Conservation International (CI) has been protecting nature for the benefit of all for over 30 years. Through science, policy, and partnerships, CI is helping build a healthier, more prosperous, and more productive planet.  

POSITION SUMMARY

As a member of the IT management team, the Director of IT Security & Compliance reports to the VP of Global IT and leads the planning, designing, implementing, and supporting the secure integration of new technology into the IT infrastructure, the formulation and enforcement of network security policies and procedures including disaster recovery, forensic investigation, and regulatory compliance. In addition, this position is a primary liaison between IT and the internal audit, compliance, and General Counsel Office. This is a hands-on position that will require a technical skillset including the ability to manage security appliances and consoles.

This Director of IT Security & Compliance is responsible for the following areas:

• -Provide strategic, operational, and tactical security guidance for all IT projects, including the evaluation of the enterprise architecture, hardware, software, and technical controls.
• -Serve as IT Department’s liaison with and coordinate responses to requests made by internal auditors, external auditors & CI’s General Counsel.
• -Ensuring that CI’s information systems maintain compliance with regulatory and privacy requirements.
• -Develop and deliver CI’s IT security awareness program for both IT staff and end-users.
• -Assist VP of Global IT in formulation and enforcement of CI’s network security policies and procedures.
• -Conduct and document any IT-related investigation efforts, including security incident response, e-Discovery requests, forensic evidence collection, tracking, and analysis.
• -Develop, maintain, and monitor the security of the CI network infrastructure to protect CI’s intellectual property, brand recognition, and reputation, through the deployment of physical security of servers and storage, firewalls, VPNs, SSL certificates, intrusion prevention, and validation using periodic vulnerability assessments.
• -Develop, maintain, and exercise CI’s IT Disaster Recovery Plan, the IT portion of CI’s Business Continuity Plan, and the IT Security Incident Response Plan.

RESPONSIBILITIES

• -Provide oversight and accountability of the day-to-day IT Security operations with a primary function of maintaining secure access to corporate communication and computing systems; review all projects impacting Information Security and provide strategic, operational, and tactical security guidance for all IT projects.
• -Perform technical activities as necessary including firewall configuration, Syslog and SIEM configuration and management, and monitoring of security consoles including endpoint protection, data compliance auditing, and Office365 Security Center.
• -Develop and evangelize the IT policies related to cybersecurity and ensure IT and business areas follow established information security policies and procedures.
• -Identify IT security risks and develop actionable plans to protect the organization, including timely triage of IT security events to limit the potential scope of the damage.
• -Develop, update and manage the IT Security Awareness training program for all users of computing systems within the organization.
• -Ensure that user data is stored in compliance with the organization’s Data Classification Policy, using available tools to find and report on PCI, HIPAA, PII, and GDPR data that are non-compliant due to the sensitivity and encryption requirements.
• -Oversee security incident response planning as well as performing the investigation of security breaches, eDiscovery, and other forensic investigation requests.
• -Other duties as assigned by the VP of Global IT and the General Counsel Office.