Director, Information Security Jobs

MDA Overview:

At MDA, we believe our biggest asset is our combination of different backgrounds, cultures, and disciplines united to form one high-performing team. Reuniting people from different backgrounds, perspectives, and generations, we ensure that we all have access to the opportunities, relationships, and resources necessary to learn, grow and thrive. What we do starts with our people and the neuromuscular disease community we serve. As America’s largest voluntary health organization covering research, healthcare, and advocacy for people with neuromuscular diseases, MDA is leading the way in improving the quality of life for those living with muscular dystrophy, ALS, spinal muscular atrophy, and dozens of related disorders – many first discovered and diagnosed by MDA partnered scientists and clinicians.

Department Overview:

The MDA IT Team consists of the following four areas reporting to the VP of Technology:

• Data Analytics – accountable for data governance, data quality, and information analytics for the organization
• Cybersecurity and Infrastructure - outsourced Help Desk and Managed Services; cybersecurity (this would be the area of accountability of the candidate)
• Enterprise Applications – Development and maintenance of SAAS business applications and data integration
• Digital Transformation – strategic partnership with MDA Leadership to identify technology and data initiatives that further the organization's strategic objectives.

The IT team serves all business areas across Mission, Development, and Administration.

Position Description:

MDA has outsourced the critical part of IT support and infrastructure maintenance to a well-established IT consulting firm with more than 600 employees in several locations across the US. The outsourced services include help desk/hardware requests, IT maintenance, and security. MDA is fully remote and 100% cloud-based. A key task will be to oversee Third Party Services, manage the Vendor relationship and lead various initiatives with this partner, and work with the IT Leader to identify security/infrastructure issues and recommend changes to our cybersecurity technologies and policies. The role will also be required to collaborate closely with the other areas of the IT Team to ensure the highest quality deliverables and services for the organization

What you’ll do:

• Make recommendations to managers and senior executives about security advancements to protect the Company's systems.
• Work with the VP and vendor resources to develop/update disaster recovery plans and relevant policies and processes.
• Research the latest information technology security trends and help ensure the organization is updated with best practices with the latest security protection techniques.
• Assist the VP and Vendor with implementing software technologies and updated processes to protect endpoints and vulnerable information in a fully remote/cloud-based organization.
• Work with the VP, Vendor, and internal resources to ensure that all preexisting audit issues/recommendations are addressed and resolved promptly.
• Accountable for continuously inspecting and assessing the various elements of the Company's information ecosystem to develop and implement audit test plans based on NIST Policies.
• Work with internal and external parties to oversee system changes and conduct risk assessments of changes to be implemented in production environments following appropriate Frameworks such as NIST 800-30.
• Conduct frequent testing of simulated cyber-attacks to look for vulnerabilities in the computer systems and remediate them before any potential cyber-attack.
• Monitor and analyze computer systems and networks to assess risks and regulate how policies can be improved.
• Using Technology Tools and other resources, the candidate should be able to detect and quickly respond to cyber-attacks and work with Vendors to fix any system flaws.
• Complete audits as required quickly and efficiently.
• Be an on-call assistance resource for the MDA Leadership and Executive teams and provide immediate IT support for large, high-profile MDA meetings.
• Review diagnostics and assess the functionality and efficiency of systems
• Perform regular user access audits and ensure processes/policies for access controls are appropriately adhered to following NIST Controls.
• Assist co-workers/vendors in installing a new program or instructing security techniques.
• Help the VP/Vendor's efforts to provide documented policies and training related to data security to the end users.
• Other duties as assigned.
• Accountable for keeping updated with information technology security measures and the latest details on cyber risk threats and attack vectors.
• Partner with Vendors to monitor the Company's applications, infrastructure, and any security events; investigate incidents as they occur following NIST protocols.
• Use System Development Life Cycle (SDLC) per NIST and ITIL protocols to anticipate and report the cost of replacing or updating computers and other hardware
• Maintain an inventory of hardware and software used by the organization following ITIL best practices,
• Work with the Vendor on security incidents and the details of any harm using Root Cause Analysis and After Action Reports.
• Establish internal procedures from Vendors' guidelines on installation and updating Company procured software and hardware as needed.
• Monitor security certificates and company compliance with requirements
• Work with vendors and company technical assistance resources to troubleshoot computer problems.

Salary Range:

This position's salary range is $120,000 - $140,000. Final offer amounts and levels are determined by multiple factors, including your experience, and may vary from the amounts listed above.

Travel Percentage: Up to 10%

What we are looking for:

• Must be ready to develop a working knowledge through self-education and documentation of MDA operating systems, software, and programming.
• Ability to anticipate potential danger in the systems and utilize ingenuity and expertise to implement new methods to protect the Company's systems.
• Keen attention to detail.
• Must be able to work with multiple IT Platforms and vendors to troubleshoot issues and provide solutions.
• Highly collaborative and comfortable working with many different user personalities and types.
• Self-motivated learner - must stay abreast of all IT-related discoveries and conventions and be able to learn new skills quickly
• Muscular Dystrophy Association requires all new hires to be fully vaccinated for COVID-19 prior to the first date of employment. As required by applicable law, Muscular Dystrophy Association will consider requests for Reasonable Accommodations.
• Knowledge of IT security and cloud infrastructure.
• Efficient troubleshooting abilities.
• Ability to accurately assess and prioritize risks using industry-standard methodologies.
• Excellent problem-solving and critical-thinking skills.
• Excellent customer service and interpersonal skills.
• Excellent written and verbal communication - Candidate must be able to author detailed reports and documentation and communicate and collaborate with VP, IT. Vendor to find the best courses of action.
• Good organization, time management, and prioritization capabilities.

Education And Certification Requirements

• Bachelor's Degree in Computer Science, Programming, or Information Assurance.
• Working toward one or more certifications: ISACA CISM, CompTIA Security +, or ISC2 CISSP.
• 5+ years experience as MS Network administrator (MS Exam AZ-500: Microsoft Azure Security Technologies Preferred.)

MDA is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, or protected veteran status.

MDA Benefits:

• Health Savings Account with contribution matching and Flexible Spending Accounts for medical and/or dependent care
• Generous paid time off policy, with increasing accrual rate schedule
• Remote, work-from-home opportunities
• 403(b) Retirement Savings Plan with company match
• Employee Assistance Program (EAP)
• For full-time employees
• 100% contribution towards basic life insurance, short-term and long-term disability
• Medical, Dental, and Vision insurance with prescription coverage
• Standard 35-hour work week with flexible hours
• Paid sick leave
• Optional additional life insurance and dependent life insurance available
• Company-sponsored Wellness Program
• Professional Learning and Development opportunities, including Leadership skills
• 16 paid holidays