Duties and Responsibilities

• Coordinate the ICT cybersecurity improvement priorities and roadmap for OCB
• Be the focal point for the organization in case of ICT security breaches and threats
• Contribute to the design and lead the implementation of security policies aimed at avoiding, and/or minimizing the impact of security incidents and the necessary control mechanisms to make sure that these policies are being applied
• Document security breaches, evaluate impact, and implement mitigation plans
• Contribute to the design and lead the implementation of incident-response and business continuity strategies to be applied when a security incident does occur aimed at reducing the impact of such security incidents
• Led the Cybersecurity working group with representatives from the different teams of the ICT organization (approximately 8 people)
• Work closely with other key members of the ICT Unit to ensure that key interventions identified as part of the cybersecurity roadmap are implemented timely and according to the relevant security controls
• Review and keep up to date the cybersecurity chapters in the Safety and Security Management SOPs
• Participate in intersectional groups and networks related to cybersecurity
• Assess the level of ICT security both of HQ and the different countries of interventions and their projects by performing audits and evaluations and formulating concrete steps to address any shortcomings
• Work closely with the entities/people in charge of security in general (Operations (OPS) and finance Risk Management Units) or data protection (DPO – Data Protection Officer) to ensure consistency of policies and procedures and share information about potential or detected incidents
• Promote and enable a security-aware mindset:
• within the ICT unit, by giving technical guidance and facilitating training
• among the staff responsible for ICT in the countries of interventions and their projects, by creating the needed documentation, policies, and guidelines and by giving training to increase the awareness of and knowledge about the subject of ICT security
• within OCB as a whole, by presenting and motivating the importance of the topic to different stakeholders within the organization

Requirements

Education & Experience

• Master’s degree in computer science, Information System Management, Engineering, Business administration, or related areas, or equivalent by demonstrated experience
• Minimum 4 years experience in securing ICT infrastructure (both Cloud and on-premise)
• Experience with both software development and IT operations
• Experience in performing risk, business impact, and vulnerability assessments, and in defining and implementing the appropriate safeguards to address the identified risks is mandatory
• Experience in designing and implementing security-related projects
• Experience in Change management
• Experience with Central Internet Security (CIS) Controls or other security frameworks is an asset
• CISSP Certification is an asset
• International MSF experience or with another international NGO is an asset
• Experience in the area of medical data protection is an asset

Competencies

• Excellent understanding of information security concepts, protocols, industry best practices and strategies
• Excellent understanding of modern IT operations:
• Networking
• Different operating systems, including at least Linux and Windows
• Virtualisation
• Containerisation
• Cloud computing
• Configuration management
• Excellent understanding of modern software development methodologies and tools and their security implications. including a good understanding of the software development lifecycle
• Excellent knowledge of different aspects of (web) application security
• Understanding of GDPR and other legal frameworks concerning data privacy and IT security
• Sense of urgency; Immediate attention to security incidents
• Ability to work autonomously with limited managerial supervision and be able to establish strong relationships with remote stakeholders
• Team player; understanding of needs and constraints of different teams
• Ability to take initiative

Languages

• Strong oral and written communication skills in English
• Proficiency in French is an asset

How To Apply

Please, send your CV and cover letter to Recruit-HQ-DG@brussels.msf.org and mention “ICT Cybersecurity Officer” in the subject of your email.

Deadline for applications: 1st of January 2024