Director, Information Security presso Greater Kansas City Community Foundation

The Director of Information Security leads the enterprise-wide cybersecurity strategy and program to protect the confidentiality, integrity, and availability of Foundation data and systems and ensure regulatory compliance. This role is critical to safeguarding donor and stakeholder trust and requires aligning security initiatives with organizational objectives, overseeing vendor and risk assessments, incident response, security architecture, and governance while collaborating with other leaders to embed security throughout the organizational culture and business operations. This position reports to the Vice President of Information Technology and is salaried, exempt. 

The Director, Information Security leads the enterprise-wide cybersecurity strategy and program to protect the confidentiality, integrity, and availability of Foundation data and systems. This position oversees vendor and risk assessments, incident response, security architecture, and governance. This role is critical to safeguarding donor and stakeholder trust and requires aligning security initiatives with organizational objectives. 

This full-time position is located in Kansas City, MO and reports to the Vice President of Information Technology and manages a Security Analyst. This salaried, exempt role may work remotely, up to 40% of the time, after a successful training period in the office. 

Key Responsibilities 

• Enterprise Security Leadership: Develops and executes the information security program while serving as the primary enterprise security and risk advisor. Provides expert guidance on emerging risks, threat trends, and mitigation strategies to support informed decision-making. Ensures security initiatives align with business objectives and integrates seamlessly with broader enterprise information technology and operational programs. 
• Strategic Alignment & Integration: Collaborates with the information technology team to ensure consistent application of security practices to minimize risk and ensure the integrity, confidentiality and availability of data that is owned, controlled, and processed across the Foundation.  
• Third-Party Risk Management: Directs third-party risk management activities, including the evaluation of SOC reports and the security practices of external service providers. Oversee the security aspects of the Managed Service Provider relationship.  
• Data Privacy & Governance Strategy: Collaborates to develop and implement a strategy for active data privacy and governance processes and maintains a complete understanding of the Foundation’s data inventory. 
• Regulatory & Risk Oversight: Ensures compliance through internal and external security audits and risk assessments, partners with leadership as needed.?Leads comprehensive risk and security assessments and compliance initiatives to ensure adherence to applicable laws, regulations, and industry standards. Partners closely with legal to manage regulatory requirements and oversees remediation plans with detailed reporting to stakeholders. 
• Learning & Development: Implements and manages a comprehensive information security awareness training program for Foundation staff and leads phishing simulations. 
• Team Development: Builds, develops, and mentors a high-performing cybersecurity team while managing departmental budgets and strategic vendor relationships. Drives continuous improvement initiatives and promotes innovation in security practices through active participation in industry groups and professional communities. Establishes clear performance metrics and professional development pathways for team members.  

• Education & Experience: A Bachelor’s degree or equivalent and at least 10 years of related experience. An equivalent combination of education and experience will be considered.  
• Information Security: Proven experience in developing, implementing, and maintaining an enterprise information security program. CISSP, CISM or CISA certification preferred.  
• Communication: Possess excellent written and verbal communication skills, along with demonstrated ability to present controversial, sensitive and/or complex topics to varying stakeholders. 
• Technical Aptitude: Advanced knowledge of contemporary IT architectures, including external hosted services, hybrid and cloud computing environments. High technical aptitude and ability to learn new software quickly and thoroughly. 
• Security & Risk: Advanced knowledge and comprehension of configuration management, change control, incident and problem management, risk assessment and acceptance, exception management and security configuration baselines.  
• Collaborative Environment: Ability to operate in a highly collaborative environment, while able to work independently and be self-motivated.  
• Responsiveness: Respond effectively to the most sensitive inquiries or complaints; work well under pressure, including identifying and quickly resolving problems. 
• Data Governance Expertise: Experience with electronic governance, risk and compliance (GRC) tools, prefer Onspring, and data governance tools, prefer Microsoft Purview.  

Physical Requirements

• Office & Computer Work: Ability to work regularly at a computer terminal in a fast-paced environment with frequent interruptions.
• Noise & Communication: Able to work in an office with moderate noise levels. Ability to communicate and interpret detailed information effectively.

This job description is a summary of the employment-at-will relationship and not a contract. Not every responsibility is outlined, changes should be anticipated, and other duties will be assigned as necessary.