Manager, Information Security, IT (Brooklyn, NY)

Who we are:

The Vera Institute of Justice, founded in 1961, is a nonprofit criminal justice organization that strives to build just government institutions and safe communities free from the scourge of racism, white supremacy, profit, and inequity that is pervasive in this country’s legal systems. We are an “inside” lane organization that drives change at scale with ambitious public sector leaders who share our commitment to building anti-racist, reparative systems that deliver justice. We leverage our access to government to transform these systems and work collaboratively with stakeholders across many movements—including advocacy, grassroots, and grassroots organizations. Our role is to pilot solutions that are transformative and achievable, harness the power of evidence to drive effective policy and practice, and use advocacy and communications to change narratives and norms.

Vera has a staff of almost 300 people and offices in New York City, Washington, DC, Los Angeles, and New Orleans. We are an equal opportunity employer with a commitment to diversity in the workplace. We expect our staff to embody respect, independence, collaboration, commitment, anti-racism, and equity—both in our outward-facing work and the internal culture of our workplace. We value a range of experiences in people’s educational backgrounds and encourage people who have been directly impacted by the criminal justice system to apply.

Who you are:

Manages and monitors all aspects of technology operations and recommending security controls. Responds to security incidents and events. Has accountability for identifying necessary security controls and executing their implementation. Designs reports on security events and incidents and other related metrics. Partners with multiple teams across the organization to remediate security findings. Manages the process of conducting access and authorization audits and entitlement, privileged access and third-party reviews. Analyzes security systems recommends and implements improvements on a continuous basis.

Leads the process of identifying and reviewing possible threats or software issues. Manages the research and investigation of weaknesses and creates formal methods and processes to mitigate them. Evaluates and identifies cost-effective solutions to cybersecurity problems. Acts as a subject matter expert on software, hardware and internet needs for the Institute while adjusting them according to our environment. Develops best practices and security standards for the organization. Conducts testing on software, firmware, security and firewalls. Identifies risks, research mitigation strategies and monitors remediation efforts. Maintains risk register and reports on metrics, security posture, and remediation progress.

Responsibilities include, but are not limited to:

Translation of contractual language into a set of policies and requirements for technical infrastructure used by Vera and its network of subcontractors

• Communicates requirements to Vera staff and subcontractors
• Updates and disseminate policies and procedures as needed over the course of the contract

Designs and manages the process of routine review of Vera on-prem and cloud systems to ensure policy compliance

• Reviews controls for security compliance of all relevant systems and devices
• Formulates and implements strategies to improve and enhance security posture
• Documents audit results and tracks outcomes of risk resolution over the course of the contract

Develops and executes solutions to risks identified in security reviews

• Consults with internal teams and departments to provide recommendations on how to meet standards outlined in the policy
• Collaborates with Vera IT to solve internal issues identified
• Updates policies and disseminates documentation as needed over the course of the contract

Serves as point person for staff and business partners to ensure technology and systems are properly integrated with Vera IT systems and processes where appropriate

• Conducts systems and process audits and reviews
• Reports findings and research recommendations

What qualifications do you need?

Required:

• 7+ years of progressive experience in an IT security and/or government contract compliance role, with recent experience leading IT initiatives
• Ability to prioritize projects
• Excellent communication skills
• Certifications such as CISSP, GSEC, CEH or CISM desired
• Experience with security best practices and implementation
• At least 2 years' experience in the cybersecurity industry
• Critical thinking skills and the ability to solve problems as they arise
• Scripting and coding skills and familiarity with security automation.
• Knowledge of NIST framework and standards and CSF
• Experience performing system audits and developing solutions to security and compliance risks
• Strong cloud security, monitoring and alerting skills.
• Experience managing firewalls, SIEM, and Network Monitoring tools.

Preferred:

• Bachelors degree + 6-9 years of relevant experience. In lieu of a Bachelors degree, applicable work or life experience may be considered.
• Experience in an IT security and/or government contract compliance role
• Experience leading IT initiatives

Additional eligibility requirements:

• Familiarity with AWS cloud products preferred
• Familiarity with Docker/VM deployment preferred
• Prior experience working with analytics teams preferred

Compensation and Benefits

The compensation range for this position is $117,000 - $120,000. Actual salaries will vary depending on factors including but not limited to experience and performance. The salary range listed is just one component of Vera Institute’s total compensation package for employees. As an employer of choice in our field, supporting Vera staff—both personally and professionally—is a priority. To do this, we invest in the well-being of our staff through other rewards including merit pay, generous paid time off, a comprehensive health insurance plan, student loan repayment benefits, professional development training opportunities and up to $2,000 annual for education costs and fees relevant to Vera work, employer-funded retirement plan, and flexible time and remote work schedules. To learn more about Vera’s benefits offerings, click here.

Applications may also be faxed to:

ATTN: People Resources / Manager, Information Security, IT

Vera Institute of Justice

34 35th St, Suite 4-2A, Brooklyn, NY 11232

Fax: (212) 941-9407

Please use only one method (online, mail or fax) of submission.

No phone calls, please. Only applicants selected for interviews will be contacted.

As a federal contractor, and in order to ensure a healthy and safe work environment, Vera Institute of Justice is requiring all employees to be fully vaccinated and provide proof of their COVID-19 vaccine before their start date. Employees who cannot receive the vaccine because of a disability/medical contraindication or sincerely-held religious belief may request an accommodation (e.g., an exemption) to this requirement.

Vera is an equal opportunity/affirmative action employer. All qualified applicants will be considered for employment without unlawful discrimination based on race, color, creed, national origin, sex, age, disability, marital status, sexual orientation, military status, prior record of arrest or conviction, citizenship status, current employment status, or caregiver status. 

Vera works to advance justice, particularly racial justice, in an increasingly multicultural country and globally connected world. We value diverse experiences, including with regard to educational background and justice system contact, and depend on a diverse staff to carry out our mission. 

For more information about Vera, please visit www.vera.org