Planned Parenthood Federation of America · 3 days ago
National Director, Information Security
New York, NY
Full-time
Onsite
Director/Executive
$190K/yr - $200K/yr
12+ years expPlanned Parenthood Federation of America is the nation’s leading provider and advocate of high-quality, affordable sexual and reproductive health care. The National Director, Information Security is a strategic leader responsible for overseeing the Information Security team and managing the technology stack to protect the organization’s information and assets, while ensuring compliance with industry standards and regulations.
AssociationHealth CareNon Profit
Responsibilities
The National Director, Information Security is a strategic leader of the Information Security team, responsible for the people, processes, and cyber technologies required to protect PPFA and the entire federation’s information and assets
Responsibilities include technical oversight of PPFA’s complex portfolio of the Information Security technology stack, while managing the National Office information security operations including but not limited to day to day information security operations in partnership with our MSSP co-managed services, vulnerability management, cyber threat intelligence, incident response and all related cyber services
This role will oversee the InfoSec Architecture and Engineering tower, ensuring Secure Software Development Life Cycle (SSDLC) integration as well as Continuous Integration (CI), and Continuous Delivery/Deployment (CD) across the National Office
This role is also critical in providing Affiliate InfoSec Operations support in partnership with Affiliate Tech Services and our Managed Security Services Provider. This position brings transformative insight to Information Security products and services through leadership and innovation, accelerating the organization’s ability in managing an evolving threat landscape
The National Director, Information Security serves as a subject matter expert and liaison, bridging the InfoSec team with all divisions under Tech Strategy and Services to ensure PPFA’s information security program is comprehensive, and in compliance with industry standard frameworks, regulations and compliance requirements
This role involves collaborating with National Office departments and teams, affiliates and ancillaries, to provide expert guidance, oversight, and support on a range of security initiatives
The National Director will also play a key role in identifying security gaps, monitoring and providing guidance on remediation activities, developing and advocating for security best practices, and fostering a collaborative security environment across the federation
The National Director, Information Security will engage with staff at all levels within PPFA, Affiliates, and Ancillaries. They will also be leading and mentoring direct and indirect reports
Proven senior leader in managing diverse, distributed technical and operational teams with strong meeting management, relationship building and negotiating skills; able to gain trust of diverse stakeholders
Advances and challenges the InfoSec team thinking to embrace transformative new approaches to work
Partners across the Information Technology and Information Security organization to provide strategic and operational direction for InfoSec’s annual business planning, cyber technology roadmaps, industry trends and CISO priorities
Ability to translate technical information into easily understandable information for non-technical audiences
Demonstrates consistent, engaging insight which attracts attention and builds/expands collaborative networks with external vendor partners for MSSP and tech stack vendors
Ability to discuss and present on Security topics to various executive management groups from both local and organization wide entities
Able to manage in-house and vendor teams and ensure technical SLAs are met with ability to hold vendors accountable to SLAs. Form corrective action plans accordingly to manage poor vendor performance
Direct experience with technical vendor management across MSSP and all cyber tech vendors
Proven negotiation skills and industry relationships
Assist in vendor security assessments
Assist in legal in vendor security requirements
In partnership with CISO and our Incident Response/Threat & Vulnerability Management team, ensure proper handling of Technical Security Incident Response
Senior leader with ability to work in a Federated model and provide insight and communications to technical and non-technical senior level staff
Exceptional consulting skillset with ability to provide appropriate direction to other groups and executives on security matters
Proven ability to present and discuss highly complex technical information to users with varying technical expertise
Serve as a liaison to IT Infrastructure & Services and InfoSec in regards to industry standard security, technical controls as well provide regulatory and compliance in areas including industry best practices (NIST), HIPAA Security Rule compliance and PCI-DSS compliance
Lead cross-functional engagement and change management across PPFA and Affiliates to advance security initiatives, remediate configuration and compliance gaps in shared platforms (e.g., Okta, CrowdStrike, Proofpoint), and support accreditation readiness through education, collaboration, and hands-on guidance
Accountable for monitoring and analyzing PPFA’s security posture on an ongoing basis and managing the InfoSec operation’s team to protect, detect and respond to security issues according to standard operating procedures and best practices
Identifies opportunities and challenges for continued improvement across Information Security capabilities, delivering innovative and breakthrough cyber tech solutions
Oversee the National Office Security Operations including technology stack management for all cyber tech components
Lead and manage technology roadmaps and tech life cycle management for each tech component eg. ( Email Gateway, EDR, IAM, SIEM, Vuln Mgmt, etc)
Provide technical oversight to ensure all tech stack components are configured, standard, stable according to SLAs and best practices
Drive SIEM alert tuning and provide technical leadership to MSSP to drive effective and efficient 24v7x365 alert monitoring
Responsible for management of standard operating procedures and processes; security policy development and enforcement; security risk assessments, audits, and remediations
Creates new InfoSec operations processes and approaches which accelerate delivery of shared services program and PPFA cyber support network
Act as the technical expert on all cyber technology products in collaboration with Affiliate Tech Services and IT to develop new cyber security services for the National Office and the federation
Act as a technical advisor and thought leader to the affiliates regarding cyber technology operational support for the InfoSec tech stack
Lead the InfoSec Architecture & Engineering function, overseeing the evaluation, design, and implementation of security technologies and enterprise architecture aligned to business objectives, industry frameworks (NIST, ISO 27001, CIS), and regulatory requirements (HIPAA, GDPR, PCI-DSS)
Embed security into the software development lifecycle (SSDLC/DevSecOps) by defining secure architecture and coding standards, driving threat modeling and risk assessments, and ensuring security requirements are built into system and application specifications
Partner across IT and business units to integrate monitoring, detection, and response capabilities, continuously improve security tooling and processes, and strengthen the organization’s security posture through innovation, collaboration, and technology adoption
In partnership with PPFA CISO, act as a co-IR lead throughout incident scenarios and provide subject matter expertise in cybersecurity incident response
Support the development and execution of IR Tabletop exercises annually, including all relevant levels of management
Assist in the development and implementation of Incident Response Plans
Oversee the executive IR plan and continuously improve to reflect the dynamic aspects of the business
Lead and evolve the strategic direction of Information Security technology capabilities in a collaborative, cross-discipline approach. Project senior-technical thought expertise on the information security strategy, and operational/technical implementation
Sought after as an expert on industry trends, current security technologies, news and events and how they impact the security policies, procedures and portfolio
Benchmark, analyze, and identify recommendations for the improvement and growth of PPFA’s technology and security operations and services to drive the advancement of division priorities
Drive both internal and external threat analysis and intelligence, tuning of security detection rules/policies/models, and implementation of effective countermeasures
Stay abreast of the security industry threat landscape and brief executives and leadership team on current intelligence
Lead collaborative efforts between physical and cybersecurity threat management elements
Review and recommend threat intel sources that match the needs of the organization
Turns new concepts/approaches into functional reality through creation of InfoSec metrics and standards to drive optimization and operational excellence for all cyber tech products and services
Identify and drive assist in metrics development and management for both business and technical consumption
Leads report status, progress, operational & performance metrics and value to executives across PPFA
Collaborate across teams to ensure compliance with cybersecurity policies and developing reporting metrics to communicate the efficacy of tools and programs
Act as Security Change Approver for InfoSec on the PPFA IT Change Management Board to ensure IT system and configuration changes are not detrimental to PPFA’s information security posture, are authorized, and disruptions to services provided by Information Security and Information Technology to the PPFA National Office and its Affiliates are minimized
Facilitate InfoSec Accreditation Office Hours
Performs other duties as assigned
Qualification
Required
Bachelor's degree in computer science, information systems, computer engineering, system analysis, or a related field, or equivalent work experience
12+ years of IT and business/industry work experience including Information Security & Technology related experience
At least one security industry certifications (i.e., CISSP, CISA, CISM, SANS)
Progressive Leadership experience in managing technical functions and security engineering teams and influencing senior level management and key stakeholders
Proven ability to develop and implement strategic security initiatives
Strong understanding of security governance, risk management, and compliance frameworks
Excellent ability to conceive, draft, proofread and edit written materials quickly, including demonstrated ability to understand and communicate about complex, technical, or sensitive subjects in a clear, concise, and engaging manner
Experience managing outsourced managed security service provider (MSSP) or in-house security operations center (SOC)
Knowledge of financial models and budgeting
Excellent organizational, collaborative leadership, decision-making and communication skills
Excellent business acumen and sound business judgment
Practical experience with modern information security technologies and vendor solutions to include but not limited to strong authentication, network security, endpoint security, cloud/SaaS/PaaS security, security information and event management, user behavior analytics, vulnerability management, incident response, information assurance, security operations, anti-DDoS SDLC, DevSecOps, mobile security, privacy, and regulatory compliance
Demonstrated experience integrating and operationalizing security frameworks such as: NIST CSF, ISO 27001, MITRE ATT&CK framework
Excellent skills in collaborating across divisions, functions, and geography, with a knack for engaging colleagues at all levels in projects and processes while continuing to own and drive them
Experience evaluating and maturing information security systems, controls, and processes, and leading internal control frameworks, regulatory compliance programs (e.g., HIPAA, PCI DSS, HITRUST, ISO 27001, NIST, CIS, SOC2, etc), and audit activities across complex environments
Experience leading enterprise-level technology or security initiatives, preferably in a complex, federated or multi-site environment, including project management, system implementation, IT operations coordination, and day-to-day InfoSec operations (e.g., monitoring, incident response, SOC workflows, and vulnerability management)
Flexibility and ability to adapt to quickly changing priorities and ambiguous situations
A deep commitment to Planned Parenthood's mission of promoting Sexual and Reproductive Health
Company
Planned Parenthood Federation of America
Planned Parenthood is a trusted health care provider, an informed educator, a passionate advocate, and a global partner.
501-1000 employees
H1B Sponsorship
Planned Parenthood Federation of America has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2024 (1)
Funding
Current Stage
Late StageTotal Funding
$1.03MKey Investors
Bishop Parker FoundationMontgomery County GovernmentThe Conrad Prebys Foundation
2025-01-09Grant· $0.03M
2024-05-06Grant· $0.07M
2023-06-26Grant· $0.5M
Leadership Team
Alexis McGill Johnson
President & CEO
Recent News
Springfield Business Journal
2026-01-07
Maryland Daily Record
2026-01-04
Company data provided by crunchbase