Information Security and Privacy Manager

  • New York, NY
  • Posted 2 days ago | Updated 2 days ago

Overview

Hybrid
$100,000 - $120,000
Full Time
25% Travel

Skills

Analytical
Risk Management
GDPR
CCPA
Information Security

Job Details

REPORTS TO: VP, Technology

POSITION SUMMARY:

The Information Security and Privacy Manager will be responsible for developing, implementing, and maintaining an information security program that ensures the confidentiality, integrity, and availability of our data and systems.

Additionally, the role includes overseeing privacy initiatives to protect personal and sensitive information, ensuring compliance with relevant laws and regulations. A key responsibility of this position is to balance security and privacy risks and needs without restricting the organization's mission, enabling us to achieve our goals while safeguarding our data and privacy. AFSP is primarily a US based organization with a minimal EU and UK presence.

RESPONSIBILITIES:

Information Security:

  • Develop and implement a comprehensive information security strategy.
  • Perform risk assessments and vulnerability analyses to identify potential threats.
  • Design and enforce security policies, procedures, and protocols.
  • Monitor and respond to security incidents and breaches.
  • Conduct regular security audits and assessments.
  • Implement and manage security technologies such as firewalls, intrusion detection systems, and anti-malware solutions.
  • Provide training and awareness programs for staff on information security best practices.
  • Collaborate with IT and other departments to ensure security measures are integrated into all organizational processes.
  • Stay updated on the latest security trends, threats, and technologies.

Privacy Management:

  • Develop and implement privacy notices, policies and procedures to ensure compliance with relevant laws and regulations.
  • Conduct Privacy Impact Assessments (PIAs).
  • Monitor and report on compliance with privacy laws and organizational policies.
  • Manage Data Subject Requests (DSRs) and other privacy-related inquiries.
  • Ensure that personal and sensitive information is collected, stored, and processed in a secure and compliant manner.
  • Provide privacy training and awareness programs for staff.
  • Collaborate with legal and compliance teams to address privacy-related issues and incidents.
  • Conduct regular privacy audits and assessments.
  • Develop and maintain a comprehensive personal data inventory.

Note:

  • An individual in this position must be able to successfully perform the essential duties and responsibilities listed above. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of this position.
  • The above list reflects the general details necessary to describe the principle and essential functions of the position and shall not be construed as the only duties that may be assigned for the position.

QUALIFICATIONS:

Education Bachelor's degree in Information Security, Computer Science, or a related field required; Masters degree in Information Security, Computer Science or related field preferred

Experience and/or Training Minimum of 5 years of experience in information security and privacy management. In-depth knowledge of privacy laws and regulations. Comprehensive understanding of information security principles, frameworks (e.g., NIST, ISO 27001), and technologies

Licenses/Certificates CompTIA Security+ required; Certifications CIPT, CIPM preferred, CISSP, CISM, or CISO preferred

OTHER SKILLS and ABILITIES:

  • Strong analytical skills with the ability to assess complex security issues and privacy challenges, identify root causes, and implement effective solutions.
  • Proven ability to assess, prioritize, and manage risks in an ever-changing security and privacy landscape. Strong decision-making skills, balancing security needs with business requirements and legal obligations.
  • Proven ability to assess, prioritize, and manage risks in an ever-changing security and privacy landscape.
  • Highly detail-oriented, with the ability to thoroughly review security policies, incident reports, and compliance requirements to ensure accuracy and thoroughness.
  • Ability to collaborate with internal teams and external partners to foster a culture of security and privacy throughout the organization.
  • A growth mindset with a commitment to staying current with the latest industry trends, security technologies, privacy laws (such as GDPR and CCPA), and evolving threats.
  • A high level of integrity and ethical judgment in handling sensitive data, ensuring that security and privacy measures align with the highest standards of ethical responsibility.
  • Attend all mandatory meetings and training courses.
  • Ability to work a full-time schedule and have regular attendance at the workplace.
  • Ability to travel as needed to attend work meetings or events

PHYSICAL AND MENTAL DEMANDS:

  • While performing the duties of this job, the employee is frequently required to sit, talk and/or hear, and/or use hands to finger, handle, or touch objects, tools, or controls. The employee is occasionally required to stand, and/or walk. The employee must occasionally lift and/or move up to 10 pounds while moving files or small packages. Specific vision abilities required by this job include close vision and the ability to adjust focus. The mental and physical requirements described here are representative of those that must be met by an individual to successfully perform the essential functions of this position.
  • The physical and mental demands described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

WORKING ENVIRONMENT:

This role operates in a hybrid work environment, offering flexibility to work both remotely from a home office and on-site at AFSP s physical office. The hybrid model encourages a balance of in-person collaboration and independent remote work.

Office Environment: When working on-site, collaborative workspace designed to foster teamwork and creativity. The office is equipped with modern facilities, including open workstations, meeting rooms for collaboration, and breakout areas for informal discussions. You will have access to all necessary technology and support to effectively perform your job duties.

Remote Work: When working remotely, you ll have the flexibility to manage your own home office setup. We provide necessary resources such as remote access to secure company systems, communication tools, and virtual collaboration platforms to ensure seamless work from any location. Support for your home office environment, including IT equipment, may be available as needed.

SALARY AND BENEFITS:

Annual salary range: $100,000 - 120,000 depending on experience

22 PTO (vacation, sick, wellness and personal days) your first year of employment (5 additional days 2nd year)

Company Sponsored Medical Employee Reimbursement Plan (MERP)

10% employer retirement contribution after 2 years of employment

Flexible Summer Fridays

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.