Associate Director, Information Security Audit, Risk & Compliance
New York City
Planned Parenthood
Planned Parenthood Federation of America is a nonprofit organization that provides sexual health care in the United States and globally.Planned Parenthood Federation of America (PPFA) seeks a dynamic and effective Associate Director for Information Security Audits, Risk and Compliance. This job reports directly to the Senior Director, Information Security Governance, Risk, and Compliance in the Information Security department of PPFA. The Office of Information Security provides the strategy and implementation of the information security program that safeguards the data entrusted to Planned Parenthood by its patients, supporters, donors, and staff.
Purpose
- The Associate Director will serve as an Information Security Auditor and Program Expert for the Planned Parenthood accreditation program. The accreditation program works to assess and manage risks across the federation through routine evaluation of its affiliates and ancillary organizations.
Delivery
- The Information Security Auditor will deliver by evaluating security systems, controls, and policies at Planned Parenthood affiliates and ancillary organizations, write reports that interpret assessment results and enumerate any findings, develop corrective actions as needed, and assess efficacy of risk mitigation activities performed.
- Uses broad and deep security knowledge and technical auditing skills to help ensure risks are appropriately identified, assessed, and articulated
- Conducts accreditation interviews, risk assessments, and technical analyses to determine areas of risk and non-compliance
- Thoroughly reviews documentation, third party assessments, and audit samples for compliance with accreditation criteria and identifies any discrepancies or corrective actions
- Observes and tests systems, tools, databases and other components of the security stack for compliance with accreditation criteria
- Identifies and articulates summary of review and any findings, including writing final reports and verbal presentation to audit stakeholders
- Strategically and tactically weighs impact and scope of risks in determining risk postureand acceptance within an audit
- Communicates professionally and effectively with technical, non-technical, and executive stakeholders
- Reviews and assesses corrective action reports to determine effective remediation of any risks
- Identifies areas of continuous improvement in the evaluation process and criteria, and adjusts to any evolution of operations and accreditation requirements
- Identifies improvements and assesses trends in review operations, criteria, and methodology, and develops plans and proposals to improve and evolve the InfoSec accreditation program/requirements over time
- Analyzes controls for adequacy of design and performs and/or supports control assurance testing activities
- Assesses compliance with applicable laws and regulations as a part of the evaluation process
- Ensures timely communications and project management of individual assessments
- Maintains thorough and organized tracking of audit requirements, assessment results, and corrective actions
Engagement
- The Information Security Auditor will engage with the Information Security team as well as executive and operational staff within the Planned Parenthood National Office, Affiliates, and Ancillary Organizations.
- Serves as primary facilitator and point of contact for affiliate and ancillary accreditation review processes, including interfacing with CIOs, COOs, CEOs, and third party service providers
- Works closely with InfoSec Governance, Risk, and Compliance team and Accreditation and Evaluation Department on review requirements and operations
- Participates in activities and meetings alongside other Program Experts
- Works with Review Managers and ensures alignment and adherence to accreditation schedule and requirements
- Works with other program experts for continuity of operations and peer review
- Articulates review findings and corrective actions for technical and non-technical audiences
- Develops and uses interview techniques and facilitates risk identification sessions
Knowledge, Skills, and Abilities (KSAs)
- Bachelor’s degree and 5+ years of industry experience
- Understanding of Information Security, Risk and Compliance
- Auditing and/or Risk and Compliance working experience
- An understanding of IT environment and administration
- Strong written and verbal communication, including technical writing skills
- Experience implementing and/or assessing IT and InfoSec controls
- Strong attention to detail and analytical skills
- Knowledge of security technologies (security tools, networking, device protections, encryption, data protection, identity and access management, etc.)
- Experience in compliance requirements and industry standards (PCI DSS, HIPAA, HITRUST, ISO 27001, NIST, CIS, etc.)
- Current industry certifications, particularly security certifications, a plus (CISA, CISM, CISSP, CRISC, ECSA, GPEN, GSEC, SSCP, IIBA, CBAP, CBAP, CEH, etc.)
Travel
- As needed, up to 25%
*LI-KM1
Final offers for this job will be based on capabilities and will be made within the parameters of the PPFA compensation program. Total offer package to include generous vacation + sick leave + paid holidays, individual/family provided medical, dental and vision benefits effective day 1, life insurance, short/long term disability, paid family leave and 401k. We also offer voluntary opt in for Flexible Spending Account (FSA) and Transportation/Commuter accounts.
We value a truly diverse workforce and a culture of inclusivity and belonging. Our goal is to attract qualified candidates and encourage applications from all individuals without regard to race, color, religion, sex, national origin, age, disability, veteran status, marital status, sexual orientation, gender identity, or any other characteristic protected by applicable law. We're committed to creating a dynamic work environment that values diversity and inclusion, respect and integrity, customer focus, and innovation.
PPFA participates in the E-Verify program and is an Equal Opportunity Employer
*LI-KM1*PDN-HR
Tags: Audits CEH CISA CISM CISSP Compliance CRISC ECSA Encryption Governance GPEN GSEC HIPAA HITRUST ISO 27001 NIST PCI DSS SSCP Strategy
Perks/benefits: Flex hours Flexible spending account Flex vacation Health care Insurance Medical leave
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Staff Security Engineer jobs
- Open Information Security Specialist jobs
- Open Senior Security Analyst jobs
- Open Senior Cyber Security Engineer jobs
- Open Security Operations Engineer jobs
- Open Cyber Security Architect jobs
- Open Senior Information Security Analyst jobs
- Open Product Security Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Cyber Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Specialist jobs
- Open IT Security Analyst jobs
- Open Security Specialist jobs
- Open Chief Information Security Officer jobs
- Open Security Researcher jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Cyber Security Specialist jobs
- Open Information System Security Officer (ISSO) jobs
- Open Agile-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open CISM-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open IAM-related jobs
- Open CISA-related jobs
- Open Threat intelligence-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Java-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs
- Open Malware-related jobs
- Open APIs-related jobs
- Open IDS-related jobs
- Open Security Clearance-related jobs
- Open CI/CD-related jobs
- Open DevSecOps-related jobs