Offerte di lavoro in remoto e a domicilio a geneva ∙ Pagina 1

Consultant Role

Part-time fixed-term appointment of 3 days per week

Duration : Two (2) years

Background

The Global Initiative Against Transnational Organized Crime (GI-TOC) is an independent civil society organization, headquartered in Geneva, Switzerland, with offices in Austria, South Africa, Colombia and Malta, and a globally dispersed Secretariat working in around 41 countries. GI-TOC comprises a network of more than 700 independent global and regional experts working on human rights, democracy, governance, and development issues where organized crime has become increasingly pertinent. GI-TOC provides a platform to promote greater debate and innovative approaches as the building blocks to an inclusive global strategy against organized crime. GI-TOC commissions and shares research globally; curates a robust resource library of 2,000 reports and tools specific to organized crime; and uses its convening power to unite both the private and public sectors against organized crime.

The GI-TOC works to:

• identify, analyse and map criminal trends and shifts in regional instability, and their impact on illicit flows, governance, development, security, conflict and the rule of law; and 
• connect and empower civil-society actors across the region who are looking at issues related to organized crime and corruption, and their links to instability and conflict, and
• support local stakeholders/actors in their monitoring of national dynamics and wider regional and international organized-crime and insecurity trends.

Job Summary

The Global Initiative is looking for a Digital Security Lead that will be responsible for overseeing the GI-TOC's approach to Information Security and Digital risk.  This is a new role which will drive and implement an information security framework at the GI-TOC, including designing governance and policies, implementing or procuring appropriate technical controls, and engaging across the organization. 

The Digital Security Lead will work under instruction of the Managing Director to implement safeguards and approaches that adopt good Information Security Practice in its systems and processes, and to drive a culture of appropriate data governance and risk-based practice in program work and teams, ultimately supporting to define and build a sustainable long-term approach to these areas and risks. 

The postholder will maintain (and communicate) an overarching assessment of the threat actors and threats that particularly affect GI’s work, an overarching Information Security and Incident Response Policy, and will maintain records of key data and information assets allowing the development of a ‘data-based’ approach to information risk. 

The postholder will implement a mixture of technical and policy controls, maturing GI’s approach to Information Risk and Data Governance.

Main responsibilities and specific tasks:

• Maintain a threat assessment rooted in GI’s work and programs, and communicate the key facets of this assessment to relevant stakeholders
• Based on this threat assessment, implement and operate an Information Security Management System (ISMS), reporting as relevant into GI’s management team
• Maintaining ‘scoring’ and an improvement backlog based on this ISMS and a Cyber Security Framework (CSF)
• Working with the management team to align investment and strategy with GI’s risk appetite, costing and funding constraints and priorities - aiming to right-size cybersecurity investment and obtain funding as needed for sustainable risk management
• Engaging with GI’s staff to drive a culture of risk and data-based practice, embedding appropriate cyber security skills, supporting effective governance across the organisation, and enabling researchers and program staff to respond as appropriate to suspected breaches or intrusion
• Designing and rolling out technical controls as needed based on GI’s budget and risk appetite, and overarching information security management system
• Handling and respond to suspected breaches, targeted attacks, or ‘incidents’, developing over time a more formal incident handling process
  

Key changes this postholder will drive in its first 12-24 months may include:

• Drafting and validating an overall strategy rooted in appropriate policies, frameworks, and an understanding of GI’s threat landscape, and which

• • works within GI’s risk appetite to design an effective program of work, and;

• • adopts tools and approaches which allow the integration of ongoing technology, operational cyber and information security cost into operational budgets 

• Implementing appropriate policies and frameworks, including

• • Drafting an appropriate Information Security Policy;

• • Adopting an appropriate Cyber Security Framework (e.g. NIST CSF, CIS CSC);

• • Drafting and rolling out a retention policy and protective marking policy;

• Drafting and communicating relevant training and guidance to users, likely including guidance on

• • Use of Burner Phones

• • Use of secure messaging apps

• • Source and Informant Protection

• Designing and rolling out permission structures in Dropbox relevant to GI’s work, including

• • Finalising a ‘draft structure’

• • Running appropriate training and engagement with staff

• Drafting a roadmap / rollout plan and strategy in line with GI’s risk appetite and business model & costing approach for

• • Dropbox End to End Encryption

• • Single Sign On

• • Device Management 

• • Appropriate Detection and Response tools

• • An incident response framework
• Exploring the procurement of cyber insurance

Requisite skills and experience:

The successful candidate will be able to demonstrate the following experience and skills:

• At least 5 years of experience running and implementing cybersecurity programs in an organisation of similar size, including both leadership and operational / hands-on experience in role that included security operations, governance, and/or risk management
• Experience managing budgets or funding models for technology or cybersecurity investment 
• Demonstrable experience in a Civil Society or similar environment which is subject to sophisticated state or non-state threat actors
• Experience rolling out policy, technology, and governance changes to a diverse, global team
• Experience working with managers, leaders, and broader constituents in decentralised, distributed organisations with minimal central governance
  

Only short-listed candidates will be contacted.

The Global Initiatives makes use of BambooHR's ATS system to receive and review your application.  All correspondence related to your application will be sent via our domain globalinitiative.bamboohr.com.