Senior Officer, Security Engineer And Program Operations (Cyber Security)

Pew Charitible Trusts Washington , DC 20319

Posted 11 months ago

Overview

The Pew Charitable Trusts is driven by the power of knowledge to solve today's most challenging problems. Pew applies a rigorous, analytical approach to improve public policy, inform the public and invigorate civic life.

We are an independent nonprofit organization the sole beneficiary of seven individual trusts established between 1948 and 1979 by two sons and two daughters of Sun Oil Company founder Joseph N. Pew and his wife, Mary Anderson Pew.

Our work lays the foundation for effective policy solutions by informing and engaging citizens, linking diverse interests to pursue common cause and insisting on tangible results. Our projects encourage efficient, responsive governments at the local, state, national and international levels serving the best interests of the people. We partner with a diverse range of donors, public and private organizations and concerned citizens who share our interest in fact-based solutions and goal-driven investments to improve society.

With offices in Philadelphia, Washington DC, Australia, Brussels and London, and with additional staff in other regions of the United States and around the globe, Pew provides an exciting learning environment and the opportunity to work with highly talented individuals. We are a dynamic, rapidly evolving organization that values creativity and innovative thinking and fosters strong teamwork with mutual respect.

Overview of Information Technology

Information Technology (IT) at Pew takes a proactive approach toward the use of technology to increase the organization's capacity for exceptionally high-quality strategic philanthropy. Executive staff at Pew recognizes the importance of technology, and supports related initiatives to advance the institution's goals and achieve and maintain a leadership position in the philanthropic community. As a result, IT is in a mode of continuous improvement, applying leading-edge technology to the pursuit of the goals of the institution.

The department comprises highly competent, forward-thinking professionals who are responsible for the technology needs of all Pew staff, as well as for Pew's subsidiaries in Philadelphia and Washington, D.C. IT is organized into distinct areas of responsibility, including strategic alignment of technology with the business, the evaluation and acquisition of software and hardware, implementation of new systems and data repositories, and supporting the extended network, desktop computer hardware, and software applications.

Position Overview

The Senior Officer is part of a team of security professionals and is responsible for engineering and operating Pew's global technology security program. This position provides hands-on technical solutions and operation of a variety of information security systems. The position requires deep knowledge of security frameworks, standards, networking, virtualization, computing infrastructure, cloud computing, and telecommunications. The position also requires a nuanced understanding of how security and technology can support the work of the institution and which technologies best serve Pew. Additionally, this position is charged with performing the duties necessary to ensure the safety of Pew's information, networks, systems and other technology assets. Finally, this position is charged with developing Pew's security policies, overseeing the Pew's security awareness training program and evaluating Pew's alignment with various security frameworks.

The Senior Officer has no direct management responsibility, but is expected to contribute to the mentoring and professional development of staff within IT. The Senior Officer participates in complex projects that span multiple facets of information technology and include stakeholders across divisions. The Senior Officer reports to the Director, Infrastructure Operations and Security.

Responsibilities

  • Collaborate with the Director of Infrastructure Operations and Security, the security team and the Chief Technology Officer to design and execute security projects that address identified risks.

  • Monitor and analyze a range of systems to identify security issues for remediation including log analysis, intrusion detection, and other security intelligence systems.

  • In conjunction with other members of the security team and Pew's security providers, assist in security operations including incident management, incident analysis, escalation and resolution.

  • Develop and sustain Pew's information security program, policies, and standards in conjunction with the Director and CTO.

  • Maintain the IT security incident response process, including all required supporting materials.

  • Recommend and coordinate the implementation of technical controls to support and enforce defined security policies.

  • Define and execute a strategy to provide continuous monitoring, triage, and tracking of security events, and other operational IT issues.

  • Provide input on metrics and reporting strategies that effectively communicate successes and progress of the security program.

  • Participate in periodic reviews of technology related audits and compliance checks.

  • Assists in the development of annual budget estimates to ensure the information security program is ready to meet Pew's strategic needs.

  • Recommend and plan the implementation of new or updated information security solutions, and analyze its impact on the existing environment; provide technical expertise for the administration of security tools.

  • Develop and foster strong working relationships with others within IT.

  • Contribute to and participate in tasks of the Information Technology department as assigned. Participate in Pew-wide projects as requested.

Requirements

  • Bachelor's degree required, Master's degree preferred.

  • Minimum of ten years of IT experience, with eight years in an information security role demonstrating increasing levels of responsibility and technical expertise in an enterprise environment.

  • One or more security certifications such as SANS/GIAC, CISSP, CISA, CISM along with demonstrable, relevant professional experience.

  • Extensive experience of TCP/IP and the OSI model as well as cryptography algorithms, log aggregation, vulnerability assessments, and penetration testing tools.

  • Knowledge of network infrastructure, including switching and routing, firewalls, and all associated protocols and technologies.

  • Knowledge of computing infrastructure including servers, storage, virtualization, Windows infrastructure, DNS, and DHCP.

  • Demonstrable experience in operating and supporting network security controls (e.g., next-gen firewalls, web proxies, APT detection and IDS/IPS), end-point security controls (e.g., full-disk encryption, enterprise anti-virus, DLP), access controls (e.g., privileged access management, multi-factor authentication), and SIEM technologies.

  • Strong analytical skills to analyze security requirements and relate them to appropriate security technologies and controls.

  • A strong understanding of the business impact of security tools, technologies and policies.

  • Knowledge of IT end-to-end problem management and root cause analysis.

  • Working knowledge of Information Security frameworks and standards such as SANS/CIS Critical Security Controls, NIST 800-53 and ISO 27001/27002 with practiced program alignment and integration.

  • Excellent verbal and written communication skills.

  • Ability to understand organizational structure and culture and how these impact the delivery of technology to staff; ability to navigate complex organizational dynamics and exert influence in business relationships.

Compensation

As this is a full-time position, we offer a competitive salary and benefit program, including: comprehensive, affordable health care through medical, dental and vision coverage; financial security with life and disability insurance; opportunities to save using health savings and flexible spending accounts; retirement benefits to help prepare for the future; and work/life benefits to help you maintain a good balance.

The Pew Charitable Trusts is an equal opportunity employer, committed to a diverse and inclusive workplace. Pew considers qualified applicants for employment without regard to age, sex, ethnicity, religion, disability, marital status, sexual orientation or gender identity, military/veteran status, or any other basis prohibited by applicable law.

Travel

Occasional travel between Pew's offices as required. Additional travel required to attend trainings, seminars or conferences.


icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon
lc_ad

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Senior Information Security Engineer
New!

Howard University Hospital

Posted Today

VIEW JOBS 2/28/2020 12:00:00 AM 2020-05-28T00:00 <strong><u>POSITION SUMMARY</u></strong>: <br /> Under limited supervision by the Director of Technology and the Chief Information Security Officer, the Information Security Engineer will be responsible for the cyber defense function of HUH. He or she will contribute to the selection, deployment, and operation of cyber defense technologies, including firewalls, monitoring tools, malware detection, and log analysis tools across HUH. He or she will be an expert in the adoption of cyber security frameworks (e.g., NIST, HITRUST, FISMA, and ISO) and regulations specific to healthcare (e.g., HIPAA and HITECH). He or she will contribute to enterprise policies related to data use, network access, and appropriate use of computer equipment.<br />  <br /> <strong><u>REPORTING SUMMARY</u></strong>: <br /> No direct reports<br />  <br /> <strong><u>NATURE AND SCOPE</u></strong>:  <br /> Internal contacts may include senior administrators, faculty, physicians, nurses, other clinicians, and staff.<br />  <br /> External contacts may include partners, regulators, vendors, and contractors.<br />   <br /> <strong><u>PRINCIPAL ACCOUNTABILITIES: </u></strong><br /> Conduct cyber security audits, penetration tests, and investigations of cybersecurity incidents.<br />  <br /> Responsible for coordinating cyber threat mitigation activities, security breach detection, containment, and restoration activities and contribute to HUH’s disaster response plan.<br />  <br /> Develop and disseminate information security awareness training materials and develop and deliver class-room training for employees.<br /> Provide front-line response to detection systems and alarms<br /> Investigate malware, targeted attacks, intrusion attempts, and vulnerabilities<br /> Drive continuous improvement of response capabilities through automation and critical thinking<br /> Participate in the development, documentation, implementation and evaluation in security policies, guidance and procedures<br /> Assumes other duties and responsibilities that are related and appropriate to the position and area.  The above responsibilities are a general description of the level and nature of the work assigned to this classification and are not to be considered as all-inclusive.<br />  <br /> <strong><u>ORGANIZATIONAL EXPECTATIONS: </u></strong><br /> Promotes adherence to the Health Sciences Compliance Program, the Howard University Code of Ethics and the Health Sciences Standards of Conduct.<br />  <br /> Attends annual and periodic mandatory Compliance Program training including the Health Insurance Portability and Accountability Act (HIPAA) Privacy training.<br />  <br /> Participates in activities that promote adherence to federal healthcare program requirements.<br />  <br /> Actively participates in Health Sciences Compliance Program activities.<br />  <br /> Adheres to the requirements of the HIPAA Privacy Policies and Procedures.<br />  <br /> Maintains confidentiality of patients, families, and staff. <br />  <br /> <strong><u>CARES CRITERIA:</u></strong>  <br /> Must demonstrate collaboration; accountability; respect; excellence; and service.<br />  <br /> Works with team members and peers in and outside of their immediate work group to create an exceptional experience for patients, students and other visitors; looks for ways to achieve departmental/institutional results by partnering.<br />  <br /> Accepts responsibility for his/her actions to provide health care and or ancillary functions in a highly efficient and compassionate manner.  The employee must function as a Steward (Have Ownership) of the Howard values that foster a commitment to improving the patient and student experience, organizational efficiency and the environment.<br />  <br /> Embraces diversity; cares holistically for those we serve; treats all as we would like to be treated; manages the patient’s right to privacy with meticulous care 100% of the time and keeps patient and proprietary information about the institution confidential.<br />  <br /> Anticipates the patient’s and student’s needs, presents as a model representative of the institution and maintains high standards of care while striving to improve performance and create exceptional experiences for our customers.<br />  <br /> Behaves in a friendly, resourceful and professional manner towards all they encounter; treats patients, students and visitors in the same way that they would want their family members or themselves to be treated.<br />  <br /> <strong><u>CORE COMPETENCIES</u></strong>: This is a list of knowledge, skills, and abilities that the incumbent should possess in order to perform the Principal Accountabilities successfully.  Each phrase should begin with a noun or adjective.  Examples: “Ability to exercise independent judgment”, “Knowledge of standard accounting principles”, “Skilled in supervising, mentoring, and motivating staff”.  In addition, two standard competencies listed below are required for nearly all HUH position descriptions<br />  <br /> Knowledge of various enterprise software technologies used in an acute care hospital<br />  <br /> Critical and analytical thinking skills<br /> Excellent collaborating and negotiation skills<br /> Must have excellent written and verbal skills. Must be comfortable making formal presentations to senior management and executive level clients.<br /> Proficiency in the operation of computers, related software applications (word-processing, spreadsheets,<br /> databases, graphic presentations, as well as other standard office equipment information systems, etc.)<br /> and standard office equipment.<br />  <br /> Familiarity with project planning methodology and willingness to work in a team environment to complete<br /> projects in a timely fashion.<br />  <br /> Must work independently on broad assignments and be capable of making decisions both involving projects as well as ongoing troubleshooting.<br />  <br /> Ability to exercise discretion and ensure a high level of confidentiality.<br />  <br /> Strong interpersonal skills and emotional intelligence.<br />  <br /> Ability to work independently or as part of a team with a “roll up your sleeves” attitude.<br />  <br /> Competence in both oral and written English.<br />  <br /> Ability to establish and maintain effective and harmonious work relationships with staff, physicians, Hospital and University officials, and the general public.<br />  <br /> <strong><u>MINIMUM REQUIREMENTS</u></strong>:<br /> B.S. in Computer Engineering, Computer Science, or other similar area.<br />  <br /> 7+ years of experience as Network or Systems Engineer for a complex organization including 2 + years in Security Systems<br />  <br /> Knowledge of healthcare security and privacy regulations (HIPAA/HITECH).<br />  <br /> Advanced knowledge of at least one information security framework (e.g., NIST, HITRUST, FISMA, ISO).<br />  <br /> Certified Information Security System Professional (CISSP) certification and Healthcare experience are major pluses.<br />  <br /> Must be able to stand, walk, sit, lift (12-25lbs), bend, write, type, file, speak, hear, see, calculate, compare, edit, evaluate, interpret and organize for extended periods of time.<br />   Howard University Hospital Washington DC

Senior Officer, Security Engineer And Program Operations (Cyber Security)

Pew Charitible Trusts