Career Opportunities with Genesys Works

A great place to work.
Careers At Genesys Works
Share with friends or Subscribe!

Current job opportunities are posted here as they become available.

Subscribe to our RSS feeds to receive instant updates as new positions become available.

Back To Openings

Director of Information Security & Strategic Resilience

Department: Technology
Location:
START YOUR APPLICATION

Position: Director of Information Security & Strategic Resilience

FLSA Status: Exempt

Location: Remote in CA, DC, FL, GA, IL, IN, MD, MA, MI, MN, NJ, NY, NC, OH, OK, PA, TN, TX, VA, WA, WI

Reports to: Chief Information Officer

Salary Range: 135-140K

Role Summary

Genesys Works is seeking a Director of Information Security & Strategic Resilience to serve as the organization’s senior cybersecurity leader and CISO-equivalent. This role will partner closely with the CIO to design, establish, and mature a comprehensive, risk-based cybersecurity and resilience program that protects the organization’s students, alumni, partners, donors, and staff—while actively enabling digital transformation and mission growth.

This leader will be responsible for security strategy, governance, risk management, incident response, and resilience, while remaining hands-on with security architecture, tooling, assessments, and vendor coordination. The role will operate with visibility across the Senior Leadership Team and will support board-level reporting, risk discussions, and investment decisions related to cybersecurity and technology risk.

Key Responsibilities

Cybersecurity Strategy, Risk & Enablement

  • Partner with the CIO to define and execute a multi-year cybersecurity and resilience roadmap aligned to Genesys Works’ strategic plan and digital transformation initiatives.
  • Establish a risk-based security program aligned with CIS Critical Security Controls, NIST CSF / 800-53, SANS, and FAIR, appropriately tailored to a nonprofit environment.
  • Champion the concept of positive risk, enabling leadership to make informed decisions about where risk can be accepted or leveraged to accelerate innovation, improve student outcomes, or enhance partner engagement.
  • Define and operationalize clear approaches to risk identification, mitigation, acceptance, transfer, and avoidance, supported by executive-level documentation and reporting.

Governance, Policy & Compliance

  • Develop, maintain, and continuously improve enterprise security policies, standards, and procedures, including identity, access, data protection, cloud security, application security, and incident response.
  • Ensure policies are practical, scalable, and aligned to organizational maturity and mission needs.
  • Support audits, assessments, cyber-insurance requirements, and regulatory or contractual obligations.
  • Establish and oversee a third-party and vendor security risk management approach, particularly for SaaS platforms, cloud providers, and data-sharing partners.

Digital Transformation, Architecture & Application Security

  • Serve as a security advisor for major initiatives including:
    • Identity & Access Management (IAM)
    • Experience Cloud /SaaS / portal solutions (student, alumni, volunteer, partner)
    • Cloud data platforms, analytics, and integrations
    • Enterprise SaaS and custom application development
  • Provide security architecture guidance across the Microsoft ecosystem, including Azure, Microsoft 365, Defender, Purview, and Intune.
  • Partner with engineering and integration teams to promote secure software development practices, application security testing, and enterprise integration security patterns.

Cryptography, Encryption & Secrets Management

  • Define and oversee enterprise practices for encryption, key management, tokenization, and certificate lifecycle management.
  • Ensure sensitive data is protected at rest, in transit, and in use, across cloud platforms, SaaS tools, and custom applications.
  • Govern secrets management, including use of tools such as HashiCorp Vault or equivalent, secure API key handling, and token management for integrations and automation.

Vulnerability Management, Testing & Threat Analysis

  • Establish and manage a vulnerability management program, including asset discovery, scanning, prioritization, remediation tracking, and executive reporting.
  • Lead and coordinate penetration testing and security assessments (network, application, cloud, and third-party), ensuring findings are actionable and tied to business risk.
  • Conduct threat modeling and threat analysis to inform control design, detection priorities, and resilience planning.
  • Ensure vulnerabilities are remediated based on risk severity and organizational impact, not solely technical scores.

Security Operations, Detection & Response

  • Mature and oversee security operations capabilities, including:
    • Endpoint Detection & Response (EDR)
    • Security Information & Event Management (SIEM)
    • Cloud-native security tooling
  • Collaborate with Managed Security Service Providers (MSSPs) to extend monitoring, detection, and response in a cloud-first environment.
  • Integrate vulnerability, threat intelligence, and incident data to continuously improve detection and response effectiveness.

Incident Response & Strategic Resilience

  • Own incident response planning, tabletop exercises, and real-world response coordination, including engagement with legal counsel, forensics, and cyber-insurance partners.
  • Lead business continuity and strategic resilience planning, ensuring preparedness for cyber incidents, outages, and operational disruptions.
  • Drive post-incident reviews and continuous improvement across people, process, and technology.

Data Protection, Privacy & AI Risk

  • Oversee data loss prevention (DLP), data classification, and privacy controls, in alignment with organizational data governance efforts.
  • Partner with data and analytics teams to ensure secure handling of student, alumni, donor, and partner data.
  • Provide guidance on security, privacy, and ethical risks associated with AI, automation, and emerging technologies, ensuring responsible innovation.

Security Awareness, Culture & Metrics

  • Design and manage an organization-wide security awareness and training program, tailored to staff, interns, and leadership.
  • Foster a culture of shared responsibility for security, balancing usability and protection.
  • Define and report on security KPIs and KRIs, such as detection and response metrics, vulnerability aging, control coverage, and risk trends.

Executive, Board & Leadership Engagement

  • Support the CIO in preparing board-level cybersecurity updates, risk narratives, and investment recommendations.
  • Translate technical security topics—including vulnerabilities, incidents, and assessments—into clear, business-relevant insights.
  • Serve as a trusted security advisor across the Senior Leadership Team, with enterprise-wide visibility and influence.

Team & Capability Development (Future-Looking)

  • As the program matures, help define opportunities to build and scale internal security capabilities, balancing internal resources with external partners.
  • Mentor and upskill technology staff in security best practices.

Required Qualifications

  • 15+ years of experience in information security, with progressive responsibility in enterprise or cloud-first environments.
  • Demonstrated experience in a senior, strategic security role with hands-on accountability.
  • Strong familiarity with the Microsoft security stack, including Azure, Microsoft 365, Defender, SharePoint, and Intune.
  • Experience with secrets management and cryptographic controls (e.g., HashiCorp Vault or equivalent).
  • Hands-on experience with incident response, SIEM, EDR, DLP, vulnerability management, and penetration testing.
  • Working knowledge of secure software development and enterprise application security.
  • Experience collaborating with MSSPs and external security partners.
  • Strong understanding of FAIR risk analysis, threat modeling, and executive-level risk communication.
  • Proven ability to communicate effectively with executives and boards.

Preferred Qualifications

  • Experience in nonprofit, education, or mission-driven organizations is a plus but not required.
  • Familiarity with data governance, privacy principles, and AI risk management.
  • Relevant certifications (CISSP, CISM, CRISC, GIAC) are a plus but not required.

In our quest to be a nonprofit employer of choice, we offer:

  • Competitive compensation commensurate with experience and qualifications
  • Medical, dental, and vision insurance
  • Company-paid life and disability insurance
  • Generous paid time off policy, (10) company paid holidays, and “Soft Close” between Christmas and New Year’s.
  • 403(b) retirement savings plan with company match
  • Communications allowance
  • Focus Fridays and Flexible work arrangements

Our Commitment to People

Genesys Works is an equal opportunity employer who is committed to fostering an equitable, inclusive, and respectful workplace where all individuals feel valued and empowered. It starts with our talented candidates. We celebrate diversity in all its forms and seek to recruit, support, and retain talent that reflects the culturally diverse communities we serve. Discrimination or harassment of any kind has no place here.

START YOUR APPLICATION

Visit Our Home Page

© 2026 Genesys Works

Applicant Tracking System Powered by ClearCompany HRM Applicant Tracking System