Cybersecurity & IT Manager

Job Title: Cybersecurity & IT Manager

Reports to: Technology & Digital Services Director

FLSA Status: Full Time Exempt

Job description date: December 2022

If/When/How: Lawyering for Reproductive Justice transforms the law and policy landscape through advocacy, support, and organizing, so all people have the power to determine if, when, and how to define, create, and sustain families with dignity and to actualize sexual and reproductive wellbeing on their own terms. We are the leading-edge reproductive justice lawyering organization on the ground, representing people in crisis, reshaping law, and making just policy as we build a stronger, progressive base of legal stakeholders invested in these issues and networked to one another. We work through the modalities of organizing, training, policy advocacy, litigation, and support.

POSITION SUMMARY:

The Cybersecurity and IT Manager (“CITM”) will support the effectiveness and security of If/When/How’s fully remote working environment. CITM will be responsible for the effective application of cloud-based cybersecurity practices, coordinating cybersecurity trainings for staff, and implementing system hardening; and provide technical support and troubleshooting to staff using the ticketing system. This role works with various stakeholders across the organization to ensure security standards, policies, and all current practical security measures are implemented, tested, kept current, and fully documented. This is a perfect job for someone who enjoys working mostly behind the scenes to protect an environment and its data, and to help anticipate and solve problems. 

COMPENSATION: $85,000 – $95,000 per year

ESSENTIAL DUTIES AND RESPONSIBILITIES:

Cybersecurity:

• Safeguard the confidentiality, integrity, and availability of information technology assets.
• Keep computer systems hardened against attacks and provide security services to protect highly sensitive data (e.g. passwords, client information, etc.). Maintain and monitor malware, MDM and VPN solutions.
• Specify and implement cloud-based cybersecurity techniques and procedures. Identify, test, and execute enterprise cloud security measures and tools. Review all logs, identify and report anomalies to the Technology & Digital Services Director.
• Investigate suspicions activities and escalate anomalies to Technology & Digital Services Director. Respond to digital attacks and threats in partnership with the Technology Team.
• Conduct vulnerability scans on all systems and write reports including but not limited to threats and mitigation methods.
• Research best practices for cybersecurity monitoring, accessibility, and detection systems. Develop and implement strategies to mitigate risk and liability.
• Manage a suite of personal security tools including DeleteMe and Tall Poppy.
• Coordinate regular cybersecurity trainings for staff and IWH stakeholders.

IT Usage and Troubleshooting: 

• Support staff by monitoring and maintaining tech support ticket system.
• Respond to and resolve support tickets as well as staff questions pertaining to technology in Slack in a timely manner.
• Troubleshoot minor technical issues across applications and platforms for staff.
• Write, update, and maintain IT documentation including but not limited to disaster recovery plans, incident response plans, etc. 

Other Duties:

• Participates in staff meetings, department meetings, trainings, and retreats. 
• Willingness to participate in internal volunteer committees to help co-create a vibrant, equitable, and collegial work environment. 

EDUCATION AND EXPERIENCE:

Required: 

• 3-5 years experience working in a cybersecurity team or similar operating environment 
• Experience with threat modeling, security assessments, and evaluating mitigating controls
• Experience working with Enterprise Information Technology systems and security

Preferred: 

• Bachelors in Computer Information Systems, Computer Science, or Engineering, or a related field; or equivalent alternative education
• Industry qualifications Network+, CISSP or Security+

REQUIRED KNOWLEDGE, SKILLS, AND ABILITIES:

• Foundational skills in incident response, chain of custody, forensics, event analysis, and hands on cybersecurity
• An understanding of information technology and cybersecurity principles, as well as, best practices
• Knowledge of fundamental cloud infrastructure security challenges, mitigation controls, and cloud security risk assessments required
• Proficient in operating systems such as OSX and Windows
• Stays current with new and evolving technologies via formal training or self-directed education
• Self-motivated, independent worker who can prioritize tasks
• Collaborative team player with ability to give and receive constructive feedback
• Flexibility and adaptability to change and growth
• Excellent organizational skills and attention to detail
• Excellent time management skills with a proven ability to meet deadlines
• Ability to act with integrity, professionalism, and confidentiality
• Ability to thrive in a virtual workplace and willingness to build relationships remotely
• Commitment to social justice, racial justice/anti-racist principles, reproductive rights and justice

ORGANIZATIONAL RELATIONSHIPS: 

The CITM will be supervised and mentored by the Technology & Digital Services Director to secure all of If/When/How’s technology systems. The CITM will be a member of the Technology Department and work in partnership with the Technology Coordinator and Senior Data Administrator. The CITM will work with all members of staff to provide technical support across the organization.

WORK ENVIRONMENT: 

If/When/How maintains a virtual office and supports remote working and flexible work days, including a 4-day work week. Reimbursements for home office equipment and supplies are available. Occasionally, employees may be expected to be available during off-hours and/or to attend events (e.g., conferences, staff retreats) on nights or weekends.

PHYSICAL DEMANDS: 

Most work will be done on a computer [although attending conferences may require transporting materials and the ability to carry 10 lbs.] Requires typing and participating in meetings (live and virtual). Reasonable accommodations will be made to enable individuals with disabilities to perform these and other essential functions. 

TRAVEL: 

Travel is limited due to the ongoing COVID-19 pandemic, but may resume at normal levels in 2023. Typically: willingness to travel approximately 2-3 times per year within the continental U.S. Travel will be required to support teamwork and attend staff retreats, conferences, and professional development opportunities.

BENEFITS: 

If/When/How provides a generous benefits package consisting of fully paid insurance coverage for health, vision, dental, life, and disability; flexible spending accounts (FSA) for health, dependent care, and transportation; retirement plan; sick leave, vacation (starting at 15 days a year, upfront), and holidays; plus a one-week office closure in December. Employees also receive generous professional development stipends and paid memberships to professional associations.

START DATE: March 15, 2023 or earlier 

HOW TO APPLY: 

Applications will be accepted until 5:00pm ET on January 31, 2023. Interviews may begin sooner than the deadline, but we will consider all applications submitted by the deadline. Send the following in PDF format with subject “Cybersecurity and IT Manager” to opportunities@ifwhenhow.org:

• Cover letter that (1) speaks to how your experience and skill set meet the qualifications for this role; (2) lists how you heard about this position; and (3) discusses your commitment to social, racial, and reproductive justice;
• Resumé;
• List of three (3) references with contact (name and pronouns) and relationship information (title, where/when you worked together, and LinkedIn profile, if available) 

If/When/How: Lawyering for Reproductive Justice is an “at-will” and equal opportunity employer, committed to attracting, developing, and retaining exceptional people. We welcome and encourage applicants with diverse experiences, identities, and educational backgrounds. Applicants and employees shall not be discriminated against because of race, religion, sex, national origin, ethnicity, age, mental or physical disability, sexual orientation, gender (including pregnancy and gender expression) identity, color, marital status, veteran status, medical condition, or any other classification protected by federal, state, or local law or ordinance.