AARP is a nonprofit, nonpartisan organization, with a membership of nearly 38 million that helps people turn their goals and dreams into 'Real Possibilities' by changing the way America defines aging. With staffed offices in all 50 states, the District of Columbia, Puerto Rico, and the U.S. Virgin Islands, AARP works to strengthen communities and promote the issues that matter most to families such as healthcare security, financial security and personal fulfillment. AARP also advocates for individuals in the marketplace by selecting products and services of high quality and value to carry the AARP name. As a trusted source for news and information, AARP produces the world’s largest circulation magazine, AARP The Magazine and AARP Bulletin.
Information Technology Solutions (ITS) is AARP's technology leader in positive social change and member value, enabling a more effective workforce and globally connecting employees, members, volunteers, partners and advocates to maximize engagement.
Provides leadership and guidance in developing, coordinating, and implementing security strategies and solutions for the AARP enterprise infrastructure. Safeguards the confidentiality, availability, and integrity of AARP's information assets and technology ecosystem. Collaborates with colleagues in ITS and other key stakeholders across the enterprise to execute on projects and initiatives in the Information Security roadmap. Manages AARP’s security architecture and security tools, security and risk advisory consulting for the business, support for regulatory requirements and IT-related audits, and coordination of investigations and audit of information security breaches.
1. Develops information security standards, policies, and protocol to ensure that information assets are protected from unauthorized and inappropriate use or access.
2. Directs team members in the evaluation, selection, installation, and configuration of security solutions.
3. Provides guidance and oversight for the execution of Information Security initiatives, specifically outlining technical and strategic solutions to ensure roadmap elements are executed.
4. Identifies, understands, and assesses security risk factors in the protection of information assets and identifies plan of action to mitigate and address these risks, as appropriate.
5. Develops and oversees execution of third-party security program and policies to ensure eligibility to receive and manage organizational information assets.
6. Coordinates with operational groups and business units to identify and implement measures to prevent or detect security incidents or breaches.
7. Performs incident response and investigation activities, as needed or requested over security incidents and/or security breaches.
8. Manages and monitors compliance with information security policies and procedures.
9. Works in partnership with ITS senior leaders on initiatives related to security to continuously improve Information Security processes and delivery by anticipating issues, providing advice, and sharing knowledge and best practices.
10. Develops relationships with ITS leaders and business partners to align with AARP objectives.
As a people manager, this position is expected to develop and exhibit our AARP Values and Behaviors and competencies, as well as fully participate in all management training initiatives. This position has the responsibility for direct management of AARP employees which entails, but is not limited to:
Completion of a Bachelor's degree in Information Technology, Computer Science, Engineering or related field and 10+ year of related experience; or an equivalent combination of training and experience related to the duties of the position. Certification in Information Security (CISSP or CISM) practices and policies preferred.
Demonstrates leadership expertise to execute on strategic direction, as well as significant depth of technical expertise in information security solutions.
Leadership experience managing direct reports.
In-depth experience and knowledge of enterprise and technologies, including but not limited to VPNs, network security, encryption, authentication, application-level network protocols, PKI, IPSec, Firewall, SSH, SSL, AES, LAN/WAN, and TCP/IP.
In-depth knowledge of information security regulations applicable to organizations, i.e. HIPPA, PCI DSS, and various State Privacy Laws.
AARP offers competitive benefits with a 401K, 100% company funded pension plan, health, dental, vision and life insurance, STD/LTD, paid vacation and sick, and other benefits.
AARP is an equal opportunity employer committed to hiring a diverse workforce and sustaining an inclusive culture. AARP does not discriminate on the basis of race, ethnicity, religion, sex, color, national origin, age, sexual orientation, gender identity or expression, mental or physical disability, genetic information, veteran status, or on any other basis prohibited by applicable law.