Associate Director, Information Security Audit, Risk & Compliance

New York City

Applications have closed

Planned Parenthood

Planned Parenthood Federation of America is a nonprofit organization that provides sexual health care in the United States and globally.

View company page

Planned Parenthood Federation of America (PPFA) is the national umbrella organization for the nation’s leading network of women’s health care providers, educators, and advocates, serving women, men, teens and families. Planned Parenthood Action Fund (PPAF) is the advocacy and political arm of PPFA. For over 100 years, Planned Parenthood has done more than any other organization in the United States to improve women’s health and safety, prevent unintended pregnancies, and advance the right and ability of individuals and families to make informed and responsible health care decisions.  
Planned Parenthood Federation of America (PPFA) seeks a dynamic and effective Associate Director for Information Security Audits, Risk and Compliance. This job reports directly to the Senior Director, Information Security Governance, Risk, and Compliance in the Information Security department of PPFA. The Office of Information Security provides the strategy and implementation of the information security program that safeguards the data entrusted to Planned Parenthood by its patients, supporters, donors, and staff.

Purpose

  • The Associate Director will serve as an Information Security Auditor and Program Expert for the Planned Parenthood accreditation program. The accreditation program works to assess and manage risks across the federation through routine evaluation of its affiliates and ancillary organizations.

Delivery

  • The Information Security Auditor will deliver by evaluating security systems, controls, and policies at Planned Parenthood affiliates and ancillary organizations, write reports that interpret assessment results and enumerate any findings, develop corrective actions as needed, and assess efficacy of risk mitigation activities performed.
  • Uses broad and deep security knowledge and technical auditing skills to help ensure risks are appropriately identified, assessed, and articulated
  • Conducts accreditation interviews, risk assessments, and technical analyses to determine areas of risk and non-compliance
  • Thoroughly reviews documentation, third party assessments, and audit samples for compliance with accreditation criteria and identifies any discrepancies or corrective actions
  • Observes and tests systems, tools, databases and other components of the security stack for compliance with accreditation criteria
  • Identifies and articulates summary of review and any findings, including writing final reports and verbal presentation to audit stakeholders
  • Strategically and tactically weighs impact and scope of risks in determining risk postureand acceptance within an audit
  • Communicates professionally and effectively with technical, non-technical, and executive stakeholders
  • Reviews and assesses corrective action reports to determine effective remediation of any risks
  • Identifies areas of continuous improvement in the evaluation process and criteria, and adjusts to any evolution of operations and accreditation requirements
  • Identifies improvements and assesses trends in review operations, criteria, and methodology, and develops plans and proposals to improve and evolve the InfoSec accreditation program/requirements over time
  • Analyzes controls for adequacy of design and performs and/or supports control assurance testing activities
  • Assesses compliance with applicable laws and regulations as a part of the evaluation process
  • Ensures timely communications and project management of individual assessments
  • Maintains thorough and organized tracking of audit requirements, assessment results, and corrective actions

Engagement

  • The Information Security Auditor will engage with the Information Security team as well as executive and operational staff within the Planned Parenthood National Office, Affiliates, and Ancillary Organizations.
  • Serves as primary facilitator and point of contact for affiliate and ancillary accreditation review processes, including interfacing with CIOs, COOs, CEOs, and third party service providers
  • Works closely with InfoSec Governance, Risk, and Compliance team and Accreditation and Evaluation Department on review requirements and operations
  • Participates in activities and meetings alongside other Program Experts
  • Works with Review Managers and ensures alignment and adherence to accreditation schedule and requirements
  • Works with other program experts for continuity of operations and peer review
  • Articulates review findings and corrective actions for technical and non-technical audiences
  • Develops and uses interview techniques and facilitates risk identification sessions

Knowledge, Skills, and Abilities (KSAs)

  • Bachelor’s degree and 5+ years of industry experience
  • Understanding of Information Security, Risk and Compliance
  • Auditing and/or Risk and Compliance working experience
  • An understanding of IT environment and administration
  • Strong written and verbal communication, including technical writing skills
  • Experience implementing and/or assessing IT and InfoSec controls
  • Strong attention to detail and analytical skills
  • Knowledge of security technologies (security tools, networking, device protections, encryption, data protection, identity and access management, etc.)
  • Experience in compliance requirements and industry standards (PCI DSS, HIPAA, HITRUST, ISO 27001, NIST, CIS, etc.)
  • Current industry certifications, particularly security certifications, a plus (CISA, CISM, CISSP, CRISC, ECSA, GPEN, GSEC, SSCP, IIBA, CBAP, CBAP, CEH, etc.)

Travel

  • As needed, up to 25%
Starting salary: $125K
*LI-KM1

Final offers for this job will be based on capabilities and will be made within the parameters of the PPFA compensation program. Total offer package to include generous vacation + sick leave + paid holidays, individual/family provided medical, dental and vision benefits effective day 1, life insurance, short/long term disability, paid family leave and 401k. We also offer voluntary opt in for Flexible Spending Account (FSA) and Transportation/Commuter accounts.   
We value a truly diverse workforce and a culture of inclusivity and belonging. Our goal is to attract qualified candidates and encourage applications from all individuals without regard to race, color, religion, sex, national origin, age, disability, veteran status, marital status, sexual orientation, gender identity, or any other characteristic protected by applicable law.  We're committed to creating a dynamic work environment that values diversity and inclusion, respect and integrity, customer focus, and innovation.
PPFA participates in the E-Verify program and is an Equal Opportunity Employer
*LI-KM1*PDN-HR

Tags: Audits CEH CISA CISM CISSP Compliance CRISC ECSA Encryption Governance GPEN GSEC HIPAA HITRUST ISO 27001 NIST PCI DSS SSCP Strategy

Perks/benefits: Flex hours Flexible spending account Flex vacation Health care Insurance Medical leave

Region: North America
Country: United States
Job stats:  8  1  0
Category: Leadership Jobs

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.