The Pew Charitable Trusts is driven by the power of knowledge to solve today's most challenging problems. Pew applies a rigorous, analytical approach to improve public policy, inform the public and invigorate civic life.
We are an independent nonprofit organization - the sole beneficiary of seven individual trusts established between 1948 and 1979 by two sons and two daughters of Sun Oil Company founder Joseph N. Pew and his wife, Mary Anderson Pew.
Our work lays the foundation for effective policy solutions by informing and engaging citizens, linking diverse interests to pursue common cause and insisting on tangible results. Our projects encourage efficient, responsive governments - at the local, state, national and international levels - serving the public interests.
With offices in Philadelphia, Washington, DC, Brussels and London and staff in other regions of the United States as well as Australia, Pew provides an exciting learning environment and the opportunity to work with highly talented individuals. We are a dynamic, rapidly evolving organization that values creativity and innovative thinking and fosters strong teamwork with mutual respect.
Overview of Information Technology
Information Technology (IT) at Pew takes a proactive approach toward the use of technology to increase the organization's capacity for exceptionally high-quality strategic philanthropy. Executive staff at Pew recognizes the importance of technology, and supports related initiatives to advance the institution's goals and achieve and maintain a leadership position in the philanthropic community. As a result, IT is in a mode of continuous improvement, applying leading-edge technology to the pursuit of the goals of the institution.
The department comprises highly competent, forward-thinking professionals who are responsible for the technology needs of all Pew staff, as well as for Pew's subsidiaries in Philadelphia and Washington, D.C. IT is organized into distinct areas of responsibility, including strategic alignment of technology with the business, the evaluation and acquisition of software and hardware, implementation of new systems and data repositories, and supporting the extended network, desktop computer hardware, and software applications.
The Senior Officer, Information Security Program Operations is responsible for the design and operation of Pew's global technology security program. This position interacts regularly with staff from all areas of Pew and is charged with incorporating security measures and awareness into institutional projects and plans. It requires a deep knowledge of security and regulatory frameworks, policy development, networking, computing infrastructure, cloud computing, and telecommunications. Finally, the position also requires a nuanced understanding of how security and technology can support the work of the institution and which technologies best serve Pew.
The Senior Officer has no direct management responsibility but is expected to contribute to the mentoring and professional development of staff within IT. The senior officer participates in complex projects that span multiple facets of information technology and include stakeholders across divisions. The Senior Officer reports to the Director, Infrastructure Operations and Security.
* Develop and sustain Pew's information security program, policies, and standards in conjunction with the Director and CIO.
* Collaborate with the Director of Infrastructure and Security to design and execute security projects that address identified risks.
* Recommend and coordinate the implementation of technical controls to support and enforce defined security policies.
* Recommend and plan the implementation of new or updated information security solutions, and analyze its impact on the existing environment.
* Consult with technology and security staff in the development of efficient technical processes, procedures and solutions which meets defined requirements.
* Define a strategy to provide continuous monitoring, triage, and tracking of security events, and other operational IT issues.
* Develop and maintain the IT security incident response process, including all required supporting materials.
* Coordinate operational components of incident management including detection, response and reporting.
* Work with business units, IT functions and external providers to ensure that the Incident Response process is mutually understood and agreed to and responsibilities are clear and accepted.
* Define metrics and reporting strategies that effectively communicate successes and progress of the security program.
* Plan and execute information security-related projects.
* Assists in the development of annual budget estimates to ensure the information security program is ready to meet Pew's strategic needs.
* Oversees periodic reviews of technology related compliance checks.
* Develops and fosters strong working relationships with others.
* Contributes to and participates in tasks of the Information Technology department as assigned. Participates in Pew-wide projects as requested.
* Minimum of ten years of IT experience, with eight years in an information security role demonstrating increasing levels of responsibility and technical expertise in an enterprise environment.
* Bachelor's degree required; M.S. preferred.
* Experience in security program development and execution for an institution.
* Experience in developing and documenting security architecture and plans, including strategic, tactical and project plans.
* Experience with development of policies, procedures, and guidelines related to and supporting information security.
* Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP) or equivalent is preferred with demonstrable, relevant professional experience.
* Knowledge of network security controls (e.g., next-gen firewalls, web proxies, APT detection), end-point security controls (e.g., full-disk encryption, enterprise anti-virus, DLP), access controls (e.g., privileged access management, multi-factor authentication), and SIEM technologies.
* Knowledge of network infrastructure, including switching and routing, firewalls, and all associated protocols and technologies.
* Strong analytical skills to analyze security requirements and relate them to appropriate security controls.
* A strong understanding of the business impact of security tools, technologies and policies.
* Working knowledge of Information Security frameworks and standards such as SANS/CIS Critical Security Controls , NIST 800-53 and ISO 27001/27002 with practiced program alignment and integration.
* A positive leadership style, including the ability to establish a professional business environment that fosters excellence and manage subordinate staff to achieve the goals of the unit.
* Excellent verbal and written communication skills. Ability to communicate strategy and complex technology in non-technical language to executive management and business leaders. Excellent listening skills. Highly articulate.
* Strong public speaking skills. Confidence in presenting one's own ideas and diplomatically persuading others as appropriate.
* Ability to understand organizational structure and culture and how these impact the delivery of technology to staff; ability to navigate complex organizational dynamics and exert influence in business relationships.
We offer a competitive salary and excellent benefits package, including four weeks' vacation, a generous 401(k) plan, and flexible benefit options.
Occasional travel between Pew's offices as required. Additional travel required to attend trainings, seminars or conferences.
The Pew Charitable Trusts is an equal opportunity employer, committed to a diverse and inclusive workplace. Pew considers qualified applicants for employment without regard to age, sex, ethnicity, religion, disability, marital status, sexual orientation or gender identity, military/veteran status, or any other basis prohibited by applicable law.