Appel à manifestation d’intérêt : MSF recherche un.e Responsable de la cybersécurité des TIC en Belgique.
CONTEXT
MSF OCB (Operational Centre of Brussels) ICT unit delivers ICT services to MSF field teams (approx. 6000 users) in about 40 countries around the world and to +/- 500 users in Brussels Headquarters. In a rapidly evolving digital landscape, the OCB ICT unit is a field-centric and people-inspired team and our vision is to “digitally empower MSF to improve our humanitarian and medical impact”. It aims to provide and support MSF with a “fit-for-purpose, reliable and secure digital ecosystem that is responsive to MSF operational and organisational needs”. It enables new and more effective ways of working; enhances transversal collaboration between functional departments, supports exploration and innovation.
As ICT Cybersecurity Officer your mission is:
- to define the strategy of the OCB ICT Unit in regard to digital information security,
- to design and implement both technical and organizational policies and guidelines concerning digital information security,
- to build up technical expertise within the unit, and to establish a security-aware culture, both within the technical ICT teams in Brussels and in the field, as well as in the organization as a whole; in order to protect the integrity of ICT infrastructure, to safeguard data (be it medical, financial, HR, or other) against loss or theft,
- and to minimize the risk of reputational damage to the organization in case of security incidents.
This mission applies to all OCB field operations as well as to the headquarters in Brussels.
You play the role of advisor/subject matter expert in ICT projects, as part of the project team or the steering committees, in collaboration with the project manager.
RESPONSIBILITIES
- Manage the ICT cybersecurity priorities and roadmap for OCB
- Be the focal point for the organization in case of ICT security breaches and threats
- Document security breaches, evaluate impact and implement mitigation plans
- Work closely with other key members of the ICT Unit Leadership Team to ensure that key interventions identified as part of the cybersecurity roadmap are implemented timely and according to the relevant security controls
- Design and implement security policies aimed at avoiding, and/or minimizing the impact of security incidents and the necessary control mechanisms to make sure that these policies are being applied
- Design and implement an incident-response and business continuity strategies to be applied when a security incident does occur aimed at reducing the impact of such security incidents
- Review and keep up to date the cybersecurity chapters in the Safety and Security Management SOPs
- Participate in intersectional groups and network related to cybersecurity
- Assess the level of ICT security both of HQ and of the different field missions and projects by performing audits and evaluations, and formulate concrete steps to address any shortcomings
- Act as a technical referent during the design and implementation of both application and infrastructure projects
- Work closely with the entities/people in charge of security in general (Operations (OPS) and finance Risk management Units) or data protection (DPO – Data Protection Officer)
- Promote and enable a security-aware mindset
- within the ICT unit, by giving technical guidance and facilitating trainings;
- among the field staff responsible for ICT in the missions and projects, by creating the needed documentation, policies and guidelines and by giving trainings to increase the awareness of and knowledge about the subject of ICT security;
- within OCB as a whole, by presenting and motivating the importance of the topic to different stakeholders within the organization.
REQUIREMENTS
Education
- University degree in computer science or a related field, or equivalent by experience
Experience
- At least 5 years of experience with both software development and IT operations;
- Experience in performing risk, business impact, control and vulnerability assessments, and in defining treatment strategies;
- Experience in designing and implementing security-related projects is a strong asset;
- Experience in Change management is a MUST HAVE;
- Experience with Center of Internet Security (CIS) Controls is a plus;
- Field experience with MSF or another international NGO is a plus;
- Experience in the area of medical data protection is an asset.
Competencies
- Excellent understanding of information security concepts, protocols, industry best practices and strategies
- Excellent understanding of modern IT operations:
- Networking;
- Different operating systems, including at least Linux and Windows;
- Virtualization;
- Containerization;
- Cloud computing;
- Configuration management;
- Infrastructure as code.
- Excellent understanding of modern software development methodologies and tools and their security implications, including a good understanding of the software development lifecycle
- Excellent knowledge of different aspects of (web) application security;
- Understanding of GDPR and other legal frameworks concerning data privacy and IT security is an asset;
- Sense of urgency; Immediate attention to security incidents;
- Strong oral and written communication skills;
- Team player; Understanding of needs and constraints of different teams;
- Being able and comfortable to work in a green field;
- Being able to take initiative.
Languages
- Fluent in English;
- Proficiency in French a plus.
HOW TO APPLY?
CV + cover letter to be sent by e-mail [email protected] with “ICT Cybersecurity Officer” in the title. Please name your application documents (CV and cover letter) with your LAST NAME.
Only shortlisted candidates will be contacted.
MSF values diversity and is committed to create an inclusive working environment. We welcome applications from all qualified candidates regardless of disability, gender identity, marital or civil partnership status, race, color or ethnic and national origins, religion or belief, or sexual orientation.
Deadline for applications: 17 May 2023