Senior Manager, Information Security

Division Information Technology Department N/A Location Seattle Foundation Overview Guided by the belief that every life has equal value, the Bill & Melinda Gates Foundation works to help all people lead healthy, productive lives. In developing countries, it focuses on improving people's health and giving them the chance to lift themselves out of hunger and extreme poverty. In the United States, it seeks to ensure that all people-especially those with the fewest resources-have access to the opportunities they need to succeed in school and life. Based in Seattle, the foundation is led by CEO Jeff Raikes and co-chair William H. Gates Sr., under the direction of Bill and Melinda Gates and Warren Buffett.

Group Summary Do you believe technology can improve lives around the world? We do! We are IT at the Gates Foundation. We are a creative, dynamic group of technologists determined to help change the world. Bring your creative thinking to our tight knit, energetic team to help us achieve our mission. Work CAN be fun and inspiring - check us out.

Responsibilities The Senior Manager Information Security leads the Information Security team in delivering a systematic, proactive, approach that balances information risk and business requirements to ensure the security of the foundation's information assets and systems. Supports the Director, Risk Management in developing strategy and executing the information security program as part of a comprehensive risk management service. Participates as part of the Risk Management leadership team. Identify and implement information security capabilities to support the information security program. Supports IT in solution delivery by assessing information security risk inherent in products and services.

Key Duties and Responsibilities:
- Program Development and Execution: Manage and develop the Information Security program, including strategy, policies, process, and metrics. Identify and assess emerging information risks, adjusting plan accordingly. Collect and monitor information security metrics, assessing the health of the program.
- Information Security Capabilities: Identify, prioritize, and implement services and products to enable or improve information security capabilities (eg, identity management, disaster recovery, compliance monitoring, intrusion prevention, awareness and education).
- Information Risk and Vulnerability Management: Oversee internal and external security risk and vulnerability assessments, recommend/implement approved countermeasures. Partner with stakeholders to communicate recommendations and develop agreed upon action plans.
- Vendor management: Manage onsite and offsite vendors in providing products and services related to the information security program. Includes contract negotiations, budget management, and evaluation of service and support.
- People Management: Build and develop an efficient and effective information security team, including people management responsibilities (hiring/termination, goal setting, coaching, performance reviews).

This role manages people and is responsible for hiring the talent needed to achieve our goals, ensuring successful employee onboarding, communicating performance expectations, creating goal alignment, integrating project and change management, giving and seeking feedback, providing coaching, measuring progress and holding people accountable, supporting employee development, and recognizing achievement and lessons learned.

Qualifications Bachelor's degree with 6-10 years of experience in information security with at least 3 of those years in management. CISSP or CISM certification is a plus.

Other core skills & knowledge:
-Knowledge of information security program frameworks and best practices.
-Experience in developing and executing an information security program from strategy to operations, including: Policies, standards, procedures, and guidelines development, Information security risk and vulnerability assessment methodologies, Information security awareness and education, Incident response planning and execution, Familiarity with investigations and computer forensics.
-Experience designing information security architectures across multiple platforms and applications with an emphasis in Microsoft technologies.
-Talent assessment and performance management.
-Strong written and verbal communication skills.
-Clear analytical and problem solving abilities.
-Supports colleagues with budget accountability with information related to forecast accuracy and investment recommendations.

As part of our standard hiring process for new employees, employment with the Bill and Melinda Gates Foundation will be contingent upon successful completion of a background check

Requisition Number 4202BR