.Tides is a nonprofit and philanthropic organization committed to advancing social justice. We work across the social sector to shift power to communities of color and other groups historically denied power.Centering equity and justice in everything we do, we collaborate in deep partnership with movement leaders, nonprofits, donors, foundations, and corporations to amplify the impact of their work by providing services like fiscal sponsorship, donor advised funds, grant making, and a variety of innovative solutions. Learn more at tides.Org.About the RoleThe Information Security Engineer is responsible for designing, implementing, and maintaining security protocols, policies, and systems to protect the organization's information assets. This role involves collaborating with various departments to ensure the security of networks, applications, and data while responding to security incidents and conducting regular assessments to identify and mitigate risks.What you will DoSecurity Systems Management:Design, implement, and maintain security solutions such as firewalls, intrusion detection systems, VPNs, and antivirus software.Monitor security systems and networks for potential vulnerabilities and attacks.Maintain security of confidential and proprietary information.Respond to security incidents, conduct thorough investigations, and implement corrective actions.Develop and maintain incident response plans and procedures.Risk Assessment and Management:Perform regular security assessments and penetration tests to identify vulnerabilities.Develop and implement risk mitigation strategies to protect the organization's assets.Compliance and Audit:Ensure compliance with relevant industry regulations and standards (e.G., CIS Top Controls, NIST Cybersecurity Framework, etc.).Prepare and participate in security audits.Policy and Procedure Development:Develop, update, and enforce security policies, procedures, and guidelines.Conduct security awareness training for employees.Collaboration and Communication:Work with IT and other departments to ensure security measures are integrated into all aspects of the organization.Communicate security issues and solutions to management and stakeholders.Threat Intelligence and Vulnerability Management:Stay up-to-date with the latest threat intelligence, security patches, and advisories.Manage vulnerability scanning and patch management processes.What you will BringIn-depth understanding of information security principles and best practices.Proficiency in security technologies and tools (e.G., SIEM, IDS/IPS, firewalls, encryption).Understanding of network security protocols and architecture.Familiarity with security features and vulnerabilities of various operating systems (Windows, Linux, MacOS).Knowledge of regulatory and compliance standards (e.G., CIS Top Controls, NIST Cybersecurity Framework, ISO 27001, GDPR, HIPAA).Understanding of incident response processes and procedures