Chief Information Security Officer (CISO)

Earthjustice is the premier nonprofit environmental law organization. We take on the biggest, most precedent-setting cases across the country. We wield the power of law and the strength of partnership to protect people’s health; to preserve magnificent places and wildlife; to advance clean energy; and to combat climate change. We partner with thousands of groups and supporters to engage the critical environmental issues of our time, and bring about positive change. We are guided by a passionate, ambitious vision for the future for people and our planet: until justice stands for all, we will never rest. We are here because the earth needs a good lawyer.

Founded in 1971, Earthjustice has a distinguished track record of achieving significant, lasting environmental protections. We achieve this by hiring people who share a passion for justice and a healthy environment. Our headquarters are in San Francisco with offices in Anchorage, Chicago, Juneau, Los Angeles, Miami, Tallahassee, Honolulu, New York, Philadelphia, Denver, Seattle, Bozeman, and Washington, DC. The Fossil Fuels Program has shared office space in New Orleans.

The Earthjustice Information Technology team is seeking a CISO who will report up to the Vice President of Information Technology. The successful candidate will design and lead our efforts to develop, implement and monitor a strategic, comprehensive enterprise information security, information governance and IT risk management program. We are looking for an experienced individual who will work closely with the Information Security Manager, the VP of IT and our current vCISO. This individual must be able to work across the organization including Development, Communicatons, General Counselcil Office, Litigation Program and Operations (Finance, Human Resources, Facilities, etc.) to facilitate risk assessment and risk management. Working with our vCISO, they will continue to develop and enhance our information security management framework.

The successful CISO must have extensive knowledge of data security and privacy principles, best practices, and procedures, and demonstrate a thorough knowledge of the physical and electronic resources in a law firm and fundraising setting. The CISO will provide leadership to the organization's information security efforts. This person must partner with business stakeholders across Earthjustice to raise awareness of risk management concerns.

Due to Covid-19, Earthjustice staff are currently working remotely from approved locations through January 18, 2022.

Responsibilities:
Security Operations (Cybersecurity posture, information governance, and risk management) (65%)

• Understand and interact with related disciplines through committees to ensure the consistent application of security policies and standards across all technology projects, systems and services. Lead strategic contingency operation plans including business continuity and disaster recovery for infrastructure and operations to ensure Earthjustice’s security and viability. Work directly with the VP of Information Technology and business units to facilitate risk assessment and risk management processes.
• Develop and enhance an information security management framework. Understand and interact with related disciplines through the Security Steering Committee to ensure the consistent application of policies and standards across all technology projects, systems and services.
• Provide leadership to Earthjustice information security efforts. Report on emerging new threats and provide solutions and education accordingly. Mentor and coach IT staff to advance their knowledge of cybersecurity and security management, while fostering a culture of accountability, innovation, and team building.
• Partner with business stakeholders across Earthjustice to raise awareness of risk management concerns.
• Assist the VP of Information Technology with the overall security technology planning, providing a current knowledge and future vision of security and risk management at Earthjustice
• Oversee management of cybersecurity tools, contracts, budgets, documentation, standards, and processes to ensure an operating environment that is sound, sustainable, and compliant with Earthjustice policies and requirements.
• Partner with Earthjustice’s vCISO to conduct vendor security assessments, annual external penetration testing, monthly vulnerability scans of Earthjustice network, and tabletop exercises to verify Earthjustice’s Incident Response Plans.
• Partner with the Learning and Development Team to develop, launch, and track compliance with a robust information security awareness training program. Measure the success of the program using data and real-world tested metrics.
• Manage security incidents and events to protect Earthjustice assets, including sensitive data and organizational reputation. Liaise with external third-party providers and other advisory bodies as necessary, to ensure that the organization maintains a strong security posture and privacy program.
• Lead an Information Governance (IG) initiative that will enforce data retention and destruction supported by policy.

Supervisory Responsibilities (10%)

• Manage the Information Security Manager providing direction and mentoring in cyber security best practices.

Vendor Relations (15%)

• Direct periodic vendor security assessments for strategic vendors to ensure partners are meeting established security requirements. Remediate as needed.
• Establish strong partnerships with third-party service providers to ensure contracts are in place to support all cybersecurity services.

Learning and Professional Development (10%)

• Attend conferences and online webinars to stay abreast of current security and information governance practices.
• Pursue appropriate new and renewal of certifications

Qualifications:

• Degree in business administration or a technology-related field required.
• Professional security management certification.
• Minimum of 8 to 10 years of experience in a combination of risk management, information security and IT positions.
• Knowledge of common information security management frameworks, such as ISO/IEC 27001 and NIST.
• Excellent written and verbal communication skills and a high level of personal integrity.
• Innovative thinking and leadership with an ability to lead and motivate cross-functional, interdisciplinary teams.
• Experience with contract and vendor negotiations and management including managed services.
• Specific experience in Agile project management and software development
• Experience with Cloud computing/Elastic computing across virtualized environments.
• Demonstrates an awareness and sensitivity to the needs and concerns of individuals from diverse cultures, backgrounds, and orientations.
• Contributes to the creation of a diverse, fair, and inclusive work culture that encourages and celebrates differences.
• Experience managing data security for a law firm is highly desirable.

We offer a mission and employee-focused work environment and a competitive compensation package including excellent benefits. Earthjustice is an equal opportunity employer and highly values diversity.

Salary range is based on experience and location.

Salary range in San Francisco, CA: $194,000 - $215,600
Salary range in Washington, DC: $184,400-$204,900

To Apply:
Interested candidates should submit the following via Jobvite:

• Resume
• Cover letter

Please reach out to [email protected] if you are having technical difficulties submitting your application. No phone calls, drop-ins, or hard copies. Earthjustice only accepts resumes submitted for positions that are currently open. Unsolicited resumes, or resumes for posted positions that are not submitted via the on-line application process (where available), will not be reviewed or retained.

Earthjustice is driven by a passion for justice, partnership, and excellence. Our core values lead us to seek a broad range of perspectives and backgrounds to achieve our mission and to maintain an inclusive environment where all staff are valued and respected. As an equal opportunity employer, we are committed to employment practices that ensure that employees and applicants for employment are provided with equal opportunities without regard to race, color, national origin, ancestry, sex, age, religion, physical or mental disability, medical condition, veteran status, marital status, pregnancy, sexual orientation, gender identity, gender expression, genetic information, or any other factor that is not related to the position.

For positions located within the City and County of San Francisco Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment-qualified applicants with arrest and conviction records.

For positions located within the City of Los Angeles: We will consider qualified applicants with criminal histories in a manner consistent with the Los Angeles Fair Chance Initiative for Hiring.