Planned Parenthood Federation of America (PPFA) is the national umbrella organization for the nation’s leading network of women’s health care providers, educators, and advocates, serving women, men, teens and families. Planned Parenthood Action Fund (PPAF) is the advocacy and political arm of PPFA. For over 100 years, Planned Parenthood has done more than any other organization in the United States to improve women’s health and safety, prevent unintended pregnancies, and advance the right and ability of individuals and families to make informed and responsible health care decisions.
Planned Parenthood Federation of America (PPFA) seeks a dynamic and effective Associate Director for Information Security Audits, Risk and Compliance. This job reports directly to the Senior Director, Information Security Governance, Risk, and Compliance in the Information Security department of PPFA. The Office of Information Security provides the strategy and implementation of the information security program that safeguards the data entrusted to Planned Parenthood by its patients, supporters, donors, and staff.
The Associate Director will serve as an Information Security Auditor and Program Expert for the Planned Parenthood accreditation program. The accreditation program works to assess and manage risks across the federation through routine evaluation of its affiliates and ancillary organizations.
The Information Security Auditor will deliver by evaluating security systems, controls, and policies at Planned Parenthood affiliates and ancillary organizations, write reports that interpret assessment results and enumerate any findings, develop corrective actions as needed, and assess efficacy of risk mitigation activities performed.
Uses broad and deep security knowledge and technical auditing skills to help ensure risks are appropriately identified, assessed, and articulated
Conducts accreditation interviews, risk assessments, and technical analyses to determine areas of risk and non-compliance
Thoroughly reviews documentation, third party assessments, and audit samples for compliance with accreditation criteria and identifies any discrepancies or corrective actions
Observes and tests systems, tools, databases and other components of the security stack for compliance with accreditation criteria
Identifies and articulates summary of review and any findings, including writing final reports and verbal presentation to audit stakeholders
Strategically and tactically weighs impact and scope of risks in determining risk postureand acceptance within an audit
Communicates professionally and effectively with technical, non-technical, and executive stakeholders
Reviews and assesses corrective action reports to determine effective remediation of any risks
Identifies areas of continuous improvement in the evaluation process and criteria, and adjusts to any evolution of operations and accreditation requirements
Identifies improvements and assesses trends in review operations, criteria, and methodology, and develops plans and proposals to improve and evolve the InfoSec accreditation program/requirements over time
Analyzes controls for adequacy of design and performs and/or supports control assurance testing activities
Assesses compliance with applicable laws and regulations as a part of the evaluation process
Ensures timely communications and project management of individual assessments
Maintains thorough and organized tracking of audit requirements, assessment results, and corrective actions
The Information Security Auditor will engage with the Information Security team as well as executive and operational staff within the Planned Parenthood National Office, Affiliates, and Ancillary Organizations.
Serves as primary facilitator and point of contact for affiliate and ancillary accreditation review processes, including interfacing with CIOs, COOs, CEOs, and third party service providers
Works closely with InfoSec Governance, Risk, and Compliance team and Accreditation and Evaluation Department on review requirements and operations
Participates in activities and meetings alongside other Program Experts
Works with Review Managers and ensures alignment and adherence to accreditation schedule and requirements
Works with other program experts for continuity of operations and peer review
Articulates review findings and corrective actions for technical and non-technical audiences
Develops and uses interview techniques and facilitates risk identification sessions
Knowledge, Skills, and Abilities (KSAs)
Bachelor’s degree and 5+ years of industry experience
Understanding of Information Security, Risk and Compliance
Auditing and/or Risk and Compliance working experience
An understanding of IT environment and administration
Strong written and verbal communication, including technical writing skills
Experience implementing and/or assessing IT and InfoSec controls
Strong attention to detail and analytical skills
Knowledge of security technologies (security tools, networking, device protections, encryption, data protection, identity and access management, etc.)
Experience in compliance requirements and industry standards (PCI DSS, HIPAA, HITRUST, ISO 27001, NIST, CIS, etc.)
Current industry certifications, particularly security certifications, a plus (CISA, CISM, CISSP, CRISC, ECSA, GPEN, GSEC, SSCP, IIBA, CBAP, CBAP, CEH, etc.)
As needed, up to 25%
Final offers for this job will be based on capabilities and will be made within the parameters of the PPFA compensation program. Total offer package to include generous vacation + sick leave + paid holidays, individual/family provided medical, dental and vision benefits effective day 1, life insurance, short/long term disability, paid family leave and 401k. We also offer voluntary opt in for Flexible Spending Account (FSA) and Transportation/Commuter accounts.
We value a truly diverse workforce and a culture of inclusivity and belonging. Our goal is to attract qualified candidates and encourage applications from all individuals without regard to race, color, religion, sex, national origin, age, disability, veteran status, marital status, sexual orientation, gender identity, or any other characteristic protected by applicable law. We're committed to creating a dynamic work environment that values diversity and inclusion, respect and integrity, customer focus, and innovation.
PPFA participates in the E-Verify program and is an Equal Opportunity Employer