Security & Identity Analyst

Location: Remote

Division: Operations

Reports to: IT Manager

Start Date: ASAP – Position open until filled

Position type: Full-time, exempt

Who We Are

Alliance for Safety and Justice (ASJ) is a national advocacy organization that aims to replace ineffective criminal justice system policies with what works to keep people safe. We represent diverse crime survivors as well as people living with old records as key public safety stakeholders. ASJ brings our members together with state leaders and coalition partners to win reforms that stop cycles of crime, reduce costly incarceration, and make communities safer. We support a range of shared safety reforms, including crime prevention, community health, rehabilitation, economic mobility, and trauma recovery. The organization’s work hinges on smart strategies to change laws, deep power building to uplift communities most harmed and least helped by the carceral system, and ensuring public systems are accountable to victims of crime and people with old records.

Recently, the Alliance for Safety and Justice moved from a fiscally sponsored program to becoming a national independent 501c3 organization. Although ASJ has been around for several years, we are only one year into creating and managing our own IT infrastructure. As we grow our internal operations and external impact, we are looking to become a lasting and sophisticated advocacy institution with staying power for generations to come. 

Who You Are

Housed in the Systems, Tools, and Technology (STT) Department, the Security and Identity Analyst will play a critical role in our mission by safeguarding ASJ staff, members, and organizational data. They will help design, implement, and manage ASJ’s cybersecurity projects, working closely with other STT staff, operations management, HR, legal, external security vendors, and all ASJ staff. The best candidate is someone who upholds the highest ethical and legal standards when handling confidential/sensitive data; can work in a “start-up” culture and is able to build foundational security infrastructure; make decisions in high-stress situations; communicate effectively across multiple stakeholders and levels of staff; and understands, through work and/or lived experience, the negative impacts of the criminal justice system on vulnerable communities and is able to translate this into trauma-informed practices. This role has the unique opportunity to help shape the legacy and identity of our organization, while working alongside mission-driven leaders dedicated to creating lasting change. 

What You Will Do

Cybersecurity Infrastructure (45%)

• A key function of this role is to develop and implement solutions to both external and internal security risks with responsibilities including, but not limited to:
• Create, implement, and maintain standard operating procedures (SOPs) on cybersecurity, including ethical and legal responsibilities, in collaboration with HR and Legal and Compliance departments
• Develop and lead emergency response protocols for external/internal data breaches, suspicious activity, security violations, and cybersecurity-related investigations
• Develop and manage security requirements for all external data shared with ASJ and ASJ data shared with partners
• Support implementation of, and ensure compliance with, NIST cybersecurity framework
• Manage and administer all cloud-based security systems and tools, including email security, DNS security, endpoint security, MFA, IDaaS, MDM, DLP, data retention and destruction, password management, vulnerability scanning and remediation, patch management, and risk detection and response
• Develop security metrics and manage reporting and compliance around those metrics for management, funders, auditors, and insurance brokers
• Manage state and federal security compliance, including adherence to the California Privacy Rights Act (CPRA), Virginia Consumer Data Protection Act (CPDA), Colorado Privacy Act (CPA), Connecticut Data Privacy Act (CTDPA), and the Utah Consumer Privacy Act (UCPA)
• Recruit and manage security vendors 
• Review SOC reports from all technology-related vendors

Internal and External Security Analysis (15%)

• Conduct regular tests and assessments of ASJ’s cybersecurity infrastructure and implement response plans as needed and in a timely manner
• Regularly test emergency response protocols and incident response plans and revise as needed
• Conduct regular internal and external cybersecurity threat and vulnerability analysis and remediation (in collaboration with HR and Legal and Compliance)
• Manage yearly security assessments, including follow-up and remediation
• Monitor global cybersecurity climate and incidents to determine the potential impact on ASJ
• Remain up to date on the latest cybersecurity trends, tools, and best practices

Staff Support and Training (10%)

• Respond to all security-related tickets; serve as incident response team lead and manage security incident detection, response, and remediation with the assistance of security vendors
• Work with the IT Support and Training Manager to create and maintain documentation for all cybersecurity-related tools
• Manage STT security awareness training program and work with IT Support and Training Manager to provide trauma-informed security training for staff and members

Identity Management (30%)

• Manage (create, audit, and maintain) all identities, security groups, and permission levels
• Build and maintain SCIM and SSO integrations
• Maintain identity, security group, and permission levels across multiple platforms and systems

Required Experience and Qualifications

• Experience working with diverse communities and a demonstrated commitment to ASJ’s values, including criminal justice reform, shared safety solutions, and social and racial justice
• Commitment to employing an intersectional lens during all tasks and projects
• Extreme reliability and ability to maintain confidentiality and handle sensitive data and PII
• 6+ years of experience in IT (developing, implementing, or architecting information systems), with at least 3 years in IT security (with experience in identity management), preferably within a nonprofit setting
• Experience managing security operations, including incident detection, response, remediation, and reporting
• Familiarity with IT service management practices
• Ability to plan projects and manage tasks on time, with minimal supervision
• Excellent written and verbal communication skills

Preferred Experience and Qualifications

• Have direct experience with the criminal or juvenile justice systems and/or an understanding of the unique nature of a mission-driven organization
• 4 years of professional training and/or equivalent experience in cybersecurity, management information systems, computer science, or related field
• Experience creating security architecture and implementing security systems
• Okta certification
• Demonstrated knowledge of and ability to manage, configure, and administer security tools such as Okta, JAMF, JAMF Connect, Egnyte, Google Workspace, KnowBe4, Arctic Wolf, Cisco security tools, LastPass, and MacOS
• CISSP or other security certification 
• Experience implementing just-in-time privileged access management (PAM) 

Working Conditions & Physical Demands

• Some travel may be required
• Requires use of a desktop, laptop, or video display terminal
• Ability to communicate, receive and understand information through oral and written communication and proofread and check documents for accuracy
• Requires communicating information with co-workers, stakeholders and/or the public; reading correspondence, instructions and/or technical documents; writing correspondence and/or reports and filling in forms

Compensation and Benefits

We care deeply about our staff wellness. ASJ offers a competitive benefits package including health/vision/dental insurance, flexible spending accounts, a robust 403(b) retirement match, generous paid time off, a professional development stipend, and more. Salary will be commensurate with experience

To Apply

Applications should be submitted via the posting link on ASJ’s jobs page. Please submit your resume and a short cover letter explaining how your qualifications and lived experience qualify you for the position; please include any salary requirements.

The Alliance for Safety and Justice is an equal opportunity employer. We strongly encourage and seek applications from people who are systems impacted, women, people of color, including bilingual and bicultural individuals, and members of the lesbian, gay, bisexual, and transgender communities. Applicants shall not be discriminated against because of race, religion, sex, national origin, ethnicity, age, disability, political affiliation, sexual orientation, gender identity, color, marital status, or medical conditions. Reasonable accommodations will be made so that qualified disabled applicants may participate in the application process. Please advise in writing of special needs at the time of application.