Job and Volunteer Postings

Request for Proposals: Digital security assessment and action plan

Astraea Foundation is seeking a consultant partner who will work with us in a holistic process to conduct a comprehensive assessment of our digital security; make recommendations based on the latest industry standards for tools, protocols, policies that we should implement; and guide us in implementing them.  

Organizational profile

Astraea is the only philanthropic organization working exclusively to advance LGBTQI human rights around the globe. We are a multi-gendered, multi-racial, multi-identity organization that grew from a lesbian feminist vision and a long-standing commitment to all forms of justice. We support brilliant and brave grassroots partners in the United States (US) and internationally who challenge oppression and seed change, working for racial, economic, social and gender justice because we all deserve to live our lives freely, without fear and with dignity.

For nearly 40 years, Astraea has provided critical strategic resources to LGBTQI social justice organizations around the world. Since our inception in 1977,  we have granted over $31 million via nearly 4500 grants to 1800 grantee partners in 96 countries. We recognize that the issues faced by LGBTQI people are not exclusively based on sexism, queerphobia or transphobia - our communities face cumulative forms of discrimination based on multiple identities and systemic inequalities. Accordingly, we take a strong intersectional approach in all our work, prioritizing racial and economic justice alongside gender justice. We strive to address the root causes of oppression and shift traditional dynamics to build the power of under-represented LGBTQI communities - especially trans, intersex and gender nonconforming people, women, youth and people of color. Our on-the-ground connections and partnerships give us a deep understanding of what it takes to make grassroots change happen, and a clear picture of the kinds of resources and work needed to support this change. Accordingly, Astraea fuels LGBTQI movements through four strategies: grantmaking, capacity building and leadership development, philanthropic advocacy, and media and communications.

Overview of security considerations

People

  • Astraea has around 30 staff members, two-thirds are based in not-shared NYC office and one-third work remotely around world (California, London, Malta, Jamaica)

  • Astraea has a number of teams and initiatives that work with partners in a variety of contexts, some of which may be high-risk for the partners

  • As part of Astraea’s mission we seek to maintain the trust of our partners by protecting them in their work and ensuring our practices match their security needs

  • Astraea contracts with a third-party IT provider

Beyond the office

  • All staff use work-provided laptops and personal phones for work

  • Work devices are not yet standardized in terms of operating system and baseline configuration

  • Several Astraea staff regularly travel & work internationally

Concerns

We are looking for security practices and policies that will (as much as possible) protect us from:

  • Compromise of grantee-Astraea communications

  • Compromise of stored grantee information

  • Publicizing of funding of grantees by Astraea (due to local laws)

  • Security risks with grantee convenings and staff/consultant travel

We want to strengthen our protocols and practices used in our grantmaking across all countries, as well as develop and implement appropriate protocols and practices for higher-risk countries.

We need to look comprehensively at the software and hardware components of our office, including our in-office desktop computers and servers; laptops; individual staff members’ phone and personal computers.

Deliverables

1. A comprehensive assessment of our current digital security infrastructure and practices.

2. Recommendations for tools as well as protocols/policies to protect our communications across all devices, including but not limited to the following:

  • Account access security for shared collaboration tools such as G Suite

  • File encryption practices such as VeraCrypt

  • Improved grant management practices using GIFTS Online

  • Enumerating and implementing baseline organizational security policies

3. Regular collaboration with Astraea Foundation’s team and their third-party IT provider to help guide the development of clear, easily accessible general written policies and procedures for information technology.

4.  Staff training to implement the protocols established through this process

Process

Please to submit proposals to Susan Neiman (sneiman@astraeafoundation.org) by April 17, 2017.

Proposals should include:

  • Your methodology and approach to this project

  • Timeframe

  • Costs

  • What information you need from the Astraea Foundation

  • How you will work with the Astraea Foundation’s 3rd-party IT provider, including Anticipated frequency of calls or meetings

  • Two or three references

If desired, we can set up a call to answer further questions to help you prepare your proposal. Please contact Susan Neiman at the above address if you wish to do so.