The International Rescue Committee (IRC) responds to the world's worst humanitarian crises and helps people to survive and rebuild their lives. Founded in 1933 at the request of Albert Einstein, the IRC offers lifesaving care and life-changing assistance to refugees forced to flee from war or disaster. At work today in over 40 countries and in 22 US cities, the IRC restores safety, dignity and hope to millions who are uprooted and struggling to endure. The IRC leads the way from harm to home.
The IRC has defined a new strategic mission and vision, along with initiatives and key processes that will deliver to the strategic objectives. The Information Technology department supports the organization's work by providing reliable and scalable application development and infrastructure for the IRC's offices in the US and around the world, including many technologically challenging locations.
Job Overview/Summary: The Senior Information Security Officer (ISO) ensures that IRC Information Resources are secured in accordance with IRC Policy and appropriate regulations and data protection risks in the field are managed The scope of this role is global, and the ISO must be able to fill in for the CISO periodically. Policy is based on ISO 27002 and compliance requirements include PCI DSS Compliance (IRC does not store card holder data), GDPR, as well as various contractual obligations. This is a global leadership role and is a vital team member responsible for keeping our company, donor and beneficiary's data safe. This role must possess the gravitas to interact with all levels of the organization to drive change and advise on risk as well as the technical underpinnings to work with and design, implement and operate cyber security, privacy and compliance technologies.
Leadership, Risk Management & Advisory
Policy Compliance and Reporting
Key Working Relationships:
Position Reports to: Chief Information Security Officer (CISO)
Position directly supervises: NA
Indirect Reporting: US, regional and country program leadership
Other Internal and/or external contacts:
Internal: GIS Steering Committee, IRC leadership and line staff across regions, NYHQ and Nairobi iHub, IPD, UPS, Ethics and Compliance. Significant internal client includes IPD and USP.
External: Legal, industry/sector leadership and vendors. Law enforcement if needed for incident response.
The requirements should establish a baseline (minimum) for educational background, previous work experience, professional knowledge or certification, specific skills and strengths and any other skill necessary to perform the essential functions of the job.
Education: Bachelor's degree in an information systems-related field required. Master's preferred.
Work Experience: 7 years in information technology demonstrating career progression; 5-10 years in Information Security
Demonstrated Skills and Competencies: proven leadership capabilities across all levels of an organization, proven risk assessment security program management. Working security knowledge, sufficient to engage senior technologists in areas including: AD, firewall / network, endpoint security (such as Airwatch, Sophos, etc.) cloud operations (Azure, AWS), single sign on (OneLogin) Excellent oral and written communication sufficient for executive level presentation. Background in PCI DSS compliance program management. Demonstrated proficiency with legal and compliance concerns and regulations and frameworks such as ISO 27001/2, GDPR, NIST 800-53r5, FEDRAMP, NIST CSF.
Language Skills: English required; French and Arabic a plus
Certificates or Licenses: CISA, CISSP, CISM or like certifications which support adequate aptitude; CISSP strongly preferred.
Please be sure to indicate that you saw this position on Globaljobs.org