforce security policies, procedures, and protocols.
- Monitor and respond to security incidents and breaches.
- Conduct regular security audits and assessments.
- Implement and manage security technologies such as firewalls, intrusion detection systems, and anti-malware solutions.
- Provide training and awareness programs for staff on information security best practices.
- Collaborate with IT and other departments to ensure security measures are integrated into all organizational processes.
- Stay updated on the latest security trends, threats, and technologies.
- Ensure that personal and sensitive information is collected, stored, and processed in a secure and compliant manner.
- Develop and maintain a comprehensive personal data inventory.
- Provide training and awareness programs for staff.
- Collaborate with legal and compliance teams to address privacy-related issues and incidents.
- Conduct regular audits and assessments.
Note:
- An individual in this position must be able to successfully perform the essential duties and responsibilities listed above. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of this position.
- The above list reflects the general details necessary to describe the principle and essential functions of the position and shall not be construed as the only duties that may be assigned for the position.
MINIMUM QUALIFICATIONS:
Education Bachelor's degree in Information Security, Computer Science, or a related field
Experience and/or Training Minimum of 5 years of experience in information security. In-depth knowledge of laws and regulations. Comprehensive understanding of information security principles, frameworks (e.g., NIST, ISO 27001), and technologies
Licenses/Certificates CompTIA Security+
Technology/Equipment
PREFERRED QUALIFICATIONS:
Education Masters degree in Information Security, Computer Science or related field
Experience and/or Training Experience in a non-profit environment.
Licenses/Certificates Certifications, CISSP, CISM, or and CIPM preferred
Technology/Equipment
OTHER SKILLS and ABILITIES:
- Strong analytical skills with the ability to assess complex security issues and privacy challenges, identify root causes, and implement effective solutions.
- Proven ability to assess, prioritize, and manage risks in an ever-changing security and privacy landscape.
- Strong decision-making skills, balancing security needs with business requirements and legal obligations.
- Proven ability to assess, prioritize, and manage risks in an ever-changing security and privacy landscape.
- Highly detail-oriented, with the ability to thoroughly review security policies, incident reports, and compliance requirements to ensure accuracy and thoroughness.
- Ability to collaborate with internal teams and external partners to foster a culture of security and privacy throughout the organization.
- A growth mindset with a commitment to staying current with the latest industry trends, security technologies, privacy laws (such as GDPR and CCPA), and evolving threats.
- A high level of integrity and ethical judgment in handling sensitive data, ensuring that security and privacy measures align with the highest standards of ethical responsibility.
- Attend all mandatory meetings and training courses.
- Ability to work a full-time schedule and have regular attendance at the workplace.
- Ability to travel as needed to attend work meetings or events
PHYSICAL AND MENTAL DEMANDS:
- While performing the duties of this job, the employee is frequently required to sit, talk and/or hear, and/or use hands to finger, handle, or touch objects, tools, or controls. The employee is occasionally required to stand, and/or walk. The employee must occasionally lift and/or move up to 10 pounds while moving files or small packages. Specific vision abilities required by this job include close vision and the ability to adjust focus. The mental and physical requirements described here are representative of those that must be met by an individual to successfully perform the essential functions of this position.
- The physical and mental demands described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
WORKING ENVIRONMENT:
This role operates in a hybrid work environment, offering flexibility to work both remotely from a home office and on-site at AFSP's physical office. The hybrid model encourages a balance of in-person collaboration and independent remote work.
Office Environment: When working on-site, collaborative workspace designed to foster teamwork and creativity. The office is equipped with modern facilities, including open workstations, meeting rooms for collaboration, and breakout areas for informal discussions. You will have access to all necessary technology and support to effectively perform your job duties.
Remote Work: When working remotely, you'll have the flexibility to manage your own home office setup. We provide necessary resources such as remote access to secure company systems, communication tools, and virtual collaboration platforms to ensure seamless work from any location. Support for your home office environment, including IT equipment, may be available as needed.