Senior Director - Information Technology & Digital Security

Job Title: Senior Director - Information Technology & Digital Security

Department: Technology & Digital Security

Job Band: Leadership

Salary Range: $174,832 - $196,686 (or market equivalent if hired outside of the US)

Office Location: New York, NY or Remote

Workspace Designation: Hybrid-Optional, Remote

Reports to Title: Chief Operations Officer

FLSA Status: Exempt

Union Represented: No

Closing Date: June 3rd, 2026

Organization Overview:

Founded in 1981, the Committee to Protect Journalists (“CPJ”) is an independent, non-profit organization defending journalists worldwide without regard to their political ideology. Through its work to safeguard journalists, CPJ protects the rights of all people to have access to diverse and independent sources of information. For over four decades, CPJ has helped win the early release of imprisoned journalists, secure convictions in journalist murders, and enable legal reform in countries where free expression has deteriorated. CPJ’s widely cited database and reports have raised global awareness of attacks on press freedom. Learn more about CPJ’s fight to defend freedom of the press here http://cpj.org

At CPJ, we are dedicated to upholding values of equity and free expression in both our internal operations and external endeavors. As a global organization headquartered in the United States, we aspire to build a diverse workplace and foster an inclusive and welcoming environment. We strive for our people to be representative of the global community on which we report and to equip them with the opportunities and resources they need to learn and succeed.

Job Summary:

CPJ is hiring a Senior Director - Information Technology & Digital Security to provide strategic leadership across the organization’s technology infrastructure, data governance, and information security functions. This role will be responsible for developing and executing a unified strategy that safeguards sensitive information, strengthens operational resilience, and supports CPJ’s global mission to defend press freedom.

The Senior Director will oversee core systems and platforms, establish and enforce organization-wide standards, guide data architecture and lifecycle management, and provide unified technology and security leadership across CPJ’s distributed, global operating model. Working closely with CPJ leadership and regional teams, this role will oversee vendor relationships and ensure that systems, controls, and governance structures support the organization’s long-term effectiveness and duty of care to staff and the journalists it serves.

Near-term priorities include evaluating CPJ's core technology platforms against security and operational needs, driving the implementation of CPJ's data governance and retention frameworks, and strengthening the organization's digital security and safety function. This role is also responsible for establishing the governance structures, standards, and organizational culture that will reduce risk to CPJ's staff, the journalists it serves, and the integrity of its work.

Essential Job Duties and Responsibilities:

Technology Strategy and IT Operations Oversight

• Set and drive an enterprise technology strategy aligned with CPJ’s mission and global operating model.
• Lead a comprehensive evaluation of CPJ's current technology platforms, including core infrastructure, collaboration platforms, CRM systems, and broader SaaS ecosystem, assessing them against security, operational, and organizational needs, and implementing recommendations for consolidation, migration, or improvement
• Establish and enforce organization-wide technology standards across regions and departments.
• Establish and enforce identity and access management standards, including onboarding and offboarding protocols, to ensure appropriate access to systems and data throughout the staff lifecycle.
• Lead vendor strategy and performance oversight, including managed IT service providers and key platform partners.
• Direct system selection, approval processes, and portfolio management to ensure alignment with security, compliance, and operational priorities.
• Establish lifecycle management practices, including regular system review, modernization, and decommissioning.
• Ensure operational resilience and identify and mitigate single points of failure by formalizing documentation, ownership, and continuity planning across critical systems.
• Provide day‑to‑day leadership and supervision to staff, including setting clear expectations, delegating work, monitoring performance, coaching and developing team members, conducting evaluations, addressing performance or conduct issues, supporting hiring and onboarding, and fostering an inclusive, accountable, and high‑performing team culture.

Data Governance and Architecture Oversight

• Lead CPJ’s organization-wide data governance strategy and framework.
• Define and ensure standards for data quality, classification, access control, retention, and stewardship.
• Oversee data architecture across structured and unstructured systems
• Provide strategic oversight of our Salesforce-based CARTA data system and related data systems, working closely with the internal team and consultants who lead day-to-day development.
• Establish and operationalize lifecycle management processes for data retention, archiving, and system retirement.
• Ensure the integrity, consistency, and reliability of data used in reporting, advocacy, and public outputs.
• Clarify and formalize data stewardship roles and decision rights across departments and regions.

Information Security and Risk Management Oversight

• Develop and implement an organization-wide information security strategy aligned with CPJ’s global profile and operating environment.
• Establish and ensure baseline technical and procedural controls across systems and regions.
• Design, maintain and oversee formal incident response and escalation pathways for information security events.
• Establish mechanisms to measure compliance with security standards and ensure timely resolution of identified gaps.
• Leverage security reporting and risk indicators to inform policy, strengthen controls, and guide organizational decision-making.
• Integrate security considerations into procurement, vendor selection, and technology adoption processes.
• Conduct periodic risk assessments and maturity reviews to strengthen organizational resilience.
• Ensure policies and controls account for jurisdictional, legal, and hosting risks relevant to CPJ’s operations.

Digital Safety and Duty-of-Care Oversight

• Own and strengthen CPJ's digital safety function, ensuring it is consistently applied and integrated into the organization's broader security architecture.
• Develop systematic digital safety onboarding for all staff, ensuring baseline practices are established from day one.
• Design and implement training frameworks appropriate to the different risk profiles across CPJ's global workforce.
• Proactively assess the digital threat landscape affecting CPJ staff, particularly those in higher-risk regions, and adjust safety standards and practices accordingly.
• Establish and enforce baseline device and communications security standards, including secure device configuration, VPN usage, and encrypted communications protocols.
• Provide direct advisory support to staff traveling or operating in higher-risk environments.
• Establish clear reporting and escalation pathways for information security events, including device compromise, account breach, or suspected surveillance.
• Ensure CPJ has a defined organizational response to digital harassment targeting staff, including clear escalation pathways, support mechanisms, and coordination with relevant external partners.
• Partner with regional leadership to ensure digital safety standards reflect the operational realities of teams working in diverse, sometimes high-risk contexts.
• Perform all other duties as assigned.

Qualifications & Competencies:

Required:

• Minimum 10 years of progressive management and leadership experience in technology, data governance, and/or information security roles. Ideally, in a nonprofit, press freedom media, or human rights context.
• Demonstrated experience developing and leading enterprise-wide technology or information security strategy within a distributed or multi-regional organization.
• Experience managing outsourced IT providers and complex SaaS ecosystems.
• Strong understanding of cloud-based infrastructure, identity and access management, endpoint security, and enterprise collaboration platforms.
• Experience working with enterprise CRM or structured data platforms (e.g., Salesforce or comparable systems) in a governance or oversight capacity.
• Experience with organization-wide data governance policies, including data classification, access controls, retention standards, and stewardship models.
• Understanding of data architecture principles, system integration, and information lifecycle management.
• Ability to interpret data models, architecture diagrams, and governance documentation to assess areas of integrity, risk, and compliance.
• Experience developing and implementing information security programs, including incident response frameworks and compliance mechanisms.
• Familiarity with risk assessment methodologies for mission-driven or international organizations.
• Understanding of cross-border data storage considerations, jurisdictional exposure, and privacy implications in international operations.
• Experience translating technical risk into clear decision-making and organizational policy.
• Demonstrated ability to balance security, usability, and operational realities in complex operating environments.
• Ability to lead complex, matrix-managed teams, set standards and ensure adoption across decentralized teams and regions.
• Experience working across cultures, time zones, and international contexts.
• Ability to work with compassion and professionalism, maintaining confidentiality and trust.
• Proactive approach to work, with experience working independently.
• Strong communication and interpersonal skills.
• Ability to work with a high degree of confidentiality.
• Ability to work calmly and professionally in high-pressure situations, when rapid response is sometimes required.
• Excellent written communication skills.
• Fluency in English.

Preferred:

• Fluency in additional language(s).
• Experience in international human rights, press freedom, journalism, or nonprofit organizations.
• Experience engaging stakeholders in national and international forums.
• Experience supporting teams operating in higher-risk or restrictive environments.
• Experience integrating security reporting and operational risk indicators into decision-making processes.
• A professional certification in information security, governance, or risk management (e.g., CISSP, CISM, CISA, or equivalent).

Additional Manager Qualifications, Characteristics, and Competencies:

• Leadership qualities: Demonstrates clear leadership within the organization, representing the organization as a whole both externally and internally, and able to set and deliver strategy for the benefit of the entire organization and the organization’s mission.
• Collaborative: Shows cooperation and teamwork while participating in a group; demonstrates respect for the opinions of others; identifies and pushes for solutions in which all parties can benefit; helps and supports fellow employees in their work to contribute to overall CPJ success; keeps people informed and up-to-date; shares information and own expertise with others to enable them to accomplish group goals.
• Composed: Poised in the face of setbacks or crises. A thoughtful communicator. Offers constructive solutions to organizational challenges.
• Competent decision maker: Ability and confidence to vary between being flexible and holding firm on a decision, depending on what the situation requires.
• Strategic thinker: Formulates objectives and priorities, and implements plans consistent with the long-term interests of the organization locally and in a global environment; capitalizes on opportunities and manages risks.
• Interpersonal skills: Ability to work effectively with different people and teams of people by putting others at ease; treats others with courtesy, sensitivity, and respect; considers and appropriately responds to the needs and feelings of different people in different situations.
• Problem solving: Identifies and analyzes problems; weighs relevance and accuracy of situations.

Physical Requirements:

This position’s physical demands reflect work in a typical office setting. Reasonable accommodations may be made to enable individuals with disabilities to perform essential functions.

Work Location:

This position is open to candidates within the United States or those located within the Western European time zones, and is classified as remote, or hybrid-optional. Availability to work and attend meetings on the US Eastern time zone and to travel to New York for meetings as needed is required.

We promote a flexible working environment with hybrid and flexible work schedule opportunities. Our office is located in New York City office in midtown Manhattan, and was designed to be a place where we can work effectively and collaboratively, bringing energy, inspiration, commitment, and deep learning to our mission. Staff hired in the commutable NYC area are welcome and encouraged to use the CPJ office.

Benefits:

Benefit packages are specific to the hiring location. More specific information will be provided as part of the interview process. If this position is hired outside of the United States, it will ultimately be managed by an Employer of Record (EOR) firm that is engaged by CPJ for the purpose of employing international staff. Benefits will be consistent with those typically offered by the EOR firm in the country of hire.

Equal Employment Opportunity:

CPJ provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type based on race, color, religion, sex (including pregnancy, gender identity, and sexual orientation), parental status, national origin, age, disability, genetic information (including family medical history), political affiliation, military service, or other non-merit-based factors.