Information Security Officer
Would you like a challenging, exhilarating and rewarding job that makes the world a better place because of something you do every day? Would you be passionate about helping the world’s most vulnerable populations by safeguarding sensitive information and systems? Do you thrive working hands on with enterprise class technologies and strive to solve complex business issues across a global workforce?
If so, we are hoping you will join us. We are looking for an Information Security Officer (ISO) to lead IT security strategy, operations and compliance that measurably strengthens the IRC’s security. The ideal candidate is a proven IT security technologist, critical thinker, and people motivator who excels at customer engagement. The ISO collaborates closely with Enterprise ERP and core IT functions: infrastructure (network, servers, databases, cloud) and applications.
Responsibilities include but are not limited to:
Leadership, Risk Management & Advisory
- Serves as a trusted advisor to IRC leadership in technical security, risk management, and policy; provides advisory services and oversees ongoing risk identification, remediation and compliance.
- Builds a cross company team of information security focal points to develop and implement policy.
- Foster a culture of clarity, accountability and continuous improvement.
Enterprise IT Security Architecture
- Assesses current state of IT security architecture (i.e. Azure AD, D365, Fastpath, Office 365 (E3), Qualys, SQL, Box, Proofpoint, Sophos, Meraki, etc.), defines near term and target state and implementation road map significant emphasis on organizational change management as appropriate.
- Assesses environment for SIEM requirements, makes recommendations, and implements as appropriate. .
IT Security Systems Engineering and Operations
- Leads implementation of technologies and processes to obtain measurable improvement of security posture.
- Daily monitoring & management of all IT security systems and Integra; leads incident response, including investigation, response, & resolution; leads vulnerability assessment of network perimeter & web applications.
- Leads development and implementation of an IT Business Continuity and Disaster Recovery plan / SOPs.
- Ensures security technologies deployed are migrated into an operational status with appropriate ownership;
- Ensures KPIs are accurate, complete and reported on time.
Policy, Technical IT Standards and Compliance
- Drives ongoing enterprise policy development and maintenance; ensures policy complies with industry standards and regulations such as GDPR, DFID and NIST.
- Further develops and automates compliance and reporting function; conducts IT security audits.
Education, Training and Tools
- Collaborates with partners to implement an innovative and frictionless cybersecurity training and awareness program to educate employees at all levels to prevent security mishaps.
- Ensures the intranet site and LMS is up to date with appropriate tools, course content and other methods to help our workforce understand and apply policy in a digestible manner.
- Executes projects on time and with high quality; reports and escalates to management as needed.
- Gathers requirements and defines projects according to IRC’s methodology
- Strong project management skills for engineering & deployment of IT security products or services in at least at a 5,000+ multinational organization; strong organizational change management skills to drive improvements.
- Proven hands on engineering, and implementation expertise of enterprise class security technologies including but not limited to IAM, SSO/SAML, Office 365 (E3) security and compliance, firewalls, PAM, network, VPN, DLP, encryption / key management, firewall, endpoint security, Azure / on prem AD, Powershell, ServiceNow, Nagios, Thycotic, endpoint security, cloud security (SaaS, IaaS), Windows OS, etc.
- Demonstrated experience with information security policy, compliance and educational programs.
- Demonstrated proficiency ISO 27001/2, NIST 800-53, GDPR, CIS Controls and major regulations such as GDPR.
- Demonstrated capacity to be a self-starter with limited reliance on direct supervision
- Excellent oral and written communication sufficient for executive level presentation.
Education: Bachelor’s degree in an information systems-related field required. Master’s preferred.
Work Experience: 5 years in IT engineering or operations demonstrating career progression; 3 years in IT security with solid experience in security policy, compliance or related.
Language Skills: English required; French and Arabic a plus
Certificates or Licenses: CISA, CRISC, CIPT, CIPM, CISSP, CISM or like certifications which support adequate aptitude
- Standard office working environment
- International travel up to 10%