Director, Security and Data Privacy - ULI in Washington DC
The Director, Security and Data Privacy, is responsible for ensuring the safe operations of ULI’s information technology environment and the secure processing, storage, and disposition of data. The individual hired for this position will serve as the Institute’s data protection officer managing data processing within ULI and with partner organizations. Position will be based out of ULI HQ in Washington, DC.
Keeps current with security and data privacy laws and takes necessary steps to ensure ULI’s compliance.
Performs functions associated with a GDPR data protection officer.
Creates and maintains IT Security Incident Response Plan.
Creates and maintains registry of sensitive information that is stored across ULI and with partners. Sensitive information includes personally identifiable information (PII), financial, membership, and demographic.
Reviews and approves contracts where ULI shares sensitive information with partner organizations.
Reviews and approves requests to collect, store, or transfer sensitive information.
Applies best practices securing sensitive information at rest and in transit.
Performs regular audits to ensure that sensitive information is being stored, transmitted, and disposed of properly.
Performs regular audits of ULI’s information technology environment and ensures that appropriate security measures are in place to detect and mitigate risk of attack. The information technology environment includes desktops, laptops, servers, and cloud platforms.
Responds to and investigates security alerts that are generated from security systems.
Develops and delivers regular security training to ULI staff.
Proposes security measures that incorporate business priorities and demands.
Five years of experience in information technology, with at least two years of security-focused experience.
Must have a working knowledge and understanding of major global privacy regulations to include European General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and others as appropriate.
Must have a working knowledge and understanding of NIST security frameworks to include SP800-53 Security and Privacy Controls for Information Systems and Organizations; and NISTIR-7621 Small Business Information Security.
Must have demonstrated experience creating and maintaining a data registry of sensitive information across multiple systems, databases, and services.
Experience with securing Azure Active Directory and managing alerts within Azure Security Center and Office 365 Security Center.
Experience with endpoint management and device-level security.
Strong written and verbal communication skills. Ability to explain legal and technical concepts using common language and visuals.
Ability to balance security risk and business needs diplomatically.
Strong ability to collaborate and develop relationships, often cross-culturally, with the ULI workforce, stakeholders, and vendors.
Ability to develop and explain a vulnerability-probability risk matrix.
Bachelor’s degree or equivalent work experience.
Security or data privacy focused certifications are a plus.
To apply, please follow the link below. Please submit a résumé and a letter of interest.
ULI is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, **gender**, **gender** orientation, gender identity, national origin, disability, or veteran status.