Boys & Girls Clubs of America

Senior Director IT Security

Posted Date 5 days ago(3/12/2018 2:27 PM)
Job ID
Information Technology
Atlanta, GA


The Senior Director, IT Security ensures that the risk to information posed by a variety of cyber threats (cyberattacks; theft or corruption from within; etc.) is minimized. The incumbent ensures that when cyberattacks occur or data is compromised, these incidents and breaches are dealt with promptly, effectively and the chance of that particular type of incident(s) recurring is minimized.


Perform three core functions for the BGCA and Clubs. First, is establishing an enterprise security stance by engaging with the BGCA leadership team to share the IT security vision and executing through policy, architecture and training processes to achieve higher levels of enterprise security.

Second, is overseeing the operations of BGCA’s security solutions through management of BGCA’s service providers and providing direction to IT analysts, and line of business system owners.   Third, is engaging and educating Club staff on information and IT security matters to improve their information security capabilities.


Reports to the Senior Vice President, Information Technology

Location: National Headquarters, Atlanta, GA 


Strategy & Planning

  • Meet with BGCA leaders / decision makers, systems / process owners, and end-users to understand their strategies and tactics to understand business, financial and operational goals.
  • Advise senior management by identifying critical security issues; recommending risk-reduction solutions.
  • Create and maintain the enterprise’s security architecture design.
  • Create, and maintain the enterprise’s security awareness training program.
  • Create and maintain the enterprise’s security documents (policies, standards, baselines, procedures and guidelines).
  • Create and maintain the enterprise’s IT Information Security (Incident & Breach) Response Plan.
  • Manage the creation and maintenance the enterprise’s IT Disaster Recovery Plan.
  • Understand the needs of Clubs and determine how BGCA IT can best engage, share best practices and support them in improving their IT and data security capabilities.


Acquisition & Deployment

  • Maintain up-to-date knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes and the development of new attacks and threat vectors.
  • Select and acquire additional security solutions or enhancements to existing security solutions to improve overall enterprise security as per the enterprise’s existing procurement processes.
  • Oversee the deployment, integration and initial configuration of all new security solutions and of any enhancements to existing security solutions in accordance with standard best operating procedures generically and the enterprise’s security documents specifically.
  • Evaluate all proposed IT service providers and IT solutions to ensure that the vendors and their products and services adhere to sound security policies and processes, and where applicable, formal regulations and certifications.


Operational Management

  • Identify vulnerabilities, assess risk and develop mitigation plans
  • Mentor the entire IT team on security policies, procedures, and best practices
  • Ensure the confidentiality, integrity and availability of the data residing on or transmitted to/from/through enterprise workstations, servers and other systems and in databases and other data repositories.
  • Ensure the enforcement of enterprise security policies and procedures, and creation and maintenance of systems documentation.
  • Manage HR-AD integration, identity and access management, single sign-on, multi-factor authentication and other methods to ensure BGCA-provided systems are appropriately accessed.
  • Supervise all investigations into problematic activity and provide on-going communication with senior management.
  • Supervise the design and execution of vulnerability assessments, penetration tests, security audits, tabletop security incident/breach exercises and periodic disaster/recovery tests.
  • Perform regular security awareness training for all employees to ensure consistently high levels of compliance with enterprise security documents and provide security awareness training for Clubs.
  • Engage various business teams to ensure enterprise wide understanding of security goals, to solicit feedback and to foster co-operation.
  • Manage outsourced security, and where needed, infrastructure, providers to ensure appropriate and effective delivery of services.
  • Actively lead the IT Exchange on matters of information security.
  • Demonstrate BGCA’s mission-driven ICARE values and integrate into work environment and ways of working.
  • Adhere to organizational policies and procedures as described in BGCA’s Employment Handbook, Ethics Policy and elsewhere.


Personal Attributes


  • Works both independently and in a team-oriented, collaborative environment
  • Puts organizational success above personal or departmental agendas
  • Self-motivated with a high degree of initiative and independent thinking
  • Focuses attention on items with the highest priority / greatest potential
  • Anticipates and overcomes obstacles
  • Remains flexible and can react and adjust promptly and efficiently
  • Maintains positive outlook and ability to execute while under pressure
  • Exhibits resourcefulness, finds alternatives and engages experts to quickly resolve problems or develop solutions
  • Puts in extra effort when necessary, and holds self and others accountable
  • Seeks to learn and can understand and apply new technologies
  • Thinks critically, evaluates assumptions and has a keen attention to detail
  • Makes sound decisions in face of uncertainty, and takes appropriate risks
  • Learns from challenges and mistakes
  • Elicits support and cooperation from a wide variety of sources and stakeholders
  • Builds trust and rapport quickly, and relates well to people of varying backgrounds
  • Ability to bring project to successful completion through political sensitivity
  • Excellent interpersonal, listening, and verbal / written communication skills
  • Ability to communicate ideas in both technical and user-friendly language
  • Shares information in an open and transparent fashion
  • Balance of business acumen and technical skills
  • Actively works to keep multiple service provider team dynamics constructive
  • Strong customer service orientation and skills



  • Bachelor’s degree in Information Systems or Computer Science, or equivalent experience is required. Master’s degree is preferred
  • Experience of 7 years is required assuming educational requirements are met.
  • One or more of the following certifications:
  • ISSAP: Information Systems Security Architecture Professional
  • CISSP: Certified Information Systems Security Professional
  • CISM: Certified Information Security Manager
  • GIAC Security Essentials Certification
  • GIAC Security Leadership Certification
  • Microsoft Certified Systems Engineer: Security
  • CompTIA Security+
  • CEH: Certified Ethical Hacker
  • Enterprise security architecture design.
  • Enterprise security document creation.
  • Designing and delivering employee security awareness training.
  • Developing and testing Information Incident / Breach Response Plans.
  • Developing and testing Disaster Recovery Plans.
  • Cyber Insurance contracts.
  • Automated and visual application security assessments
  • Information risk assessments, classification and governance.
  • Managed services provider experience
  • Customer relationship management – being a trusted partner, colleague and consultant to other teams
  • Working technical knowledge of: Active Directory, SQL Server, IIS and .NET application architecture
  • Working technical knowledge of: Juniper Networks, IP, TCP/IP, and other network administration protocols
  • Working technical knowledge of: Identity & Access Management systems, Multi-Factor Authentication, Mobile Device Management
  • Working technical knowledge of: Microsoft Office 365 and Azure
  • Familiarity with Salesforce, Sitecore, Dynamics CRM, SharePoint
  • Verbal and written communications, including demonstrated abilities to interact and communicate with all levels of management, consultants, vendors, and partners
  • Problem identification, analysis, and resolution
  • Project and resource management. Application to multiple, simultaneous, and varied initiatives

Emerging technologies.  Knowledge, understanding, evaluation, and practical application


Environmental and Working Conditions

Normal internal office environment.  Travel estimated at 5-10% as required (can be 3 - 5 days or more in a month - including weekends - depending upon scheduling requirements).  The individual selected for this position must possess and maintain a valid driver’s license and be able to navigate areas of the country by using a map or other direction methods. Ability to travel by car or airplane.  Evening and weekend work as required to achieve personal and departmental goals.


Physical and Mental Requirements

Ability to apply reasoning skills to a wide range of computer problems, systematically identify and define problems, evaluate alternative solutions, and recommend effective solutions.  Ability to interact with co-workers or public in person and remotely.  Ability to exchange, clearly and concisely, ideas, facts, and/or technical information with others.  Physical requirements include frequent standing, sitting, walking, lifting 20-50 lbs., reaching and manual dexterity skills to operate computer.  Occasionally may stoop/squat, crawl/crouch, pull/push, twist trunk/neck climb, and grasp or squeeze with right and left hard in completing required tasks of position.  Communications skills necessary for this position include speech, vision, hearing and reading comprehension. Successful performance includes writing skills and depth perception.



Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed