Summary
Date Posted: Tuesday, May 30 2023, Base Salary: Not Disclosed

JOB DETAILS:

Location: Country office Kigali - depending on the size of the country office also
Transnational.

Fixed Term: 24 months (renewable upon review)

Position: one (1)

A. Background
To enable the worldwide protection of all critical information processed by the GIZ, the establishment of an Information Security Management System (ISMS) and therefore Information Security Officers in the field structure are indispensable. Through the company-wide international standard ISO/IEC 27001 certification of information security management (ISO27001), the GIZ targets a wide variety of permanent restructuring-processes, all of them requiring experts to coordinate and maintain these changes. While the company-wide coordination lies with the Chief Information Security Officer (CISO) and his/her Information Security Management Team (ISMT) located at the headquarters, the extensive local establishment and continuous operation of information security needs the support of a new local role, which works closely together with already existing local roles such as IT-Professionals and Digital Partners (DIPAs). Concerning existing roles, it is important to note that Information Security Officers cannot be at the same time IT-Professionals due to conflicts of interests.
The goal of Information Security Officer is to be a central single point of contact (SPoC) for organizational overview and control as well as professional knowledge concerning information security in the country office. As information technology (IT) has a big role in information security, IT-specific knowledge and/or close cooperation with technical roles is also an expected area of expertise. For the implementation of information security and the ISO27001-certification, the Information Security Officer is expected to work within the existing management organization of local offices while initiating and controlling relevant processes.

The security risk management Advisor performs the following responsibilities and tasks:
B. Contents and Tasks
Initial tasks
In the initial phase of implementation, the establishment of a local information security management is focused. To successfully do this, the Information Security Officer establishes and later manages the security incident process, supports/accompanies the Audit Management process (including the local coordination of “penetration testing”) and ensures that a functioning vulnerability management is in place. As the local representation of the information security organization and thus the Information Security Management System (ISMS), the Information Security Officer acts as Single Point of Contact (SPoC) for information security. He also is the SPoC for projects and contact for all topics concerning information security.
The Information Security Officer ensures through a structural analysis (asset recording) an up-to-date and complete asset inventory (in cooperation with asset owners). Towards Headquarters, specifically towards the CISO, he/she provides structured reporting to the CISO. The Information Security Officer is responsible for recording the current status of information security, which includes the mentioned assets.
The Information Security Officer establishes the local InfoSec Risk Management (IRM) and accompanying risk register which is implemented through identification of risks with asset owners, risk assessment with risk owner involvement, risk treatment management and further connected tasks.

Continuous Operation and Updates
After the initial establishment, the Information Security Officer is responsible for elaborating, reviewing, and updating the local security concept, the coordination and implementation of measures, guidelines/concepts as well as the adaptation of guidelines/concepts to local conditions.
Concerning the information security awareness among employees, the Information Security Officer coordinates existing awareness measures and is to a limited extend personally responsible for the awareness/training efforts.
He/She is further responsible for the control of the effectiveness of security measures, for revisions and audits and for ensuring the investigation of security-related incidents & coordination of their reporting (reporting system). As representative of the Information Security Management System Team (ISMS Team) the Information Security Officer (ISO) also has the permanent task of reporting to the CISO and supply necessary information for the management report of the CISO.
For the local offices, the Information Security Officer provides continuous consulting on information security topics and the constant operation of risk management and level estimation of information protection requirements.

C. Profile and Abilities
The Information Security Officer is responsible for all information security issues in the country office. He/She should have the following competencies and capabilities or should be able to acquire them within a reasonable period of time:
• Knowledge and experience in information security
• Basic knowledge of actual Microsoft Software and Services ecosystem
• Methodological competence in: ISO/IEC 27001, risk management, vulnerability management, audit
• Has overview of tasks and objectives of the institution and can evaluate and classify them with respect to information security
• Ability to "think inside" organizational structures and processes
• Ability to work independently
• Ability to adapt, communicate and implement key requirements
• Communication skills
• Comprehensive and factual reporting
• Handling of objections
• Mastery of facilitation and auditing techniques
• Managing conflicts
• Persuasion skills
• Social competence
• Quick comprehension
• Analytical skills
• Perseverance
• Professional and personal maturity
• Willingness for further training
• Ability to communicate
• Conscientiousness
• Credibility
• Ability to cooperate and work in a team
• Objectivity, especially when dealing with sensitive issues
• Self-confidence
• Independence
• Un-influenceability and impartiality,
• Unconditional discretion,
• Incorruptibility,
• Ability to argue on the basis of objective evidence
• Language
• High proficiency in English

Education Requirement: No Requirements

Job Experience: No Requirements

Work Hours: 8

Experience in Months:

Level of Education:

Job application procedure
Interested candidates should submit their application (motivation letter, updated CV, certificates and references) until 12th June 2023 by e-mail to recruitment-rw@giz.de . All attachments should be put together in one PDF file not larger than 2 MB. Please quote the job title in the subject.

Only shortlisted candidates will be contacted for test and interview.
GIZ Office Rwanda
KN 41 St. / Nr.17, Kiyovu
P.O. Box 59, Kigali,
Rwanda
GIZ reserves all rights!

All Jobs

QUICK ALERT SUBSCRIPTION