Job Posting: Information Security Associate

Apr 13, 20210 comments

United for Iran (U4I) is a nonprofit based in the San Francisco Bay Area working to advance civil liberties in Iran by advocating for human rights, supporting civil society, and engaging citizens through technology. Two of our longest running projects are the Iran Prison Atlas (IPA) and IranCubator. IPA is a dynamic database that tracks and publicizes the prosecution and imprisonment of Iran’s political prisoners. IranCubator is a technology incubator that supports the development of secure mobile applications that protect and empower persecuted populations inside Iran. In 2017 and 2018, IranCubator supported the creation of mobile apps that directly empower Iranian citizens to connect, organize and disseminate critical information. Learn more at


Job Description

The Information Security Associate is a part-time position and will be responsible for auditing, reviewing, developing and implementing data security policies, procedures, design and architecture to safeguard company information. The Information Security Associate will join U4I’s Operations Team, reporting directly to and working closely with the Operations Director. The Information Security Associate will assist the Operations and Programs teams in making important security-related decisions, as well as the development and implementation of data security policies and procedures. This is an exciting opportunity for an energetic professional to join a growing organization and redefine the story of human rights and technology in Iran. Candidates in the Bay Area are strongly preferred, with exceptional remote candidates considered. All work will be conducted remotely during the COVID-19 pandemic.

Job Responsibilities

The Information Security Associate will be responsible for daily security support for U4I, including, but not limited to:

Vulnerability Management

  • Performing internal audits with U4I staff and contractors to test their devices for compliance with the U4I’s security policy and information security practices.
  • Meeting the emerging security needs of the organization, its staff, contractors and stakeholders.
  • Preparing a report on non-compliance issues and fixing devices back into compliance.
  • Participate in rapid-response situations, facilitating a timely response to protect U4I’s network.

Internal Systems Auditing, Reporting and Documenting

  • Comprehensive review of internal systems access management, ensuring compliance with Need-to-Know (NTK) principles
  • Participate in the account access review process and provide access to staff, contractors and other stakeholders.

Security Awareness Training and Promotion

  • Creating security checklists in English and Persian, based on U4I’s security policy and keeping the checklist regularly updated based on changing needs
  • Review security awareness training modules and provide suggestions for new modules and feedback on training campaign performance
  • Preparing security awareness snippets based on receiving reports from U4I’s partners and the field experts on emerging risks

Job Qualifications

The ideal Information Security candidate will have the following qualifications:

  • 1+ years relevant work experience in field such as Information Security, Computer Science, Information Systems, or equivalent work experience;
  • Basic understanding of IT risk, information security fundamentals, defense-in-depth practices, IT risk assessment fundamentals, and risk management practices;
  • Superb communication and interpersonal skills;
  • Multicultural competence in working with diverse staff;
  • Excellent time management and problem solving skills;
  • A strong commitment to social change and access to technology;
  • Strong attention to detail and well-organized;
  • Ability to work in a fast-paced environment with shifting priorities.
  • Bilingual in English and Persian is required.

Optional Bonus Qualifications

  • Working knowledge of human rights and a basic understanding of the complexities of Iranian politics and policy, Iran-US, or Iran-EU relations
  • Certified Information System Security Professional (CISSP) or Certified in Risk and Information Systems Control (CRISC) certifications preferred


Salary and Benefits

The base salary for this 50% FTE position is $26,000-$30,000 a year. U4I staff enjoy generous benefits including unlimited paid time off and parental-leave, teleworking options, and flexible schedules, all while taking pride in meaningful work with a critical social mission.

How to Apply

Please send your resume and answers to the questions below to

  • Why are you applying for this job? (word limit 250 words)
  • How are you qualified for this job? What is your information security, computer science, information systems, or other experience as related to this job? (word limit 500 words)

A cover letter is not required. Applications will be accepted on a rolling basis.


U4I values diversity and provides equal opportunities to all people or entities submitting their qualifications without regard to race, color, religion, sex, national origin, age, disability, or genetics. People of color, LGBTQI individuals, and women are strongly encouraged to apply.