The Information Security Manager performs two core security functions first is establishing an enterprise security approach through policy, architecture, and training processes and second is to identify, manage, and report on organization’s regulatory, legislative, and contractual cyber security compliance requirements. Facilitate to monitor, coordinate, and implement policies, standards, procedures, controls, and guidelines to support cyber security, compliance, and audit requirements in partnership with key business stakeholders.
The IT Security Manager is expected to interface with peers in the global IT department as well as with the leaders of the business units to both share the organization cyber security vision with those individuals and to solicit their involvement in achieving higher levels of enterprise security through information sharing and co-operation.
The Information Security Manager is expected to direct the enterprise’s security goals as established by its stated policies, procedures, and guidelines and to actively work towards upholding those goals.
ChildFund International is committed to a workplace culture that promotes diversity, equity, and inclusion in all its forms. Furthermore, ChildFund International is committed to ensuring a workplace that safeguards and protects all children, including preventing their sexual exploitation and abuse, as well as preventing the sexual exploitation and abuse of its staff, partners, and program participants.
- Manage the enterprise’s security architecture design.
- Manage the enterprise’s security awareness training program.
- Manage the enterprise’s security documents (policies, standards, baselines, guidelines, and procedures).
- Manage the enterprise’s Business Continuity Plan and Disaster Recovery Plan, to respond to a cyber incident.
- Maintain up-to-date knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes and the development of new attacks and threat vectors.
- Ensure the confidentiality, integrity and availability of the data residing on or transmitted to/from/through enterprise workstations, servers, applications, databased both hosted on premise and in the cloud.
- Lead the technical actions to an Incident Response and act as first point of contact for all information security related activities.
- Select and acquire additional security solutions or enhancements to existing security solutions to improve overall enterprise security as per the enterprise’s existing procurement processes.
- Oversee the deployment, integration, and initial configuration of all new security solutions and of any enhancements to existing security solutions in accordance with industry leading practices.
- Develop and communicate security strategies and plans to the Executive Team, staff, partners, customers, and stakeholders.
- Working with Business teams to develop the organizational segregation requirements for roles for various Line of Business applications.
- Manage all Information Security related vendors, outsourcers, and contractors to obtain protection services and products.
*EDUCATION and QUALIFICATION *
- College diploma or university degree in the field of computer science.
- 2 plus years of relevant experience as Information Security Manager.
- 5 plus years of experience working in Information Security.
- ISACA Certified Information Security Manager certification is preferred.
- Knowledge of standard concepts, practices, and procedures in cyber security.
- A strong working knowledge of Windows technology stack including windows server, Active Directory, email, and SharePoint is required.
- A working knowledge of Cisco Systems products, VMWare, SAN storage and Cloud environments is a plus.
- Experience with PCI DSS.
- Experience with security monitoring tools.
- Must have strong inter-personal skills and the ability to train and share knowledge.
- Spanish and/or French as a second language will be a plus.
- Some travel may be required.
- Must be able to work after hours and weekends as required.
- Results oriented, high energy, and self-motivated.
- Proven analytical and problem-solving abilities.
- Ability to effectively prioritize and execute tasks in a high-pressure environment.
- Good written, oral, and interpersonal communication skills.
- Ability to conduct research into IT security issues and products as required.
- Ability to present ideas in business-friendly and user-friendly language.
- Highly self-motivated and directed.
- Keen attention to detail.
- Team-oriented and skilled in working within a collaborative environment.
Required/Desired Foreign Language
- The Knowledge of Spanish, French or Portuguese will be an added advantage to this position.
- This position will require occasional travel of up to 10%, including to resource poor international locations.
Key Working Relationships:
Supervisory: 1to 2-member security team
Internal: Members of the Global IT Department, ChildFund Senior Managers, Directors and Executives, and owners of ChildFund business systems.
External: NetHope and IT leaders of other NGO’s and consortiums focused on use of IT in the Child Development.