National Director, Information Security
Company: Planned Parenthood Federation of America
Location: Washington
Posted on: April 2, 2026
|
|
|
Job Description:
Planned Parenthood is the nation’s leading provider and advocate
of high-quality, affordable sexual and reproductive health care for
all people, as well as the nation’s largest provider of sex
education. With health centers across the country, Planned
Parenthood organizations serve all patients with care and
compassion, with respect, and without judgment, striving to create
equitable access to health care. Through health centers, programs
in schools and communities, and online resources, Planned
Parenthood is a trusted source of reliable education and
information that allows people to make informed health decisions.
We do all this because we care passionately about helping people
lead healthier lives. Planned Parenthood Federation of America
(PPFA) is a 501(c)(3) charitable organization that supports the
independently incorporated Planned Parenthood affiliates operating
health centers across the U.S. Planned Parenthood Action Fund is an
independent, nonpartisan, not-for-profit membership organization
formed as the advocacy and political arm of Planned Parenthood
Federation of America. The Action Fund engages in educational,
advocacy, and electoral activity, including grassroots organizing,
legislative advocacy, and voter education. Planned Parenthood
Federation of America (PPFA) and Planned Parenthood Action Fund
seek a National Director, Information Security. This job reports to
the Deputy Chief Information Security Officer (CISO) in the
Information Security division of PPFA. The Office of Information
Security provides the strategy, implementation, and oversight of
the information security program that safeguards the data entrusted
to Planned Parenthood by its patients, supporters, donors, and
staff. Purpose: The National Director, Information Security is a
strategic leader of the Information Security team, responsible for
the people, processes, and cyber technologies required to protect
PPFA and the entire federation’s information and assets.
Responsibilities include technical oversight of PPFA’s complex
portfolio of the Information Security technology stack, while
managing the National Office information security operations
including but not limited to day to day information security
operations in partnership with our MSSP co-managed services,
vulnerability management, cyber threat intelligence, incident
response and all related cyber services. This role will oversee the
InfoSec Architecture and Engineering tower, ensuring Secure
Software Development Life Cycle (SSDLC) integration as well as
Continuous Integration (CI), and Continuous Delivery/Deployment
(CD) across the National Office. This role is also critical in
providing Affiliate InfoSec Operations support in partnership with
Affiliate Tech Services and our Managed Security Services Provider.
This position brings transformative insight to Information Security
products and services through leadership and innovation,
accelerating the organization’s ability in managing an evolving
threat landscape. The National Director, Information Security
serves as a subject matter expert and liaison, bridging the InfoSec
team with all divisions under Tech Strategy and Services to ensure
PPFA’s information security program is comprehensive, and in
compliance with industry standard frameworks, regulations and
compliance requirements. This role involves collaborating with
National Office departments and teams, affiliates and ancillaries,
to provide expert guidance, oversight, and support on a range of
security initiatives. The National Director will also play a key
role in identifying security gaps, monitoring and providing
guidance on remediation activities, developing and advocating for
security best practices, and fostering a collaborative security
environment across the federation. Engagement: The National
Director, Information Security will engage with staff at all levels
within PPFA, Affiliates, and Ancillaries. They will also be leading
and mentoring direct and indirect reports. Leadership Proven senior
leader in managing diverse, distributed technical and operational
teams with strong meeting management, relationship building and
negotiating skills; able to gain trust of diverse stakeholders.
Advances and challenges the InfoSec team thinking to embrace
transformative new approaches to work. Partners across the
Information Technology and Information Security organization to
provide strategic and operational direction for InfoSec’s annual
business planning, cyber technology roadmaps, industry trends and
CISO priorities. Ability to translate technical information into
easily understandable information for non-technical audiences.
Demonstrates consistent, engaging insight which attracts attention
and builds/expands collaborative networks with external vendor
partners for MSSP and tech stack vendors. Ability to discuss and
present on Security topics to various executive management groups
from both local and organization wide entities. Vendor Management
Able to manage in-house and vendor teams and ensure technical SLAs
are met with ability to hold vendors accountable to SLAs. Form
corrective action plans accordingly to manage poor vendor
performance. Direct experience with technical vendor management
across MSSP and all cyber tech vendors. Proven negotiation skills
and industry relationships Assist in vendor security assessments
Assist in legal in vendor security requirements Incident Management
In partnership with CISO and our Incident Response/Threat &
Vulnerability Management team, ensure proper handling of Technical
Security Incident Response Communications Senior leader with
ability to work in a Federated model and provide insight and
communications to technical and non-technical senior level staff
Exceptional consulting skillset with ability to provide appropriate
direction to other groups and executives on security matters.
Proven ability to present and discuss highly complex technical
information to users with varying technical expertise. Serve as a
liaison to IT Infrastructure & Services and InfoSec in regards to
industry standard security, technical controls as well provide
regulatory and compliance in areas including industry best
practices (NIST), HIPAA Security Rule compliance and PCI-DSS
compliance. Lead cross-functional engagement and change management
across PPFA and Affiliates to advance security initiatives,
remediate configuration and compliance gaps in shared platforms
(e.g., Okta, CrowdStrike, Proofpoint), and support accreditation
readiness through education, collaboration, and hands-on guidance.
Delivery: Accountable for monitoring and analyzing PPFA’s security
posture on an ongoing basis and managing the InfoSec operation’s
team to protect, detect and respond to security issues according to
standard operating procedures and best practices. Identifies
opportunities and challenges for continued improvement across
Information Security capabilities, delivering innovative and
breakthrough cyber tech solutions. Security Operations Oversee the
National Office Security Operations including technology stack
management for all cyber tech components. Lead and manage
technology roadmaps and tech life cycle management for each tech
component eg. ( Email Gateway, EDR, IAM, SIEM, Vuln Mgmt, etc)
Provide technical oversight to ensure all tech stack components are
configured, standard, stable according to SLAs and best practices.
Drive SIEM alert tuning and provide technical leadership to MSSP to
drive effective and efficient 24v7x365 alert monitoring.
Responsible for management of standard operating procedures and
processes; security policy development and enforcement; security
risk assessments, audits, and remediations. Creates new InfoSec
operations processes and approaches which accelerate delivery of
shared services program and PPFA cyber support network. Act as the
technical expert on all cyber technology products in collaboration
with Affiliate Tech Services and IT to develop new cyber security
services for the National Office and the federation. Act as a
technical advisor and thought leader to the affiliates regarding
cyber technology operational support for the InfoSec tech stack.
InfoSec Architecture and Engineering Lead the InfoSec Architecture
& Engineering function, overseeing the evaluation, design, and
implementation of security technologies and enterprise architecture
aligned to business objectives, industry frameworks (NIST, ISO
27001, CIS), and regulatory requirements (HIPAA, GDPR, PCI-DSS).
Embed security into the software development lifecycle
(SSDLC/DevSecOps) by defining secure architecture and coding
standards, driving threat modeling and risk assessments, and
ensuring security requirements are built into system and
application specifications. Partner across IT and business units to
integrate monitoring, detection, and response capabilities,
continuously improve security tooling and processes, and strengthen
the organization’s security posture through innovation,
collaboration, and technology adoption Incident Response In
partnership with PPFA CISO, act as a co-IR lead throughout incident
scenarios and provide subject matter expertise in cybersecurity
incident response. Support the development and execution of IR
Tabletop exercises annually, including all relevant levels of
management. Assist in the development and implementation of
Incident Response Plans. Oversee the executive IR plan and
continuously improve to reflect the dynamic aspects of the
business. Security Thought Leadership Lead and evolve the strategic
direction of Information Security technology capabilities in a
collaborative, cross-discipline approach. Project senior-technical
thought expertise on the information security strategy, and
operational/technical implementation. Sought after as an expert on
industry trends, current security technologies, news and events and
how they impact the security policies, procedures and portfolio.
Benchmark, analyze, and identify recommendations for the
improvement and growth of PPFA’s technology and security operations
and services to drive the advancement of division priorities Threat
Management and Intel Drive both internal and external threat
analysis and intelligence, tuning of security detection
rules/policies/models, and implementation of effective
countermeasures. Stay abreast of the security industry threat
landscape and brief executives and leadership team on current
intelligence. Lead collaborative efforts between physical and
cybersecurity threat management elements. Review and recommend
threat intel sources that match the needs of the organization.
Reporting / Metrics Turns new concepts/approaches into functional
reality through creation of InfoSec metrics and standards to drive
optimization and operational excellence for all cyber tech products
and services. Identify and drive assist in metrics development and
management for both business and technical consumption Leads report
status, progress, operational & performance metrics and value to
executives across PPFA. Collaborate across teams to ensure
compliance with cybersecurity policies and developing reporting
metrics to communicate the efficacy of tools and programs Act as
Security Change Approver for InfoSec on the PPFA IT Change
Management Board to ensure IT system and configuration changes are
not detrimental to PPFA’s information security posture, are
authorized, and disruptions to services provided by Information
Security and Information Technology to the PPFA National Office and
its Affiliates are minimized. Facilitate InfoSec Accreditation
Office Hours. Performs other duties as assigned. Knowledge, Skills
and Abilities (KSAs): Bachelor’s degree in computer science,
information systems, computer engineering, system analysis, or a
related field, or equivalent work experience. 12 years of IT and
business/industry work experience including Information Security &
Technology related experience. Certifications: At least one
security industry certifications (i.e., CISSP , CISA, CISM, SANS).
Progressive Leadership experience in managing technical functions
and security engineering teams and influencing senior level
management and key stakeholders. Proven ability to develop and
implement strategic security initiatives. Strong understanding of
security governance, risk management, and compliance frameworks.
Excellent ability to conceive, draft, proofread and edit written
materials quickly, including demonstrated ability to understand and
communicate about complex, technical, or sensitive subjects in a
clear, concise, and engaging manner. Experience managing outsourced
managed security service provider (MSSP) or in-house security
operations center (SOC). Knowledge of financial models and
budgeting. Excellent organizational, collaborative leadership,
decision-making and communication skills. Excellent business acumen
and sound business judgment. Practical experience with modern
information security technologies and vendor solutions to include
but not limited to strong authentication, network security,
endpoint security, cloud/SaaS/PaaS security, security information
and event management, user behavior analytics, vulnerability
management, incident response, information assurance, security
operations, anti-DDoS SDLC, DevSecOps, mobile security, privacy,
and regulatory compliance. Demonstrated experience integrating and
operationalizing security frameworks such as: NIST CSF, ISO 27001,
MITRE ATT&CK framework. Excellent skills in collaborating
across divisions, functions, and geography, with a knack for
engaging colleagues at all levels in projects and processes while
continuing to own and drive them. Experience evaluating and
maturing information security systems, controls, and processes, and
leading internal control frameworks, regulatory compliance programs
(e.g., HIPAA, PCI DSS, HITRUST, ISO 27001, NIST, CIS, SOC2, etc),
and audit activities across complex environments Experience leading
enterprise-level technology or security initiatives, preferably in
a complex, federated or multi-site environment, including project
management, system implementation, IT operations coordination, and
day-to-day InfoSec operations (e.g., monitoring, incident response,
SOC workflows, and vulnerability management). Flexibility and
ability to adapt to quickly changing priorities and ambiguous
situations A deep commitment to Planned Parenthood’s mission of
promoting Sexual and Reproductive Health $190,000 - $200,000 a year
Travel: 0-10% travel as needed Planned Parenthood's cultural ethos,
"In This Together", reflects our commitment to building a workplace
culture that fosters belonging, promotes learning throughout the
employee lifecycle, and recognizes individual contributions to our
mission. Planned Parenthood Federation of America participates in
the E-Verify program. Planned Parenthood Federation of America is
an equal employment opportunity employer and is committed to
maintaining a non-discriminatory work environment, and does not
discriminate against any employee or applicant for employment on
the basis of race, color, religion, sex, national origin, age,
disability, veteran status, marital status, sexual orientation,
gender identity, or any other characteristic protected by
applicable law. Planned Parenthood is committed to creating a
dynamic work environment that values diversity and inclusion,
respect and integrity, customer focus, and innovation.
Keywords: Planned Parenthood Federation of America, Alexandria , National Director, Information Security, IT / Software / Systems , Washington, Virginia
