Associate Director, Information Security, Risk & Accreditation
Planned Parenthood is the nation’s leading provider and advocate of high-quality, affordable sexual and reproductive health care for all people, as well as the nation’s largest provider of sex education. With more than 600 health centers across the country, Planned Parenthood organizations serve all patients with care and compassion, with respect, and without judgment, striving to create equitable access to health care. Through health centers, programs in schools and communities, and online resources, Planned Parenthood is a trusted source of reliable education and information that allows people to make informed health decisions. We do all this because we care passionately about helping people lead healthier lives. Planned Parenthood Federation of America (PPFA) is a 501(c)(3) charitable organization that supports the independently incorporated Planned Parenthood affiliates operating health centers across the U.S. Planned Parenthood Action Fund is an independent, nonpartisan, not-for-profit membership organization formed as the advocacy and political arm of Planned Parenthood Federation of America. The Action Fund engages in educational, advocacy, and electoral activity, including grassroots organizing, legislative advocacy, and voter education.Planned Parenthood Federation of America (PPFA) and Planned Parenthood Action Fund (PPAF) seek an Associate Director, Information Security, Risk & Accreditation for Information Security Accreditation. This job reports directly to the Senior Director, Information Security Governance, Risk, and Compliance in the Information Security department of PPFA. The Office of Information Security provides the strategy and implementation of the information security program that safeguards the data entrusted to Planned Parenthood by its patients, supporters, donors, and staff.Purpose: This role will serve as an Information Security auditor and accreditor for the Planned Parenthood accreditation program. The accreditation program works to assess and manage risks across the federation through routine evaluation of its affiliates and ancillary organizations. Delivery: The role will deliver by evaluating security systems, controls, and policies at Planned Parenthood affiliates and ancillary organizations through the PPFA accreditation program, write reports that interpret assessment results and enumerate any findings, develop and track corrective actions as needed, and assess efficacy of risk mitigation activities performed. ●Conducts accreditation interviews, risk assessments, and technical analyses to determine areas of risk and non-compliance ●Maintains thorough and organized tracking of audit requirements, assessment results, and corrective actions ●Thoroughly reviews documentation, third party assessments, and audit samples for compliance with accreditation criteria and identifies any discrepancies or corrective actions●Uses broad and deep security knowledge and technical evaluation skills to help ensure risks are appropriately identified, assessed, and documented ●Observes and tests systems, tools, databases and other components of the security stack for compliance with accreditation criteria●Strategically and tactically weighs impact and scope of risks in determining risk posture and acceptance within an audit ●Identifies and articulates review outcomes and any findings, including writing final reports and presentations to audit stakeholders●Communicates professionally and effectively with technical, non-technical, and executive stakeholders●Reviews and assesses corrective action reports to determine effective remediation of any risks ●Assesses compliance with applicable laws and regulations as a part of the evaluation process●Ensures timely communications and project management of individual assessments ●Tracks all review process elements and ensures all operating procedures are followed, data recorded, and milestones met Engagement: The Associate Director, Information Security, Risk & Accreditation will engage with the Information Security team as well as executive and operational staff within the Planned Parenthood National Office, Affiliates, and Ancillary Organizations. ●Serves as facilitator and auditor in affiliate and ancillary accreditation review processes, including interfacing with CIOs, COOs, CEOs, and third party service providers ●Works closely with InfoSec Governance, Risk, and Compliance team and Accreditation and Evaluation Department on review requirements and operations ●Works with accreditation Review Managers and ensures alignment and adherence to accreditation schedule and requirements ●Participates in activities and meetings as part of the core team of accreditation Program Experts ●Works with other accreditation Program Experts for continuity of operations and peer review●Articulates review findings and corrective actions for technical and non-technical audiences●Develops and uses interview techniques and facilitates risk identification sessionsKnowledge, Skills and Abilities (KSAs): ●Bachelor’s degree and 5+ years of industry experience●InfoSec Auditing, Accreditation, or Security Risk Assessment working experience ●Experience implementing and/or assessing an organization’s IT and InfoSec controls●Experience evaluating information security systems, policies, processes, and technology environments and/or experience managing an organization’s internal control frameworks, compliance requirements, or audit program●A deep understanding of IT and information security environments and administration ●Strong written and verbal communication, including technical and non-technical writing skills●Strong attention to detail and analytical skills ●Strong project management and time management skills●Ability to maintain neutrality and fairness in the review process, and avoid or raise any possible bias●Knowledge of security technologies (security tools, networking, device protections, encryption, data protection, identity and access management, etc.)●Experience with compliance requirements and industry standards (HIPAA Security, PCI DSS, HITRUST, ISO 27001, NIST, CIS, etc.)●Current industry certifications, particularly security and/or auditing certifications, a plus (CISA, CISM, CISSP, CRISC, ECSA, GPEN, GSEC, SSCP, IIBA, CBAP, CBAP, CEH, etc.)Travel: 0-10% travel, as needed. Total offer package to include generous vacation + sick leave + paid holidays, individual/family provided medical, dental and vision benefits effective day 1, life insurance, short/long term disability, paid family leave and 401k. We also offer voluntary opt-in for Flexible Spending Account (FSA) and Transportation/Commuter accounts. We value a truly diverse workforce and a culture of inclusivity and belonging. Our goal is to attract qualified candidates and encourage applications from all individuals without regard to race, color, religion, sex, national origin, age, disability, veteran status, marital status, sexual orientation, gender identity, or any other characteristic protected by applicable law. We're committed to creating a dynamic work environment that values diversity and inclusion, respect and integrity, customer focus, and innovation.PPFA participates in the E-Verify program and is an Equal Opportunity Employer.#LI-SY1*PDN-HRAll roles that are denoted as NYC, DC, or both will be on a hybrid schedule, requiring 2-3 days per week in the office.