Director of Information Security

Summary :

Child Mind Institute is seeking a highly skilled, innovative, and transformational leader to join our team as a Director of Information Security.

The success of the mission and objectives of Child Mind Institute will depend on a leader who understands and can drive the collaborative efforts needed to implement a robust and secure environment.

This environment needs to continue to enable science, technology and the CMI teams to use the latest and most innovative technologies to advance our mission.

The Director of Information Security is responsible for the development, implementation, and management of the Information Security program at an enterprise level.

The Director of Information Security serves as a departmental manager for cyber security related operations (including incident response) and will own technology controls / measures, and policies, procedures, and processes.

This role will oversee security remediation efforts and ensure the protection of our external-facing applications, personal information, healthcare information, and children's privacy.

The Director of Information Security will plan, design, and direct all risk assessment activities and audits as well own compliance controls and monitoring as it pertains to Child Mind Institute's data protection and governance program.

Reporting to the Chief Information Officer, this is an exempt, full-time position located at our NYC headquarters. We offer a competitive salary and benefits.

The Child Mind Institute is proud to be named a Great Place to Work-Certified company! Our competitive compensation and benefits include medical insurance, 401(k), paid parental leave, dependent care, and flexible work schedules, paid parental leave, dependent care and discounted tickets and entertainment perks programs.

For more information about our benefits, please visit our employee benefits website.

Responsibilities :

• Define and implement the organization's information security program
• Conduct risk assessments and develop mitigation plans
• Manage security incidents and ensure timely remediation
• Oversee the organization's security operations
• Develop and maintain security policies and procedures
• Provide security awareness training to employees
• Work with other departments to ensure the security of the organization's systems and data
• Work closely with engineering, product, and science / research collaborators
• Lead internal and external stakeholders and partners through evaluation and execution

Qualifications :

• Bachelor's degree in information security, computer science, or a related field
• Advanced degree preferred
• 5+years of experience in a combination of risk management, information security, and IT jobs. At least five must be in a senior leadership role.

Employment history must demonstrate increasing levels of responsibility.

• Professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials
• Proven track record and experience in developing information security policies and procedures, as well as successfully executing programs that meet the objectives of excellence in a dynamic environment.
• Knowledge of common information security management frameworks, such as NIST 800-53, NIST Cybersecurity Framework, or ISO 27001
• Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences.
• Excellent knowledge of technology environments, including telecommunications, networks, programming, media, and desktops
• Strong understanding of security risks and threats
• Experience implementing security and protecting internet-facing applications in multiple major public cloud (Amazon Web Services, Microsoft Azure, or Google Cloud)
• Experience in protecting personal information, healthcare information, and children's privacy
• Working knowledge of HIPAA, GDPR, and CPPA
• Experience in data protections in a data and compute intensive environments
• Excellent communication and interpersonal skills
• Ability to work independently and as part of a team
• Experience in Microsoft 365 and Google Workspace environments, Hybrid Windows and MacOS endpoint environments, Cisco Networking equipment, Windows and Linux server environments, Cloud architecture (AWS, Azure, GDP), GitHub and server virtualization (VMWare).
• Strong interpersonal, communication, and customer service skills
• Excellent judgment and creative problem-solving skills, including conflict resolution.
• Experience with managing subject matter experts and cross-functional IT professionals including recruitment, supervision, scheduling, development, evaluation and disciplinary actions
• Professional demeanor and attitude
• Self-starter, attentive to detail and team player able to establish and maintain effective working relationships
• Passion for the Child Mind Institute's mission

Special Considerations :

Please upload your CV during the application process.

The salary range for the position is posted. Factors such as candidate's work experience, education / training, job-related skills, internal peer equity, as well as market and business considerations affect the salary offered within this range.

In addition, this salary may be subject to a geographic adjustment (according to a specific city and state and depending on the role), if an authorization is granted to work outside of the location listed in this posting.

The Child Mind Institute is an equal opportunity employer and does not discriminate in employment based on race, religion (including religious dress and grooming practices), color, sex / gender (including pregnancy, childbirth, breastfeeding or related medical conditions), sex stereotype, gender identity / gender expression / transgender (including whether or not you are transitioning or have transitioned) and sexual orientation;

national origin (including language use restrictions and possession of a driver's license issued to persons unable to prove their presence in the United States is authorized under federal law Vehicle Code section 12801.

9 ); ancestry, physical or mental disability, medical condition, genetic information / characteristics, marital status / registered domestic partner status, age (40 and over), sexual orientation, military or veteran status, or any other basis protected by federal, state or local law or ordinance or regulation.