Evergreen Goodwill of Northwest Washington is hiring: Cybersecurity & Compliance

About Evergreen Goodwill

Evergreen Goodwill of Northwest Washington is a 501(c)(3) nonprofit organization founded in 1923 that helps people get jobs across Northwest Washington by offering high-quality free job training, education and job placement. Goodwill empowers individuals to overcome barriers to working, by providing comprehensive support and connecting them with life changing job opportunities, ensuring they are career-ready and can support themselves and their families.

The organization employs over 2,000 people, operates five job-training centers, 23 nonprofit retail stores and more than 27 donation sites in King, Snohomish, Skagit, Whatcom and Kitsap Counties. We are committed to creating and sustaining a culture of equity, diversity and inclusion (DEI) and are focused on creating a joyful, inclusive and successful organization.

Position Overview

Title: Cybersecurity & Compliance Manager

Department: IT (Information Technology)

Location: Admin Bldg (Hybrid: 3 days/week in Office)

Reports to: Sr Manager, IT Services

Supervises: Cybersecurity & Compliance Engineer; Security Analysts

Salary Range: $110,000–$130,000/year

Pay Type: Salary Exempt (Paid Bi-Weekly)

Essential Duties and Responsibilities

• Cybersecurity Program Leadership: Develop and implement comprehensive cybersecurity strategy aligned with EGNW's risk tolerance and operational requirements; establish and maintain cybersecurity policies, procedures, and standards across all locations and systems; lead cybersecurity risk assessments and vulnerability management programs; design and oversee incident response procedures and coordinate breach response activities; manage cybersecurity budget, vendor relationships, and technology investments.
• Compliance & Risk Management: Ensure compliance with PCI DSS (payment processing), SOX controls, and nonprofit data protection requirements; implement and maintain security frameworks (NIST CSF, CIS Controls); conduct regular security audits and assessments across retail, warehouse, and administrative environments; manage third-party security assessments and vendor risk evaluations; coordinate with legal and executive teams on regulatory compliance and reporting.
• Security Technology Management: Oversee security technology stack including firewalls, endpoint protection, SIEM, backup systems, and monitoring tools; manage identity and access management systems for 2,000+ employees; design and implement security controls for cloud environments (Azure, Microsoft 365, D365); evaluate, select, and implement new security technologies and ensure integration with IT infrastructure and business applications.
• Team Leadership & Development: Develop security training programs for IT staff and end users; build cybersecurity awareness programs for retail, warehouse, and administrative staff; coordinate with HR on security-related hiring, onboarding, and termination procedures; foster a culture of security awareness and responsibility.
• Strategic Security Integration: Partner with IT leadership on security considerations for digital transformation; provide security guidance for production automation, AI implementation, and new technology rollouts; ensure security requirements are integrated into retail POS systems, warehouse management, and e-commerce platforms; support business continuity planning and disaster recovery; collaborate with facilities and operations on physical security integration.
• Monitoring & Incident Response: Establish and maintain 24/7 security monitoring and alerting; lead incident response team and coordinate responses to security events; conduct post-incident analysis and implement lessons learned; maintain relationships with external security resources and law enforcement; ensure timely communication of security issues to executive leadership and stakeholders.

Position Requirements

Education

• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related field
• Advanced degree (MBA, MS in Cybersecurity) preferred
• Industry certifications required: CISSP, CISM, or CISA
• Additional certifications preferred: Security+, GCIH, GSEC, or equivalent

Experience

• 7+ years of progressive experience in cybersecurity, with at least 3 years in management roles
• Experience managing cybersecurity programs in multi-location retail or nonprofit environments
• Proven track record implementing security frameworks and compliance programs
• Experience with incident response, forensics, and breach management
• Background in risk assessment, vulnerability management, and security auditing
• Experience managing cybersecurity budgets and vendor relationships

Technical Expertise

• Security Frameworks: NIST CSF, CIS Controls, ISO 27001/27002
• Compliance Standards: PCI DSS, SOX, GDPR, nonprofit regulatory requirements
• Security Technologies: SIEM, endpoint protection, firewalls, intrusion detection, vulnerability scanners
• Cloud Security: Microsoft Azure security, Office 365 security, hybrid cloud architectures
• Identity Management: Active Directory, Azure AD, identity governance, privileged access management
• Network Security: Network architecture, segmentation, wireless security, remote access

Leadership & Business Skills

• Strong leadership and team development capabilities
• Excellent written and verbal communication skills for executive audiences
• Project management experience with multiple security initiatives
• Budget management and vendor negotiation experience
• Nonprofit operations and retail environment understanding
• Change management and security culture transformation
• Crisis management and decision-making under pressure

Physical Abilities

• Prolonged sitting and computer use; ability to communicate effectively; occasional travel to locations
• Vision requirements: close, distance, color, peripheral, depth perception
• Must be able to communicate with individuals with limited English proficiency; reliable attendance
• Availability for after-hours incident response and emergency security situations

Work Environment

• Exposure to computer screens and security monitoring systems
• Moderate noise level; hybrid schedule with at least 3 days/week in office
• Work typically in climate-controlled office or remote settings; occasional site visits
• On-call responsibilities for security incidents

EEO Statement

Evergreen Goodwill of Northwest Washington is an Equal Opportunity Employer. We do not discriminate on the basis of race, color, religion, creed, sex, national origin, age, disability, marital status, citizenship, military status, sexual orientation, gender identity, genetic information, veteran status, or other protected characteristics in accordance with applicable law. This policy applies to all aspects of employment, including hiring, compensation, benefits, and termination.