National Director, Information Security

Planned Parenthood is the nation’s leading provider and advocate of high-quality, affordable sexual and reproductive health care for all people, as well as the nation’s largest provider of sex education. With health centers across the country, Planned Parenthood organizations serve all patients with care and compassion, with respect, and without judgment, striving to create equitable access to health care. Through health centers, programs in schools and communities, and online resources, Planned Parenthood is a trusted source of reliable education and information that allows people to make informed health decisions. We do all this because we care passionately about helping people lead healthier lives. Planned Parenthood Federation of America (PPFA) is a 501(c)(3) charitable organization that supports the independently incorporated Planned Parenthood affiliates operating health centers across the U.S. Planned Parenthood Action Fund is an independent, nonpartisan, not-for-profit membership organization formed as the advocacy and political arm of Planned Parenthood Federation of America. The Action Fund engages in educational, advocacy, and electoral activity, including grassroots organizing, legislative advocacy, and voter education. Purpose The National Director, Information Security is a strategic leader of the Information Security team, responsible for the people, processes, and cyber technologies required to protect PPFA and the entire federation’s information and assets. Responsibilities include technical oversight of PPFA’s complex portfolio of the Information Security technology stack, while managing the National Office information security operations including but not limited to day to day information security operations in partnership with our MSSP co‑managed services, vulnerability management, cyber threat intelligence, incident response and all related cyber services. This role will oversee the InfoSec Architecture and Engineering tower, ensuring Secure Software Development Life Cycle (SSDLC) integration as well as Continuous Integration (CI), and Continuous Delivery/Deployment (CD) across the National Office. This role is also critical in providing Affiliate InfoSec Operations support in partnership with Affiliate Tech Services and our Managed Security Services Provider. This position brings transformative insight to Information Security products and services through leadership and innovation, accelerating the organization’s ability in managing an evolving threat landscape. The National Director, Information Security serves as a subject matter expert and liaison, bridging the InfoSec team with all divisions under Tech Strategy and Services to ensure PPFA’s information security program is comprehensive, and in compliance with industry standard frameworks, regulations and compliance requirements. This role involves collaborating with National Office departments and teams, affiliates and ancillaries, to provide expert guidance, oversight, and support on a range of security initiatives. The National Director will also play a key role in identifying security gaps, monitoring and providing guidance on remediation activities, developing and advocating for security best practices, and fostering a collaborative security environment across the federation. Engagement The National Director, Information Security will engage with staff at all levels within PPFA, Affiliates, and Ancillaries. They will also be leading and mentoring direct and indirect reports. Leadership Proven senior leader in managing diverse, distributed technical and operational teams with strong meeting management, relationship building and negotiating skills; able to gain trust of diverse stakeholders. Advances and challenges the InfoSec team thinking to embrace transformative new approaches to work. Partners across the Information Technology and Information Security organization to provide strategic and operational direction for InfoSec’s annual business planning, cyber technology roadmaps, industry trends and CISO priorities. Ability to translate technical information into easily understandable information for non‑technical audiences. Demonstrates consistent, engaging insight which attracts attention and builds/expands collaborative networks with external vendor partners for MSSP and tech stack vendors. Ability to discuss and present on Security topics to various executive management groups from both local and organization wide entities. Vendor Management Able to manage in‑house and vendor teams and ensure technical SLAs are met with ability to hold vendors accountable to SLAs. Form corrective action plans accordingly to manage poor vendor performance. Direct experience with technical vendor management across MSSP and all cyber tech vendors. Proven negotiation skills and industry relationships. Assist in vendor security assessments. Assist in legal in vendor security requirements. Incident Management In partnership with CISO and our Incident Response/Threat & Vulnerability Management team, ensure proper handling of Technical Security Incident Response. Communications Senior leader with ability to work in a Federated model and provide insight and communications to technical and non‑technical senior level staff. Exceptional consulting skillset with ability to provide appropriate direction to other groups and executives on security matters. Proven ability to present and discuss highly complex technical information to users with varying technical expertise. Serve as a liaison to IT Infrastructure & Services and InfoSec in regards to industry standard security, technical controls as well provide regulatory and compliance in areas including industry best practices (NIST), HIPAA Security Rule compliance and PCI‑DSS compliance. Lead cross‑functional engagement and change management across PPFA and Affiliates to advance security initiatives, remediate configuration and compliance gaps in shared platforms (e.g., Okta, CrowdStrike, Proofpoint), and support accreditation readiness through education, collaboration, and hands‑on guidance. Delivery Accountable for monitoring and analyzing PPFA’s security posture on an ongoing basis and managing the InfoSec operation’s team to protect, detect and respond to security issues according to standard operating procedures and best practices. Identifies opportunities and challenges for continued improvement across Information Security capabilities, delivering innovative and breakthrough cyber tech solutions. Security Operations Oversee the National Office Security Operations including technology stack management for all cyber tech components. Lead and manage technology roadmaps and tech life cycle management for each tech component eg. ( Email Gateway, EDR, IAM, SIEM, Vuln Mgmt, etc). Provide technical oversight to ensure all tech stack components are configured, stable according to SLAs and best practices. Drive SIEM alert tuning and provide technical leadership to MSSP to drive effective and efficient 24v7x365 alert monitoring. Responsible for management of standard operating procedures and processes; security policy development and enforcement; security risk assessments, audits, and remediations. Creates new InfoSec operations processes and approaches which accelerate delivery of shared services program and PPFA cyber support network. Act as the technical expert on all cyber technology products in collaboration with Affiliate Tech Services and IT to develop new cyber security services for the National Office and the federation. Act as a technical advisor and thought leader to the affiliates regarding cyber technology operational support for the InfoSec tech stack. InfoSec Architecture and Engineering Lead the InfoSec Architecture & Engineering function, overseeing the evaluation, design, and implementation of security technologies and enterprise architecture aligned to business objectives, industry frameworks (NIST, ISO 27001, CIS), and regulatory requirements (HIPAA, GDPR, PCI‑DSS). Embed security into the software development lifecycle (SSDLC/DevSecOps) by defining secure architecture and coding standards, driving threat modeling and risk assessments, and ensuring security requirements are built into system and application specifications. Partner across IT and business units to integrate monitoring, detection, and response capabilities, continuously improve security tooling and processes, and strengthen the organization’s security posture through innovation, collaboration, and technology adoption. Incident Response In partnership with PPFA CISO, act as a co‑IR lead throughout incident scenarios and provide subject matter expertise in cybersecurity incident response. Support the development and execution of IR Tabletop exercises annually, including all relevant levels of management. Assist in the development and implementation of Incident Response Plans. Oversee the executive IR plan and continuously improve to reflect the dynamic aspects of the business. Lead and evolve the strategic direction of Information Security technology capabilities in a collaborative, cross‑discipline approach. Project senior‑technical thought expertise on the information security strategy, and operational/technical implementation. Sought after as an expert on industry trends, current security technologies, news and events and how they impact the security policies, procedures and portfolio. Benchmark, analyze, and identify recommendations for the improvement and growth of PPFA’s technology and security operations and services to drive the advancement of division priorities. Threat Management and Intel Drive both internal and external threat analysis and intelligence, tuning of security detection rules/policies/models, and implementation of effective countermeasures. Stay abreast of the security industry threat landscape and brief executives and leadership team on current intelligence. Lead collaborative efforts between physical and cybersecurity threat management elements. Review and recommend threat intel sources that match the needs of the organization. Reporting / Metrics Turns new concepts/approaches into functional reality through creation of InfoSec metrics and standards to drive optimization and operational excellence for all cyber tech products and services. Identify and drive assist in metrics development and management for both business and technical consumption. Leads report status, progress, operational & performance metrics and value to executives across PPFA. Collaborate across teams to ensure compliance with cybersecurity policies and developing reporting metrics to communicate the efficacy of tools and programs. Act as Security Change Approver for InfoSec on the PPFA IT Change Management Board to ensure IT system and configuration changes are not detrimental to PPFA’s information security posture, are authorized, and disruptions to services provided by Information Security and Information Technology to the PPFA National Office and its Affiliates are minimized. Facilitate InfoSec Accreditation Office Hours. Performs other duties as assigned. Knowledge, Skills and Abilities (KSAs) Bachelor’s degree in computer science, information systems, computer engineering, system analysis, or a related field, or equivalent work experience. 12+ years of IT and business/industry work experience including Information Security & Technology related experience. Certifications: At least one security industry certification (i.e., CISSP, CISA, CISM, SANS). Progressive Leadership experience in managing technical functions and security engineering teams and influencing senior level management and key stakeholders. Proven ability to develop and implement strategic security initiatives. Strong understanding of security governance, risk management, and compliance frameworks. Excellent ability to conceive, draft, proofread and edit written materials quickly, including demonstrated ability to understand and communicate about complex, technical, or sensitive subjects in a clear, concise, and engaging manner. Experience managing outsourced managed security service provider (MSSP) or in‑house security operations center (SOC). Knowledge of financial models and budgeting. Excellent organizational, collaborative leadership, decision‑making and communication skills. Excellent business acumen and sound business judgment. Practical experience with modern information security technologies and vendor solutions to include but not limited to strong authentication, network security, endpoint security, cloud/SaaS/PaaS security, security information and event management, user behavior analytics, vulnerability management, incident response, information assurance, security operations, anti‑DDoS SDLC, DevSecOps, mobile security, privacy, and regulatory compliance. Demonstrated experience integrating and operationalizing security frameworks such as: NIST CSF, ISO 27001, MITRE ATT&CK framework. Excellent skills in collaborating across divisions, functions, and geography, with a knack for engaging colleagues at all levels in projects and processes while continuing to own and drive them. Experience evaluating and maturing information security systems, controls, and processes, and leading internal control frameworks, regulatory compliance programs (e.g., HIPAA, PCI DSS, HITRUST, ISO 27001, NIST, CIS, SOC2, etc), and audit activities across complex environments. Experience leading enterprise‑level technology or security initiatives, preferably in a complex, federated or multi‑site environment, including project management, system implementation, IT operations coordination, and day‑to‑day InfoSec operations (e.g., monitoring, incident response, SOC workflows, and vulnerability management). Flexibility and ability to adapt to quickly changing priorities and ambiguous situations. A deep commitment to Planned Parenthood’s mission of promoting Sexual and Reproductive Health. $190,000 - $200,000 a year Travel: 0-10% travel as needed Planned Parenthood's cultural ethos, "In This Together", reflects our commitment to building a workplace culture that fosters belonging, promotes learning throughout the employee lifecycle, and recognizes individual contributions to our mission. Planned Parenthood Federation of America participates in the E-Verify program. Planned Parenthood Federation of America is an equal employment opportunity employer and is committed to maintaining a non-discriminatory work environment, and does not discriminate against any employee or applicant for employment on the basis of race, color, religion, sex, national origin, age, disability, veteran status, marital status, sexual orientation, gender identity, or any other characteristic protected by applicable law. Planned Parenthood is committed to creating a dynamic work environment that values diversity and inclusion, respect and integrity, customer focus, and innovation. #J-18808-Ljbffr