Senior Director, IT Security and Compliance
Conservation International · Arlington, VA; Seattle, WA; Hawaii; Bolivia; Brazil; Colombia; Costa Rica; Ecuador; Guyana; Mexico; Peru; Suriname; remote
Are you passionate about cybersecurity and believe that people need nature to thrive? Do you want to work within a team committed to conservation, and be able to use your knowledge of IT Security and Compliance to help keep our organization secure? Do you want to contribute to building a healthier, more prosperous, and more productive planet?
Conservation International’s Global Information Technology Team supports our 1100 colleagues globally, in over 30 countries around the globe. Our diversity is one of our greatest strengths, and we are in search of an addition to our team to lead our cybersecurity program. The Senior Director, IT Security, and Compliance is a crucial position to ensure that our systems and users can operate securely and effectively. A dedicated security professional with strong communication skills and a solid background in technology and cybersecurity is what we are seeking. The incumbent will also support IT procurement initiatives involving vendor vetting and validation of SOC reports and provide input into Requests for Proposals and evaluating proposal responses from the cybersecurity perspective.
- Provide oversight and accountability of the day-to-day IT Security operations with a primary function of maintaining secure access to corporate communication and computing systems. Provide strategic, operational, and tactical security guidance for all IT projects, including the evaluation of the enterprise architecture, hardware, software, and technical controls.
- Develop and evangelize the IT policies related to cybersecurity and ensure IT and business areas follow established information security policies and procedures. Ensure that CI’s information systems maintain compliance with regulatory and privacy requirements. In collaboration with the IT Security Systems Director, develop CI’s IT security awareness program for both IT staff and end-users.
- Identify IT security risks and develop actionable plans to protect the organization, including timely triage of IT security events to limit the potential scope of damage.
- Develop, maintain, and exercise testing of CI’s IT Disaster Recovery Plan, the IT portion of CI’s Business Continuity Plan, and the IT Security Incident Response Plan. Assist VP of Global IT in formulation and enforcement of CI’s network security policies and procedures.
- Ensure that user data is stored in compliance with the organization’s Data Classification Policy, using available tools to find and report on PCI, HIPAA, PII, and GDPR data that are non-compliant due to the sensitivity and encryption requirements.
- Oversee security incident response planning as well as performing the investigation of security breaches, eDiscovery, and other forensic investigation requests.
- Other duties as assigned by the VP of Global IT and the General Counsel Office.
- This position is based in Arlington, VA, Seattle, WA, Hawaii, or the Americas (remote possible). Please view a full list of our locations in the Americas here.
- International travel up to 10% may be required to fulfill this position’s requirements.
Bachelors degree in IT security or related field with 10 or more years of professional experience.
Minimum of 5 years of IT Management experience.
Experience implementing global, enterprise-wide solutions in very low bandwidth environments, especially in Africa, Asia, Oceania, or Latin and South America.
Excellent verbal and written communications skills, i.e. listening and understanding, asking pertinent questions, understanding technical issues, and documenting these discussions with clients.
ITIL v3 or v4 Foundation certification.
Demonstrated ability in project management - planning, prioritizing, and managing multiple projects.
Ability to solve complex problems and deliver results.
Experience with vendor teams, contractors, and sourcing.
Excellent personal skills in relating with other people, peers, senior and junior.
Demonstrated decision-making and consensus-building capacity.
High level of personal integrity, and the ability to professionally handle confidential matters and exude the appropriate level of judgment and maturity.
- Advanced degree.
Intermediate ITIL certifications in IT Service Design and IT Service Transition.
IT Service Management experience across the entire lifecycle through Continual Service Improvement.
Advanced Information Security certification (CISSP, CISA, CISM, etc) and forensic investigation certification.
Experience working with an international company or non-profits, including conservation organizations.
Experience working with multiple levels within the organization from coordinator to senior management.
To apply for this position please submit a resume and cover letter.