The Mellon Foundation (“Foundation”) believes that the arts and humanities are where we express our complex humanity, and we believe that everyone deserves the beauty, transcendence, and freedom to be found there. Through our grants, we seek to build just communities enriched by meaning and empowered by critical thinking, where ideas and imagination can thrive. The Foundation makes grants in four core program areas - Higher Learning, Arts and Culture, Public Knowledge, and Humanities in Place - and through its signature Presidential Initiatives. The Foundation seeks a Cyber Program Manager for our Information Technology department.
Program Overview:
The Cyber Program Manager will play a pivotal role in managing cyber-related initiatives aimed at enhancing the Foundation's digital security posture and ensuring the protection of its digital assets. This position requires a seasoned professional with a deep understanding of cybersecurity principles, program management expertise, and a background in implementing new security practices within an organization.
Position Summary:
The Cyber Program Manager will report to the Assistant Director of IT Infrastructure and Operations, and will work closely with various stakeholders, to develop, implement, and improve cybersecurity practices, policies, and procedures that align with the Foundation’s goals and values.
Mellon Foundation is an equal opportunity employer. Mellon offers a generous total reward package that includes base salary and a comprehensive benefits program, as well as an excellent working environment. Mellon is committed to providing compensation that is competitive and equitable within the philanthropic sector. The estimated annual salary range for this role is $180K- $200K. The amount of pay offered will be determined by several factors, including but not limited to qualifications, unique skills, credentials, or experience that is expected to impact the candidate’s contribution to the role. We will also consider market data as well as the Foundation’s internal pay equity framework.
Please note that Mellon maintains a hybrid work schedule, with three days per week in person at the Foundation’s Manhattan offices, with periodic additional on-site attendance required for operational events.
Candidates should apply by submitting a cover letter describing fit for the position and a resume by Friday, September 27, 2024.
The Foundation will consider each response carefully, but only contact those individuals it believes are most qualified for the position.
Responsibilities may include, but will not be limited to the following:
1. Governance:
- Collaborate with the Assistant Director of IT to develop and implement a comprehensive security program tailored to the unique needs of the Foundation.
- Assist with maintaining and updating security-related policies and procedures.
- Actively participate in the information security governance process and support legal and regulatory compliance efforts as needed.
- Assist in operational planning based on short- and long-term security goals & objectives, including robust protection and long-term resilience.
- Develop and maintain the cybersecurity risk management program. Perform risk assessments on an ongoing basis.
- Work to ensure organizational compliance with industry regulations, standards, and best practices (e.g., GDPR, NIST, ISO 27001).
- Develop and assist with the implementation of a data protection program.
2. Security Architecture and Design:
- Collaborate with cross-functional teams to assist with the design and implementation of security solutions that align with business goals and compliance requirements.
- Evaluate and recommend security technologies, tools, and frameworks to enhance the organization's security infrastructure.
- Conduct security reviews of systems, applications, and network architectures to identify potential vulnerabilities and propose alternate solutions or mitigations.
3. Security Liaison:
- Foster relationships with key stakeholders across the Foundation to understand their goals and to align cybersecurity initiatives accordingly.
- Act as the primary point of contact for internal and external cybersecurity related audits, responding to requests for collateral & artifacts as security assessments are conducted.
- Work with IT staff and other stakeholders to remediate security audit findings.
4. Operational Support:
- Provide ongoing reporting on the status of cybersecurity at the Foundation.
- Interface with vendors and monitor external security operations activities.
- Implement and maintain a vendor due diligence program.
- Develop an incident response plan and conduct annual testing. Coordinate incident response and recovery activities.
- Consult on cybersecurity-related production issues and incidents, participating in problem and change management forums.
- Develop and monitor compliance for vulnerability management service level agreements.
- Assist with managing cybersecurity-related tools and systems.
5. End-User Cybersecurity Awareness and Training:
- Manage the end-user cybersecurity training program.
- Work with the broader IT team to curate and deliver appropriate training materials and resources to staff on cybersecurity best practices, including phishing awareness, password management, and data protection, as well as emerging threats.
- Conduct as-needed training sessions and workshops to enhance staff awareness and understanding of cybersecurity threats and mitigation strategies.
- Continuously evaluate and update training materials and methodologies to address emerging threats and evolving security requirements. Track and measure the effectiveness of training initiatives through appropriate metrics.
6. Team Collaboration:
- Mentor junior members of the IT team, providing technical guidance and fostering skill development.
- Collaborate with IT and development teams to integrate security into the software development lifecycle.
- Monitor emerging cybersecurity trends and communicate necessary information to other IT staff members.
Qualifications:
- Minimum of seven years of IT experience, with five years in an information security role, and two years in a supervisory capacity.
- Bachelor's degree in computer science, information systems/security, or equivalent experience; advanced degree preferred.
- In-depth knowledge of cybersecurity principles, protocols, and technologies.
- Experience with security frameworks and standards including as NIST and ISO 27001; familiarity with other frameworks, including ITIL and COBIT.
- Proficiency in risk assessment, security architecture, and vulnerability management.
- Strong leadership skills and ability to work effectively with diverse stakeholders.
- Excellent communication skills and ability to translate technical concepts for non-technical audiences.
- Strong team collaboration skills and orientation.
- Commitment to delivering high-quality and efficient service to Mellon's mission.
- Familiarity with implementing security for agile development within cloud IaaS and PaaS environments would be preferred.
- Industry certifications such as CISSP, CISM, CEH, or equivalent are a plus.
The Andrew W. Mellon Foundation was established in 1969 to strengthen, promote, and defend the arts and humanities as essential to democratic societies.
Apply Now