Founded by Dr. Priscilla Chan and Mark Zuckerberg in 2015, the Chan Zuckerberg Initiative (CZI) is a new kind of philanthropy that’s leveraging technology to help solve some of the world’s toughest challenges – from eradicating disease, to improving education, to reforming the criminal justice system. Across three core Initiative focus areas of Science, Education and Justice and Opportunity, we’re pairing engineering with grantmaking, impact investing, policy work, and movement building, to help build an inclusive, just and healthy future for everyone.
We believe we can help build a future for everyone.
- We aim to be daring, but humble: We look for bold ideas — regardless of structure and stage — and help them scale by pairing engineers with subject matter experts to build tools that accelerate the pace of social progress.
- We want to learn fast, but build for the long-term: We want to iterate fast and help bring new solutions to the table, but we also realize that important breakthroughs often take decades, or even centuries.
- Stay close to the real problems: We engage directly in the communities we serve because no one understands our society’s challenges like those who live them every day.
Our success is dependent on building teams that include people from different backgrounds and experiences who can challenge each other's assumptions with fresh perspectives. To that end, we look for a diverse pool of applicants including those from historically marginalized groups — women, people with disabilities, people of color, formerly incarcerated people, people who are lesbian, gay, bisexual, transgender, and/or gender nonconforming, first and second generation immigrants, veterans, and people from different socioeconomic backgrounds.
As we engage with our communities, we must work from a shared place of trust. We know that our communities care deeply about how information is collected, used, and shared, and so do we. So when CZI builds products or take ons a problem we consider their safety, privacy and security and at every step of the process. Ensuring that the vendors we partner with carry this dedication forward as they support us is a critical part of our security and privacy program.
We’re looking for someone who is passionate about information security and excited by the challenge of building/growing a program that ensures our vendors meet our high standard for security and privacy. In this role you’ll be responsible for leading our vendor security program including running the workloads of our security assessors (in house and vendor supported). You’ll also contribute to our overall Third Party Security program and have the opportunity to work cross functionally across our broader Information Security team to drive projects which cut across CZI. In managing for the Third Party Security program, you’ll partner closely with our Legal team to ensure that our contracts process strikes the right balance between leading risk and enabling our Initiative teams to build a better future for everyone.
- Cultivate, collaborate and drive positive relationships and partnerships with key business partners and teams.
- Review and assign engagements for the Third Party Security team that are requested within our contracts management tool. Manage the workload of the security assessment team, ensuring it’s evenly distributed and aligned to the skill set of each assessor.
- Manage tools used by the Third Party Security team to ensure they are effective and well documented. When needed, drive acquiring new tooling to support the team.
- Drive and support the Third Party Security assessment process for CZI Third Parties through review of requirements, communication, evidence collection, remediation and industry standard methodologies.
- Create, maintain and update team documentation policies, procedures, controls, and guidance.
- Eagerly contribute to the team and organizational operations, including tackling special projects and helping out with other functions, as necessary and time permitting.
- Participate in on-call rotations as part of the Information Security team.
- 2 to 5+ years of related experience in Privacy, Security, Risk Management or IT Security roles.
- Experience evaluating third party security programs, documentation and assisting with security contract terms.
- Strong written and verbal presentation skills, in particular communicating technical concepts between audiences of varying backgrounds.
- Strong analytical, organizational and decision-making skills.
- Familiarity with cybersecurity frameworks and concepts.
- Strong leadership skills with demonstrated ability to lead via influence in cross-functional and all types of environments.
- Demonstrated willingness to achieve the team's end goals.
- Desire to stay current on relevant security trends, issues and standard methodologies.