Chief Information Security Officer

ABOUT THE JOB

The ACLU seeks the full-time position of Chief Information Security Officer in the Information Security Team of the ACLU’s National office in New York, NY. This is a hybrid role that has in-office requirements of two (2) days per week or eight (8) days per month.

The Information Security Team is responsible for the development and implementation of the ACLU’s information security strategy, and for ensuring compliance with regulations, conducting risk assessments, and increasing staff security awareness. It plays a critical role in protecting the ACLU and its work from cyber threats by helping to mitigate risk to the ACLU’s information assets.

WHAT YOU'LL DO 

Reporting to the Chief Operating Officer, the Chief Information Security Officer (CISO) will oversee all aspects of the ACLU’s nationwide information security strategy. Specifically, the CISO will be responsible for creating and managing policies, systems, and compliance practices that keep the ACLU’s nationwide infrastructure secure. The role will collaborate with senior leaders within the ACLU, including General Counsel, Information Technology (IT), Business Operations, Privacy & Data Governance, and Technology to define a dynamic set of principles, guardrails, governance, risk mitigation, and ongoing monitoring for the ACLU’s information security management approach. The CISO will also be a senior leader within the Core Services Team, which includes Finance, Human Resources, Business Operations, IT, and Information Security. The ideal candidate is an experienced cybersecurity leader with demonstrated expertise and practical work experience, building and maintaining information security programs with a strong focus on proactive risk management.

YOUR DAY TO DAY

Leadership

• Develop and implement a comprehensive vision and strategy for the ACLU’s information security program that assures compliance with relevant regulatory standards, is aligned with organizational goals and values, addresses long- and short-term risks, and establishes appropriate guardrails for the ACLU’s nationwide infrastructure
• Lead by example in managing a team of information security professionals, driving results through the use of data, direct feedback and strong accountability in a supportive and learning environment that fosters high staff engagement and professional growth
• Participate in cross-departmental projects, providing functional expertise and thought leadership, and being a trusted advisor to organizational partners in developing policies and procedures that reflect best practices in information risk management and align with the ACLU’s commitment to digital accessibility and inclusion
• Set the bar for customer service excellence by providing timely, thorough and friendly responses to internal and external stakeholder inquiries
• Create and deliver accessible and inclusive trainings to ACLU National and affiliate staff on information security policies, systems and best practices, to ensure staff are able to fully participate in cultivating and retaining a strong security awareness posture
• Stay current with industry best practices, technological advances, and news related to information security
• Complete ad-hoc projects at the request of the COO

Information Security Operations

• Oversee the daily operations of the Information Security Team, including threat intelligence management as well as incident detection and response for the ACLU’s nationwide infrastructure
• Create and track long- and short-term information risk management goals; define metrics for compliance and performance, develop reporting, and communicate progress to organizational leadership
• Evaluate and resolve information security risks by working with internal and external partners to proactively assess vulnerabilities and implement solutions rooted in best practices, leading industry trends, and organizational policies
• Lead cybersecurity incident response process, including notifying relevant stakeholders, coordinating with law enforcement if necessary, and taking appropriate actions to address vulnerabilities and mitigate future incidences
• Oversee information security architecture and maintenance program for IT networks and applications for National and its affiliates to ensure optimal security structures are developed and maintained; ensure required security control initiatives are executed on schedule and in line with the ACLU's information security program objectives
• Oversee planning and procedures for testing ACLU’s public-facing technology platforms, ensuring security and privacy of information transmitted and stored across technology platforms complies with internal data governance policies and government regulations
• Oversee procurement information security reviews for contracted services and products, identifying security and data protection related risks
• Develop and manage the annual budget for information security program, including products, services, and staffing

FUTURE ACLU'ERS WILL 

• Be committed to advancing the mission of the ACLU
• Center and embed the principles of equity, inclusion and belonging in their work by demonstrating commitment to diversity with an approach that respects and values multiple perspectives
• Be committed to work collaboratively and respectfully toward resolving obstacles and conflicts

WHAT YOU'LL BRING

• Direct experience with information security technologies, as well as leading enterprise level information security programs in high-risk, multi-cloud and on-premises environments
• Extensive knowledge of information security frameworks (e.g., NIST, ISO-27001), and various security regulations and standards (GDPR, SOC, and FedRAMP)
• Demonstrated knowledge of Cloud Security Mode and key principles, such as CSPs Shared Responsibility Models, Security and Infrastructure as Code, Preventive/Reactive Guardrails, Containerization, Server-less Computing, Continuous monitoring/drift detection, and the importance of end-to-end automation
• Advanced knowledge of web security best practices, including certificate management, encryption protocols, and common vulnerabilities required, as well as expertise with security assessment methodology and vulnerability management
• Ability to effectively communicate complex security concepts to both technical and non-technical audiences Experience leading and directing technical staff in the execution of security program and project initiatives
• Proven background in leading security awareness initiatives with employees and incident response plans across an organization
• Experience with contract and vendor negotiations and management including managed services
• Experience creating and leading compliance programs
• Experience with business continuity management and disaster recovery
• Strong project management and leadership skills
• Excellent communication skills

COMPENSATION

The ACLU values equity, transparency, and clarity in pay. Consistent with the ACLU's compensation philosophy there is a set salary for this role. The ACLU also has a locality adjustment policy that applies to salaries.  The annual salary for this position is $255,403 (Level B2), reflecting the salary of a position based in New York, NY. This position is subject to a hybrid schedule of 2 days/week or 8 days/month in-office.   

WHY THE ACLU

For over 100 years, the ACLU has worked to defend and preserve the individual rights and liberties guaranteed by the Constitution and laws of the United States. Whether it’s ending mass incarceration, achieving full equality for the LGBTQ+ community, establishing new privacy protections for our digital age, or preserving the right to vote or the right to have an abortion, the ACLU takes up the toughest civil liberties cases and issues to defend all people.

We know that great people make a great organization. We value our people and know that what we offer is essential not just their work, but to their overall well-being. 

At the ACLU, we offer a broad range of benefits, which include:

• Time away to focus on the things that matter with a generous paid-time off policy
• Focus on your well-being with comprehensive healthcare benefits (including medical, dental and vision coverage, parental leave, gender affirming care & fertility treatment)
• Plan for your retirement with 401k plan and employer match
• We support employee growth and development through annual professional development funds, internal professional development programs and workshops

OUR COMMITMENT TO ACCESSIBILITY, EQUITY, DIVERSITY & INCLUSION

Accessibility, equity, diversity, and inclusion are core values of the ACLU and central to our work to advance liberty, equality, and justice for all. For us diversity, equity, accessibility and inclusion are not just check-the-box activities, but a chance for us to make long-term meaningful change.  We are a community committed to learning and growth, humility and grace, transparency and accountability. We believe in a collective responsibility to create a culture of belonging for all people within our organization – one that respects and embraces difference; treats everyone equitably; and empowers our colleagues to do the best work possible. We are as committed to anti-oppression, anti-ableism and anti-racism internally as we are externally. Because whether we’re in the courts or in the office, we believe ‘We the People’ means all of us.

With this commitment in mind, we strongly encourage applications from all qualified individuals without regard to race, color, religion, gender, sexual orientation, gender identity or expression, age, national origin, marital status, citizenship, disability, veteran status and record of arrest or conviction, or any other characteristic protected by applicable law.    

The ACLU is committed to providing reasonable accommodation to individuals with disabilities. If you are a qualified individual with a disability and need assistance applying online, please email benefits.hrdept@aclu.org. If you are selected for an interview, you will receive additional information regarding how to request an accommodation for the interview process.

FOR C4 POSITIONS:

The Department of Education has determined that employment in this position at the ACLU does not qualify for the Public Service Loan Forgiveness Program.