Information Security Officer, Affiliate Technology Services

ABOUT THE JOB The ACLU seeks applicants for the full-time position of Information Security Officer, Affiliate Technology Services in the Information Security team of the ACLU’s National office in New York, NY or Washington, D.C. This is a hybrid role that has in-office requirements of two (2) days per week or eight (8) days per month. This role will lead security posture management across the ACLU’s technology consolidated affiliates while providing advisory security support to non-consolidated affiliates operating independently. This position sits at the intersection of security governance, affiliate technology services, and operational risk. You will partner closely with the IT PMO for Affiliate Technology Services to embed security into affiliate-facing programs and will independently own and manage the Affiliate Security Champion Program to scale security awareness, baseline controls, and engagement across the affiliate network. This position is part of a collective bargaining unit. It is represented by ACLU Staff United (ASU). WHAT YOU'LL DO The Information Security Officer will serve as a trusted security advisor to the affiliate technology leaders, executives, and national stakeholders — helping balance enterprise security expectations with the operational realities of a federated organization. YOUR DAY TO DAY Own and advance the security posture of ACLU consolidated affiliates, including baseline controls, risk visibility, and remediation coordination. Provide structured security advisory services to non-consolidated affiliates, tailored to varying maturity levels and resource constraints. Partner with the IT PMO for Affiliate Technology Services to ensure security requirements are embedded into affiliate technology planning, delivery, and sustainment. Lead and manage the Affiliate Security Champion Program, including recruitment, training, engagement, and ongoing coordination. Conduct affiliate security assessments and risk reviews, translating findings into actionable recommendations. Serve as the primary security point of contact for affiliate-facing initiatives, incidents, and escalations. Support affiliate incident preparedness, response coordination, and post-incident improvement efforts. Develop guidance, standards, and scalable security practices appropriate for affiliate environments. Track and report affiliate security risk trends to national leadership. FUTURE ACLU'ERS WILL Be committed to advancing the mission of the ACLU Center and embed the principles of equity, inclusion and belonging in their work by demonstrating commitment to diversity with an approach that respects and values multiple perspectives Be committed to work collaboratively and respectfully toward resolving obstacles and conflicts WHAT YOU'LL BRING Demonstrated experience in information security, risk management, or security governance. Experience working in federated, multi-entity, or decentralized organizations. Strong understanding of security controls, identity, cloud/SaaS risk, and incident response fundamentals. Ability to translate complex security concepts into practical guidance for non-specialist audiences. Excellent cross-organizational communication and relationship-building skills. Relevant certifications (e.g., CISSP, CISM) preferred but not required. COMPENSATION The ACLU is committed to equity, transparency, and clarity in pay. Consistent with our compensation philosophy, there is a set salary for each role based on geographic work location. The annual salary for this position is $ 167,568 (Level E), reflecting the salary of a position based in New York, NY. Salaries are subject to a regional pay adjustment if authorization is granted to work outside of the location listed in this posting. For details on our pay structure, please visit: https://www.aclu.org/careers/ACLU_Geographic_Pay_Structure-July_2024.pdf WHY THE ACLU For over 100 years, the ACLU has worked to defend and ... (truncated, view full listing at source)