Senior Manager, IT Security Operations

Overview:The National Audubon Society is a nonprofit conservation organization that protects birds and the places they need today and tomorrow. We work throughout the Americas towards a future where birds thrive because Audubon is a powerful, diverse, and ever-growing force for conservation. Audubon has more than 700 staff working across the hemisphere and more than 1.5 million active supporters.North America has lost three billion birds since 1970, and more than 500 bird species are at risk of extinction across Latin America and the Caribbean. Birds act as early warning systems about the health of our environment, and they tell us that birds – and our planet – are in crisis. Together as one Audubon, we are working to alter the course of climate change and habitat loss, leading to healthier bird populations and reversing current trends in biodiversity loss. We do this by implementing on-the-ground conservation, partnering with local communities, influencing public and corporate policy, and building community.Audubon is committed to a culture of workplace excellence, where our talented and diverse staff are deeply engaged with a strong sense of belonging. The birds Audubon pledges to protect differ in color, size, behavior, geographical preference, and countless other ways. By honoring and celebrating the equally remarkable diversity of the human species, Audubon brings new creativity, effectiveness, and leadership to our work throughout the hemisphere.Position Summary:We are seeking a highly skilled and motivated Senior Manager, IT Security Operations to join our team. As the Senior Manager, IT Security Operations, you will play a crucial role in safeguarding our organization’s assets, ensuring the integrity and confidentiality of sensitive information, and maintaining the overall security posture of our systems and networks.This is a remote or hybrid position with preference for hybrid candidates in Washington, DC, but we will also consider hybrid candidates in New York, NY and remote candidates elsewhere in the United States.Compensation:Salary range based on geo-differentials:• $98,000-$113,000/year = National• $110,000-$125,000/year = Alaska, CA (not San Francisco), Connecticut, D.C., Chicago, Oyster Bay, NY• $125,000-$140,000/year = NYC (not Oyster Bay), San Francisco, SeattleEssential Functions:• Security Incident Response:• Partner with Chief Technology Officer, Senior Director of Information Technology, and Virtual Chief Information Security Officer (vCISO) to assess and respond to security incidents.• Monitor and respond to security alerts and incidents compliant with service level agreements outlined by policy.• Investigate, analyze, and document security incidents compliant with “chain of custody” processes, and implement appropriate countermeasures.• Security Tool and Services Management:• Evaluate, procure, administer, and manage security tools and supporting vendor services, including but not limited to password managers, phishing threat management, firewalls, intrusion detection/prevention systems (IDS/IPS), endpoint management, endpoint detection and response (EDR), managed detection and response (MDR), antivirus, document management, and Security Information and Event Management (SIEM) solutions.• Regularly monitor, update, and fine-tune security systems to enhance effectiveness.• Lead vendor security review process in partnership with vCISO.• Security Policy and Compliance:• Assist in the development, implementation, review, and enforcement of security policies, standards, and procedures guided by ISO 27000 standards.• Ensure compliance with industry-specific regulations (e.g., PCI) and standards and coordinate and participate in regular audits.• Access Control and Authentication:• Administer Identity Provider (IdP) to manage user accounts, permissions, and access levels across various systems, following Identity and Access Management (IAM) workflows.• Maintain system role mapping documentations and lead and coordinate regular entitlement reviews as necessary.• Implement, administer, and manage multi-factor authentication (MFA) and single sign-on (SSO) solutions.• Vulnerability Management:• Oversee scheduled vulnerability scans and penetration tests.• Coordinate with relevant teams to remediate identified vulnerabilities.• Security Awareness and Training:• Curate and oversee security awareness program and portal for employees.• Provide specialized training on best practices for security hygiene.• Oversee phishing test program and remediation training program.• Security Documentation:• Maintain accurate and up-to-date security documentation, including incident reports, policies, procedures, and configurations.• Collaboration and Communication:• Collaborate with cross-functional teams to ensure security measures align with overall business objectives.• Communicate security risks and recommendations to management and relevant stakeholders.• Act as lead facilitator of IT Security Operations working group and participate in Architectural Review Board meetings.• Server and Network Configuration:• Assist cloud and network administration team with configurations and function of servers to limit access, mitigate intrusions, and protect assets.• Assist cloud and network administration team with configurations and topology of network devices to safeguard points of access and data security, including firewalls, routing, and ACLs.Qualifications and Experience:• Bachelor's degree in Information Security, Computer Science, or a related field.• Minimum 8 years of experience with IT operations with progressive experience in cybersecurity in a corporate or non-profit environment. An equivalent combination of education and work experience will also be considered.• Strong knowledge of cybersecurity technologies and best practices.• Proficiency in administering security tools and systems.• Excellent problem-solving and analytical skills.• Effective communication and interpersonal abilities.• Detail-oriented with a focus on accuracy.• Ability to work both independently and collaboratively in a team environment.• Experience with MS Sentinel, Defender for Endpoint, and Defender for Identity preferred.• Experience with Okta preferred.• Experience with Sonicwall FW hardware preferred.• Experience with distributed network environments preferred.• AWS / Azure / Public cloud expertise preferred.• Experience with SecDevOps best practices preferred.EEO Statement:The National Audubon Society is a federal contractor and an Equal Opportunity Employer (EOE). All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status. We are committed to a policy of nondiscrimination, inclusion and equal opportunity and actively seek a diverse pool of candidates in this search.Accessibility Statement:The National Audubon Society endeavors to keep our careers site accessible to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact Accommodations@audubon.org. This contact information is for accommodation requests only and cannot be used to inquire about the status of applications.