Director, Information Security

About Tides

Tides is a nonprofit and philanthropic organization committed to advancing social justice. We work across the social sector to shift power to communities of color and other groups historically denied power.

Centering equity and justice in everything we do, we collaborate in deep partnership with movement leaders, nonprofits, donors, foundations, and corporations to amplify the impact of their work by providing services like fiscal sponsorship, donor advised funds, grant making, and a variety of innovative solutions. Learn more at tides.org.

About the Role

Reporting to the Senior Director, Information Technology, the Director, Information Security will own and deliver on the “Six P’s”: Establish the processes, hire and manage the people, manage the portfolio, supervise the policy & architecture, own performance management for team and any third parties, and manage the projects for a comprehensive cybersecurity approach for this energetic and progressive 501c3 organization in a dynamic, cloud-forward environment.

Ideal candidates will have experience scaling and building out an existing cybersecurity framework navigating compliance issues and developing policies. The role will interact with teams across the organization to ensure their needs are met.

What you will Do

Establish Governance and Build Knowledge 10%

• Provides regular reporting on the current status of the cybersecurity program to enterprise risk teams, senior business leaders.

• Works with the vendor management office to ensure that cybersecurity requirements are included in contracts by liaising with vendor management and procurement organizations.

• Directs the creation of a targeted cybersecurity awareness training program for all employees, contractors, and approved system users, and establishes metrics to measure the effectiveness of this security training program for different audiences.

• Advises on the cyber risk posture of the organization, including the mandatory application of controls.

Lead the Organization 10%

• Leads the cybersecurity function across the company to ensure consistent and high-quality information security management in support of the business goals.

• Determines the cybersecurity approach and operating model in consultation with stakeholders and aligned with the risk management approach and compliance monitoring of non-digital risk areas.

• Manages an effective cybersecurity organization, consisting of one direct report

Set the Strategy 10%

• Develops a cybersecurity vision and strategy that is aligned to organizational priorities and enables and facilitates the organization's business objectives, and ensures senior stakeholder buy-in and mandate.

• Develops, implements, and monitors a strategic, comprehensive cybersecurity program to ensure appropriate levels of confidentiality, integrity, and availability of information assets owned, controlled, or/and processed by the organization as well as the meeting of safety, privacy, reliability, and resilience requirements as needed.

• Works effectively with business units to facilitate cybersecurity risk assessment and risk management processes and empowers them to make the right decisions that fall within the risk appetite of their organization.

Develop the Frameworks 20%

• Enhances the security posture by adopting a cybersecurity framework that is applicable to the organization: ITIL, COBIT/Risk IT, and National Institute of Standards and Technology (NIST) Cybersecurity Framework.

• Develops and owns a document framework of continuously up-to-date cybersecurity policies, standards, and guidelines. Oversees the approval and publication of these cybersecurity policies and practices.

• Facilitates a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitates appropriate resource allocation, and increases the maturity of the cybersecurity, and reviews it with stakeholders at the executive and board levels.

Operate the Function 50%

• Coordinates the development of implementation of incident response plans and procedures to ensure that business-critical services are recovered in the event of a security event; provides direction, support, and in-house consulting in these areas.

What you will Bring

• Outstanding verbal and written communication skills

• Proven track record of start-to-finish project management

• An understanding of all current legislation and regulations pertaining to Tides

• Experience in effective coordination, prioritization, collaboration, organization, and successful project delivery

• Knowledge of IT Security related hardware, software, and vendor solutions

• An analytical mind with the ability to quickly get to the root cause of issues

• You will need to be organized, efficient and able to work unsupervised under your own initiative

• Outstanding written and verbal communication skills

Ideal Experience

• 8 years of direct experience and relevant bachelor’s degree in a technology discipline; or 10 years of relevant experience in cybersecurity roles.

• 4 years of experience in a supervisory capacity, required

• Experience with cybersecurity management of cloud and SaaS environments, required

• Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), or other similar credentials

Application Instructions

Please submit your resume and a cover letter expressing why you are well-qualified for this role and your motivation for joining the team at Tides. For best consideration, apply by Friday, October 3, 2025 at 11:59pm ET.

Equal Employment Opportunity

We look forward to reviewing applications from all qualified job seekers. We strongly encourage applications from women, people of color, and bilingual and bicultural individuals, as well as members of the LGBTQIA+ communities. No applicant will be discriminated against because of their race, religion, sex, national origin, ethnicity, age, disability, political affiliation, sexual orientation, gender identity, color, marital status, or medical condition including acquired immune deficiency syndrome (AIDS) and AIDS-related conditions. Pursuant to the San Francisco Fair Chance Ordinance, we encourage and will consider qualified applicants with arrest and conviction records. Where required by state law, we utilize E-Verify as a part of our employment authorization process.

Applicants with Disabilities

Reasonable accommodation will be made so that all who are interested may participate in our interview process. If you are in need of an accommodation, please advise in writing at the time you apply.