Information Security Officer, Affiliate Technology Services

About the position The ACLU seeks applicants for the full-time position of Information Security Officer, Affiliate Technology Services in the Information Security team of the ACLU’s National office in New York, NY or Washington, D.C. This is a hybrid role that has in-office requirements of two (2) days per week or eight (8) days per month. This role will lead security posture management across the ACLU’s technology consolidated affiliates while providing advisory security support to non-consolidated affiliates operating independently. This position sits at the intersection of security governance, affiliate technology services, and operational risk. You will partner closely with the IT PMO for Affiliate Technology Services to embed security into affiliate-facing programs and will independently own and manage the Affiliate Security Champion Program to scale security awareness, baseline controls, and engagement across the affiliate network. This position is part of a collective bargaining unit. It is represented by ACLU Staff United (ASU). Responsibilities • Own and advance the security posture of ACLU consolidated affiliates, including baseline controls, risk visibility, and remediation coordination. • Provide structured security advisory services to non-consolidated affiliates, tailored to varying maturity levels and resource constraints. • Partner with the IT PMO for Affiliate Technology Services to ensure security requirements are embedded into affiliate technology planning, delivery, and sustainment. • Lead and manage the Affiliate Security Champion Program, including recruitment, training, engagement, and ongoing coordination. • Conduct affiliate security assessments and risk reviews, translating findings into actionable recommendations. • Serve as the primary security point of contact for affiliate-facing initiatives, incidents, and escalations. • Support affiliate incident preparedness, response coordination, and post-incident improvement efforts. • Develop guidance, standards, and scalable security practices appropriate for affiliate environments. • Track and report affiliate security risk trends to national leadership. Requirements • Demonstrated experience in information security, risk management, or security governance. • Experience working in federated, multi-entity, or decentralized organizations. • Strong understanding of security controls, identity, cloud/SaaS risk, and incident response fundamentals. • Ability to translate complex security concepts into practical guidance for non-specialist audiences. • Excellent cross-organizational communication and relationship-building skills. Nice-to-haves • Relevant certifications (e.g., CISSP, CISM) preferred but not required. Benefits • Time away to focus on the things that matter with a generous paid time-off policy • Focus on your well-being with comprehensive healthcare benefits (including medical, dental and vision coverage, parental leave, gender affirming care & fertility treatment) • Plan for your retirement with 401k plan and employer match • We support employee growth and development through annual professional development funds, internal professional development programs and workshops Apply Now Apply Now