Security and Data Protection Lead
About JerseySTEM All JerseySTEM roles are pro-bono (unpaid) positions. Areas of Focus - Technical Operations, Governance, Data Privacy Identity & Access Management: Implement and manage robust authentication services and access controls to ensure only authorized contributors have access to sensitive systems. Cybersecurity Risk Management: Conduct regular vulnerability assessments and manage the remediation of technical security gaps across the organization's platforms. Incident Response: Serve as the primary responder for security incidents, developing and maintaining the organizational incident response plan to minimize impact. Security Architecture: Oversee the technical focus of cloud-based security configurations, ensuring tools like Google Workspace and other internal systems are hardened against threats. Data Protection Framework: Develop and enforce policies specifically tailored to data protection, ensuring compliance with relevant privacy standards and best practices. Risk Governance: Translate high-level strategic direction into actionable policies and procedural documentation that can be easily followed by non-technical volunteers. Awareness & Culture: Drive security awareness training for all JerseySTEM members, fostering a culture of "Security First" across the organization. Insider Threat Mitigation: Establish monitoring and auditing processes to protect against internal data leakage and unauthorized data sharing.
Overview
Membership is a minimum six-month commitment of approximately 6-8 flexible hours per week and includes a $100 refundable deposit, returned after six months of active membership. K–12 educators, retirees, veterans, interns, and students are exempt from the deposit.JerseySTEM is a mission-driven professional network of pro-bono contributors dedicated to improving access to STEM education and career pathways for underserved middle school girls in New Jersey. Members contribute their professional skills and leverage their networks in service of the organization’s gender-equity agenda.Role OverviewReporting to The Chief Information Security Officer (CISO), Security and Data Protection Lead is a high-impact role designed for an experienced professional who can bridge the gap between strategic direction and technical execution. You will be responsible for safeguarding JerseySTEM’s digital assets and ensuring the privacy of our community's data. This role blends hands-on implementation with tactical oversight, focusing on building a practical framework programs and policies for our security posture while maintaining the agility required for a non-profit environment.
Qualifications
Qualifications & Requirements 8+ years of proven experience in cybersecurity, information security, or data privacy roles. Ability to work independently as a “doer”, taking ownership of tasks from conception to completion. Strong understanding of technical security controls (IAM, encryption, network security) and governance frameworks (e.g., NIST CSF, NIST 800-53, ISO 27001). Partner with the JerseySTEM TECH and non-technical team to prioritize and incorporate security perspectives into tools and workflows Draft, socialize, and maintain right-sized security policies, standards, and procedures appropriate for a nonprofit organization. Stay current on evolving threats (including AI-enabled threats) and share relevant, actionable recommendations with leadership and technical teams. Excellent communication skills to advise leadership on security architecture and risk. Comfortable working in a fully remote, member-driven organization. Commitment: Ability to dedicate approximately one working day (6-8 hours) per week to have a tangible impact. Relevant certifications are a plus but not required (e.g., CISSP, CISM, Security+, CCSP, GIAC). Exposure to AI/ML security considerations helpful, not required.