National Director, Information Security

National Director, Information Security

Planned Parenthood Federation of America (PPFA) and Planned Parenthood Action Fund seek a National Director, Information Security. This job reports to the Deputy Chief Information Security Officer (CISO) in the Information Security division of PPFA. The Office of Information Security provides the strategy, implementation, and oversight of the information security program that safeguards the data entrusted to Planned Parenthood by its patients, supporters, donors, and staff.

Purpose:

• The National Director, Information Security is a strategic leader of the Information Security team, responsible for the people, processes, and cyber technologies required to protect PPFA and the entire federation's information and assets.
• Responsibilities include technical oversight of PPFA's complex portfolio of the Information Security technology stack, while managing the National Office information security operations including but not limited to day to day information security operations in partnership with our MSSP co-managed services, vulnerability management, cyber threat intelligence, incident response and all related cyber services.
• This role will oversee the InfoSec Architecture and Engineering tower, ensuring Secure Software Development Life Cycle (SSDLC) integration as well as Continuous Integration (CI), and Continuous Delivery/Deployment (CD) across the National Office.
• This role is also critical in providing Affiliate InfoSec Operations support in partnership with Affiliate Tech Services and our Managed Security Services Provider. This position brings transformative insight to Information Security products and services through leadership and innovation, accelerating the organization's ability in managing an evolving threat landscape.
• The National Director, Information Security serves as a subject matter expert and liaison, bridging the InfoSec team with all divisions under Tech Strategy and Services to ensure PPFA's information security program is comprehensive, and in compliance with industry standard frameworks, regulations and compliance requirements.
• This role involves collaborating with National Office departments and teams, affiliates and ancillaries, to provide expert guidance, oversight, and support on a range of security initiatives.
• The National Director will also play a key role in identifying security gaps, monitoring and providing guidance on remediation activities, developing and advocating for security best practices, and fostering a collaborative security environment across the federation.

Engagement:

• The National Director, Information Security will engage with staff at all levels within PPFA, Affiliates, and Ancillaries. They will also be leading and mentoring direct and indirect reports.

Leadership

• Proven senior leader in managing diverse, distributed technical and operational teams with strong meeting management, relationship building and negotiating skills; able to gain trust of diverse stakeholders.
• Advances and challenges the InfoSec team thinking to embrace transformative new approaches to work.
• Partners across the Information Technology and Information Security organization to provide strategic and operational direction for InfoSec's annual business planning, cyber technology roadmaps, industry trends and CISO priorities.
• Ability to translate technical information into easily understandable information for non-technical audiences.
• Demonstrates consistent, engaging insight which attracts attention and builds/expands collaborative networks with external vendor partners for MSSP and tech stack vendors.
• Ability to discuss and present on Security topics to various executive management groups from both local and organization wide entities.

Vendor Management

• Able to manage in-house and vendor teams and ensure technical SLAs are met with ability to hold vendors accountable to SLAs. Form corrective action plans accordingly to manage poor vendor performance.
• Direct experience with technical vendor management across MSSP and all cyber tech vendors.
• Proven negotiation skills and industry relationships
• Assist in vendor security assessments
• Assist in legal in vendor security requirements

Incident Management

• In partnership with CISO and our Incident Response/Threat & Vulnerability Management team, ensure proper handling of Technical Security Incident Response

Communications

• Senior leader with ability to work in a Federated model and provide insight and communications to technical and non-technical senior level staff
• Exceptional consulting skillset with ability to provide appropriate direction to other groups and executives on security matters.
• Proven ability to present and discuss highly complex technical information to users with varying technical expertise.
• Serve as a liaison to IT Infrastructure & Services and InfoSec in regards to industry standard security, technical controls as well provide regulatory and compliance in areas including industry best practices (NIST), HIPAA Security Rule compliance and PCI-DSS compliance.
• Lead cross-functional engagement and change management across PPFA and Affiliates to advance security initiatives, remediate configuration and compliance gaps in shared platforms (e.g., Okta, CrowdStrike, Proofpoint), and support accreditation readiness through education, collaboration, and hands-on guidance.

Delivery:

• Accountable for monitoring and analyzing PPFA's security posture on an ongoing basis and managing the InfoSec operation's team to protect, detect and respond to security issues according to standard operating procedures and best practices.
• Identifies opportunities and challenges for continued improvement across Information Security capabilities, delivering innovative and breakthrough cyber tech solutions.

Security Operations

• Oversee the National Office Security Operations including technology stack management for all cyber tech components.
• Lead and manage technology roadmaps and tech life cycle management for each tech component eg. ( Email Gateway, EDR, IAM, SIEM, Vuln Mgmt, etc)
• Provide technical oversight to ensure all tech stack components are configured, standard, stable according to SLAs and best practices.
• Drive SIEM alert tuning and provide technical leadership to MSSP to drive effective and efficient 24v7x365 alert monitoring.
• Responsible for management of standard operating procedures and processes; security policy development and enforcement; security risk assessments, audits, and remediations.
• Creates new InfoSec operations processes and approaches which accelerate delivery of shared services program and PPFA cyber support network.
• Act as the technical expert on all cyber technology products in collaboration with Affiliate Tech Services and IT to develop new cyber security services for the National Office and the federation.
• Act as a technical advisor and thought leader to the affiliates regarding cyber technology operational support for the InfoSec tech stack.

InfoSec Architecture and Engineering

• Lead the InfoSec Architecture & Engineering function, overseeing the evaluation, design, and implementation of security technologies and enterprise architecture aligned to business objectives, industry frameworks (NIST, ISO 27001, CIS), and regulatory requirements (HIPAA, GDPR, PCI-DSS).
• Embed security into the software development lifecycle (SSDLC/DevSecOps) by defining secure architecture and coding standards, driving threat modeling and risk assessments, and ensuring security requirements are built into system and application specifications.
• Partner across IT and business units to integrate monitoring, detection, and response capabilities, continuously improve security tooling and processes, and strengthen the organization's security posture through innovation, collaboration, and technology adoption

Incident Response

• In partnership with PPFA CISO, act as a co-IR lead throughout incident scenarios and provide subject matter expertise in cybersecurity incident response.
• Support the development and execution of IR Tabletop exercises annually, including all relevant levels of management.
• Assist in the development and implementation of Incident Response Plans.
• Oversee the executive IR plan and continuously improve to reflect the dynamic aspects of the business.
• Security Thought Leadership
• Lead and evolve the strategic direction of Information Security technology capabilities in a collaborative, cross-discipline approach. Project senior-technical thought expertise on the information security strategy, and operational/technical implementation.
• Sought after as an expert on industry trends, current security technologies, news and events and how they impact the security policies, procedures and portfolio.
• Benchmark, analyze, and identify recommendations for the improvement and growth of PPFA's technology and security operations and services to drive the advancement of division priorities

Threat Management and Intel

• Drive both internal and external threat analysis and intelligence, tuning of security detection rules/policies/models, and implementation of effective countermeasures.
• Stay abreast of the security industry threat landscape and brief executives and leadership team on current intelligence.
• Lead collaborative efforts between physical and cybersecurity threat management elements.
• Review and recommend threat intel sources that match the needs of the organization.