With world attention on both the environment and the economy, Environmental Defense Fund (EDF) is where policymakers and business leaders turn for win-win solutions. By focusing on strong science, uncommon partnerships and market-based approaches, we tackle urgent threats with practical solutions. We are one of the world’s largest environmental organizations, with more than two million members and a staff of approximately 700 scientists, economists, policy experts, and other professionals around the world. We operate in 22 geographies with unique projects running across four programs. You will be part of a vibrant workplace where innovation and results are a way of life.
EDF envisions a world in which people from all backgrounds and experiences feel connected to the environmental challenges we face and are engaged in creating durable, equitable solutions. We seek talented candidates who share our Core Values of Respect, Results, Innovation, Optimism, and Integrity, and support our Commitment to Diversity.
Associate Vice President, Information Security
The Associate Vice President, Information Security is responsible for the design, implementation, and operation of EDF’s overall information security strategy and program. This includes oversight of the operations of the organization’s information security solutions and posture, as well as oversight of the architecture, policies, and programmatic maturity. The AVP of Information Security will report to the Chief Information Officer, and will collaborate with individuals and teams throughout the Information Technology department, as well as with departments and programs across EDF, to help ensure that the information security program is a match for the organization’s needs and risks, as well as to help communicate the program and its goals to all US-based and international staff and multiple subsidiaries advancing business and technology solutions as part of the EDF mission. The IT department at EDF is part of the Chief Administrative Officer team, and works closely with HR, Operations, Finance, and Legal, and the AVP of Information Security will be well-positioned to also work closely with these functions.
Strategy & Planning
- Working closely with the CIO, Director of Information Security, and others, plan and develop a strategic information security program for EDF
- Using both recent information security assessments EDF has performed, as well as a risk-based approach based on EDF’s needs, develop a prioritized tactical plan to build the program
- Develop a communications plan in conjunction with the internal communications team that highlights the information security program’s vision and lays the groundwork for future communications and training
- Working closely with the legal department and others, assess and advance the organization’s information governance and security policies and propose new and/or changed policies and practices
- Develop an incident management policy and process
- Oversee and assist in the development of IT portions of the organization’s Business Continuity and Disaster Recovery plans
Acquisition & Deployment
- Develop and oversee a collaborative process around the selection of new information security tools and major architectural decisions, including planning for long term operational management of tools by the IT department
- Maintain up-to-date knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes and the identification of new attacks and threat vectors
- Collaborating with the CIO and others, develop information security budget
- Effectively explain new policies and deploy policies in close conjunction with IT, HR, Legal, etc.
- Act as advocate and primary liaison for the company’s security vision via regular written and in-person communications with the company’s executives, department heads, and end users
- ‘Coach’ IT team and others in technology-centric roles around information security best practices
- Recommend and implement changes in information security policies and practices in accordance with changes in local or federal law or changes in required compliance regimens
- Implement and regularly train on and/or test the incident management, DR/BCP, and other critical processes
- Assess and communicate all identified security risks associated with purchases or practices performed by the company
- Creatively and independently provide solutions to security problems in a cost-effective manner
- Promote and oversee strategic information security relationships between internal resources and external entities, including government, vendors, partner organizations, and peer groups
- Participates in advancing EDF DEI goals in which people from all backgrounds and experiences feel connected, included, and empowered to address the environmental and organizational challenges in alignment with EDF values.
Knowledge & Experience
- 15 years’ experience working in information technology, and at least 5 years’ experience managing and/or directing an IT and/or IT security operation
- College diploma or university degree in the field of computer science
- CISSP, CISM or equivalent qualifications preferred
- Experience working in a large, complex organization, with non-profit experience a plus
- Experience in planning and executing security policies and standards development
- Experience managing IT general controls audits, cyber insurance standards, and other specialized IT assessments
- Experience partnering with risk management and/or legal on issues relating to regulatory frameworks and data privacy
- Excellent understanding of project management principles
- Strong knowledge of applicable laws and regulations as they relate to security, and experience becoming knowledgeable of changing laws and regulations; similar knowledge and experience working with privacy requirements a plus.
- Proven leadership ability, with demonstrated experience in developing support for technology and information security initiatives both inside and outside IT. Experience influencing security by design in new software and technology development a plus.
- Experience in designing and delivering employee security awareness training
- Experience in developing Business Continuity Plans and Disaster Recovery Plans. Experience advancing Information Governance a plus.
- Experience implementing information security systems such as Security Information and Event Management (SIEM) platforms, identity management systems, and Managed Security Services Providers (MSSP)
- Strong experience applying security industry standards and best practices - NIST, CSA, CIS etc
- Demonstrates self-awareness, cultural competency and inclusivity, and ability to work with colleagues and stakeholders across diverse cultures and backgrounds
- Facilitative leader who is collaborative, resourceful, resilient, and creative
- Excellent personal organization and attention to detail
- Excellent oral and written communication skills
- Proven analytical and problem-solving abilities
- Ability to effectively prioritize and execute tasks in a high-pressure environment.
- Ability to conduct research into IT security issues and products as required.
- Ability to distill and present cyber and information security principles, risks and ideas to executive and non-executive audiences’ business-friendly and user-friendly language a must
- Highly self-motivated and directed
Environmental Defense Fund is an equal opportunity employer where an applicant's qualifications are considered without regard to race, color, religion, sex, national origin, age, disability, veteran status, genetic information, sexual orientation, gender identity or expression, or any other basis prohibited by law.Apply