Senior Officer, Security Engineer and Program Operations
- Job posted by The Pew Charitable Trusts
The Pew Charitable Trusts is driven by the power of knowledge to solve today's most challenging problems. Pew applies a rigorous, analytical approach to improve public policy, inform the public and invigorate civic life.
We are an independent nonprofit organization – the sole beneficiary of seven individual trusts established between 1948 and 1979 by two sons and two daughters of Sun Oil Company founder Joseph N. Pew and his wife, Mary Anderson Pew.
Our work lays the foundation for effective policy solutions by informing and engaging citizens, linking diverse interests to pursue common cause and insisting on tangible results. Our projects encourage efficient, responsive governments – at the local, state, national and international levels – serving the best interests of the people. We partner with a diverse range of donors, public and private organizations and concerned citizens who share our interest in fact-based solutions and goal-driven investments to improve society.
With offices in Philadelphia, Washington DC, Australia, Brussels and London, and with additional staff in other regions of the United States and around the globe, Pew provides an exciting learning environment and the opportunity to work with highly talented individuals. We are a dynamic, rapidly evolving organization that values creativity and innovative thinking and fosters strong teamwork with mutual respect
Overview of Information Technology
Information Technology (IT) at Pew takes a proactive approach toward the use of technology to increase the organization's capacity for exceptionally high-quality strategic philanthropy. Executive staff at Pew recognizes the importance of technology, and supports related initiatives to advance the institution's goals and achieve and maintain a leadership position in the philanthropic community. As a result, IT is in a mode of continuous improvement, applying leading-edge technology to the pursuit of the goals of the institution.
The department comprises highly competent, forward-thinking professionals who are responsible for the technology needs of all Pew staff, as well as for Pew's subsidiaries in Philadelphia and Washington, D.C. IT is organized into distinct areas of responsibility, including strategic alignment of technology with the business, the evaluation and acquisition of software and hardware, implementation of new systems and data repositories, and supporting the extended network, desktop computer hardware, and software applications.
The Senior Officer is part of a team of security professionals and is responsible for engineering and operating Pew's global technology security program. This position provides hands-on technical solutions and operation of a variety of information security systems. The position requires deep knowledge of security frameworks, standards, networking, virtualization, computing infrastructure, cloud computing, and telecommunications. The position also requires a nuanced understanding of how security and technology can support the work of the institution and which technologies best serve Pew. Additionally, this position is charged with performing the duties necessary to ensure the safety of Pew's information, networks, systems and other technology assets. Finally, this position is charged with developing Pew's security policies, overseeing the Pew's security awareness training program and evaluating Pew's alignment with various security frameworks.
The Senior Officer has no direct management responsibility, but is expected to contribute to the mentoring and professional development of staff within IT. The Senior Officer participates in complex projects that span multiple facets of information technology and include stakeholders across divisions. The Senior Officer reports to the Director, Infrastructure Operations and Security.
- Collaborate with the Director of Infrastructure Operations and Security, the security team and the Chief Technology Officer to design and execute security projects that address identified risks.
- Monitor and analyze a range of systems to identify security issues for remediation including log analysis, intrusion detection, and other security intelligence systems.
- In conjunction with other members of the security team and Pew's security providers, assist in security operations including incident management, incident analysis, escalation and resolution.
- Develop and sustain Pew's information security program, policies, and standards in conjunction with the Director and CTO.
- Maintain the IT security incident response process, including all required supporting materials.
- Recommend and coordinate the implementation of technical controls to support and enforce defined security policies.
- Define and execute a strategy to provide continuous monitoring, triage, and tracking of security events, and other operational IT issues.
- Provide input on metrics and reporting strategies that effectively communicate successes and progress of the security program.
- Participate in periodic reviews of technology related audits and compliance checks.
- Assists in the development of annual budget estimates to ensure the information security program is ready to meet Pew's strategic needs.
- Recommend and plan the implementation of new or updated information security solutions, and analyze its impact on the existing environment; provide technical expertise for the administration of security tools.
- Develop and foster strong working relationships with others within IT.
- Contribute to and participate in tasks of the Information Technology department as assigned. Participate in Pew-wide projects as requested.
- Bachelor's degree required, Master's degree preferred.
- Minimum of ten years of IT experience, with eight years in an information security role demonstrating increasing levels of responsibility and technical expertise in an enterprise environment.
- One or more security certifications such as SANS/GIAC, CISSP, CISA, CISM along with demonstrable, relevant professional experience.
- Extensive experience of TCP/IP and the OSI model as well as cryptography algorithms, log aggregation, vulnerability assessments, and penetration testing tools.
- Knowledge of network infrastructure, including switching and routing, firewalls, and all associated protocols and technologies.
- Knowledge of computing infrastructure including servers, storage, virtualization, Windows infrastructure, DNS, and DHCP.
- Demonstrable experience in operating and supporting network security controls (e.g., next-gen firewalls, web proxies, APT detection and IDS/IPS), end-point security controls (e.g., full-disk encryption, enterprise anti-virus, DLP), access controls (e.g., privileged access management, multi-factor authentication), and SIEM technologies.
- Strong analytical skills to analyze security requirements and relate them to appropriate security technologies and controls.
- A strong understanding of the business impact of security tools, technologies and policies.
- Knowledge of IT end-to-end problem management and root cause analysis.
- Working knowledge of Information Security frameworks and standards such as SANS/CIS Critical Security Controls, NIST 800-53 and ISO 27001/27002 with practiced program alignment and integration.
- Excellent verbal and written communication skills.
- Ability to understand organizational structure and culture and how these impact the delivery of technology to staff; ability to navigate complex organizational dynamics and exert influence in business relationships.
As this is a full-time position, we offer a competitive salary and benefit program, including: comprehensive, affordable health care through medical, dental and vision coverage; financial security with life and disability insurance; opportunities to save using health savings and flexible spending accounts; retirement benefits to help prepare for the future; and work/life benefits to help you maintain a good balance.
The Pew Charitable Trusts is an equal opportunity employer, committed to a diverse and inclusive workplace. Pew considers qualified applicants for employment without regard to age, sex, ethnicity, religion, disability, marital status, sexual orientation or gender identity, military/veteran status, or any other basis prohibited by applicable law.
Occasional travel between Pew's offices as required. Additional travel required to attend trainings, seminars or conferences.
Minimum Education Required