Overview & Job Description
Students are at the core of Bottom Line. Every day, we are energized by their drive, potential, and passion. We know that the success of our students will create a ripple effect in our communities.
Bottom Line is bridging the divide of educational inequity by providing a trusted advisor and the social capital necessary for our students to earn their bachelor’s degree, build financial stability, and successfully launch thriving careers. We primarily focus on students of color who will be in the first generation of their family to earn a college degree, are from low-income backgrounds, and are academically prepared for college.
For more than two decades, Bottom Line has been fighting for educational equity by ensuring that the right to a quality college education is accessible to those whose potential and drive exceed their opportunity. For first-generation degree-aspiring students from low-income backgrounds who face systemic barriers, Bottom Line’s advisors are a relentless ally who partner with them to find the right college, persist to a degree, and successfully launch a career.
As one of the first college support organizations to focus on college completion, Bottom Line now produces best-in-class college graduation rates that reduce the significant gap between first-generation students from low-income backgrounds and their wealthier peers. We operate regional programs in Massachusetts, New York City, and Chicago that collectively serve over 7,000 students.
When you join Bottom Line, you will find an organization that lives into its core values. We are committed to building strong, impactful relationships with our students, co-workers, schools, community partners, donors, and other supporters. We are engaging, responsive, caring, direct, honest, solutions-oriented, and we always follow through on our promises. We act with empathy and extend grace to ourselves and each other. We pursue ambitious goals, hold ourselves to high standards, make data-informed decisions, and orient to long-term success for our students and our organization. We operate with curiosity, evolve thoughtfully, take informed risks, and learn from successes, setbacks, and each other. Experts in our field, we are driven by our mission and motivated by the impact we’re achieving.
At Bottom Line, we have a strong commitment to Diversity, Equity, and Inclusion. We aim to attract diverse candidate pools who hold these same values, and are ready to help us along our journey toward greater equity and inclusion.
For more information about who we are, please review our Core Values and Careers Page.
Position Summary: The Director of Infrastructure Security and Operations (“Director”) is responsible for managing day-to-day infrastructure and cybersecurity operations on the Technology and Data team. This includes all technical operations related to IT Risk, including cybersecurity engineering, vulnerability, anti-virus/malware scanning, disaster recovery, business continuity, and data governance. The Director will report to the Chief Technology and Data Officer (CTDO).
Furthermore, the Director will manage Bottom Line’s infrastructure in Azure, have complete oversight of all technical operations related to the environment, and be responsible for a third-party helpdesk team providing level 1 and level 2 support to staff.
In addition to serving as subject matter expert and primary personnel in cybersecurity engineering for Bottom Line, the Director will work with the CTDO to continuously define and improve IT infrastructure strategy, direction, architecture, standards, and management to include not only disaster recovery, but also security, systems, monitoring, performance, networks, and storage. This role must ensure reliable 24x7 operations and be a champion for Bottom Line’s journey in the Cloud. This position will act as a liaison between IT and other functions within the Bottom Line organization as needed.
Key Relationships: Work collaboratively with other Bottom Line business units such as Program Design, Human Resources, and Operations leads across all three Bottom Line regions – Chicago, Massachusetts, and New York –to implement and support on a variety of hardware needs. Acts as the point of contact for helpdesk matters from Bottom Line’s third-party level 1 and level 2 support team. Provides consultative services to other teams at Bottom Line as needed by implementing best practices regarding infrastructure operations and security standards. Oversees technical relationships with a variety of consultative groups and strategic partners such as Microsoft, Infranet, LastPass, and a variety of other groups.
- Identify appropriate Disaster Recovery framework and oversee implementation of the approach to ensure business continuity, appropriate backup procedures, and preservation of IT assets.
- Maintain knowledge of developments in IT systems, cloud technologies, and cyber security and make recommendations for incorporating these new developments into the future needs of the organization.
- Oversee Infrastructure modernization efforts, including determining the best course of action in moving Infrastructure currently on-prem to an Azure Cloud instance, Re-design of Active Directory (AD) framework now in Cloud to support Identity Access Management efforts with other Bottom Line systems.
- Lead the day-to-day management of Bottom Line’s IT requirements, including:
- Oversight of the day-to-day operations of the IT network (printer, copier, phone - cell phone and landlines-, servers, storage, database) and systems in the Cloud; oversight will include performing functions necessary to bring assets still on premises into an Azure Cloud infrastructure wherever applicable.
- Responsible for the allocation, tracking, and replacement of IT assets for National staff at Bottom Line. Works with the site operations leads across all three Bottom Line regions to ensure appropriate deployment of assets to their teams and that asset life cycle procedures are enforced.
- Manage, secure, and troubleshoot Azure active directory resources such as users, computers, shared folders, and peripherals; Work closely with Help Desk support team to determine appropriate provisioning required for them to support on work around this.
- Manage the relationships between IT Help Desk support staff (currently a Managed Services group) and Bottom Line Staff.
- Document IT operational procedures and policies, including data loss prevention, disaster recovery, system backup, and software installation wherever appropriate. Proactively stay abreast of and ensure compliance with legal requirements, regulation changes and industry practices.
- Manage third party vendor relationships and hold them accountable for delivery of outsourced functions.
- Create and deliver staff training to end-users during on-boarding and as needed
- Oversee consulting firm(s) responsible for conducting an audit of overall IT risk operations, including security incident analysis and response, vulnerability assessments, and Internet filtering. Review findings from audit and identify top Medium to High vulnerabilities that should be mitigated; Manage consultants responsible for implementing audit recommendations.
- Assist the Chief Technology and Data Officer in the identification, selection, and implementation of tools to support of various IT infrastructure and risk programs and initiatives such as monitoring of traffic to prevent against potential data exfiltration and malware attacks.
- Support most aspects of IT risk operations, engineering, vulnerability, and threat management as needed.
- Partner with the CTDO to develop plan for Bottom Line’s five-point security program to identify, assess, and respond to security threats. While program implementation and/or deployment will occur via a combination of consultative groups, its maintenance and management will be the responsibility of the Director of Infrastructure and Security Operations.
- Security foci may include:
- Acceptable Use Policy and other Procedures/Standards
- Threat and Vulnerability Management
- Incident Response Plan
- Endpoint Protection
- DNS-Layer Content Filtering
- Oversee the deployment, integration, and initial configuration of all new security solutions and any enhancements to existing security solutions.
- Interface with peers on the Technology and Data team as well as leaders of business units throughout Bottom Line, to both share and solicit their involvement in strengthening the enterprise risk posture.
- Until a Security Incident Response Team is identified, the Director will provide support on procedures for handling IT security related events.
- Leverage existing tools – or identify right mix of tools—to monitor all hardware and Commercial Off the Shelf applications deployed and determine issue resolution and Root Cause Analysis.
- Oversee the day-to-day security operations, coordinating with various teams internal and external to Bottom Line.
Secondary Responsibilities (5%)
- Represent the Bottom Line brand in a positive light, and take actions to increase brand awareness throughout the community
- Maintain a “students first” perspective, actively building connections with colleagues across functions to build understanding of each other’s work, and more importantly, serve as the best possible advocate for our students and mission
- Work collaboratively with others on the National Team and with regional teams on shared projects, committees, and other opportunities
Duties, responsibilities and activities may change at any time with or without advanced notice.
- Demonstrated commitment to Bottom Line’s Mission, Vision, and Core Values
- Demonstrated proficiency and/or growth potential in Bottom Line's seven core competencies: Relationships, Results, Communication, Inclusiveness, Talent Development, Agility, and Planning
- Work authorization required
- Bachelor's degree and five years of full-time, successful experience using information technology (IT) in computer applications programming, systems programming, computer systems development, or planning of data/information processing; at least two years of this experience must have been in an administrative or managerial capacity in the aforementioned areas of IT, or in the supervision of staff or consultants performing these duties.
- Experience with managing infrastructure and security assets in Microsoft Azure.
- Experience with hardware and software procurement and outsourcing agreements.
- Experience in building stakeholder relationships to guarantee a smooth enterprise IT presence.
- Knowledge of information security program design and applicable regulatory or statutory compliance, including SOX, and Cyber Security.
- Proven record of accomplishment of executing through consulting teams and managing remote personnel to deliver on-time and within budget.
- Experience establishing service level agreements (SLAs) and operating level agreements in alignment with company objectives and customer needs.
- Ability to function independently while maintaining clear communications with senior management
- Ability to interact at all levels of the organization, and demonstrate effective communication in speech and writing
- Ability to research and troubleshoot IT issues and products and present ideas in business-friendly and user-friendly language
- Ability to handle confidential and sensitive matters
- Must be able to prioritize, work well in a fast-paced environment and exercise good judgment and problem-solving skills
- Experience working with diverse team
- Working knowledge of core networking, server, clustering, and OS (Linux, Unix, Windows) concepts preferred
- Experience working in a data-driven and process-driven organization
- ITIL, Azure, Network, or other relevant IT certifications
- Proven experience with a broad spectrum of technologies including networks, communications, servers, storage systems, backup/archive, integration systems, disaster recovery and data security systems
- Strong background in Active Directory design and end-user support processes.
- Experience working in Agile and Continuous Delivery environments.
- Experience with the following security technologies:
- Endpoint Protection (Antivirus/Malware)
- Data Loss Prevention (DLP)
- Threat Detection and Prevention Systems
- Security Incident and Event Management systems (SIEMs)
All employees are expected to demonstrate continued growth within our seven core competencies.
- Relationships: Identifies opportunities and takes action to build and maintain meaningful and collaborative connections with various stakeholders
- Results: Produces quality outcomes; compiles and analyzes data to drive future plans; uses creative solutions
- Communication: Effectively articulates information in a clear, concise, and timely manner to a wide range of stakeholders
- Inclusiveness: Creates and maintains an environment that respects and values the identities and cultures of all colleagues and students we serve
- Talent Development:Actively contributes to the hiring, development, retention, and promotion of a highly effective team
- Agility: Demonstrates adaptability and openness to shifting priorities, needs of stakeholders, and organizational changes
- Planning:Effectively and efficiently uses resources (people, time, materials, technology) in order to create, meet, and assess both strategic and task-oriented goals