Latest Job Opportunity at World Vision

ROLE: Technical Director, Cybersecurity

Position Description

With over 70 years of expertise, we are dedicated to assisting the most vulnerable children in overcoming poverty and experiencing the richness of life. We help children from all backgrounds, even in the most dangerous circumstances, because of our Christian faith.

Come join our 33,000+ staff members working in nearly 100 countries and share the excitement of changing the lives of vulnerable children!

POSITION PURPOSE:

Cybersecurity Technical Directors plan, execute, and manage compliance, control assurance, risk management, security, and infrastructure/information asset protection projects. To protect the company’s infrastructure and information assets, they develop and manage enterprise security services and security solutions for critical and/or highly complex assignments across multiple IT functional areas (e.g., data, systems, network, and/or Web). Team leaders oversee multiple initiatives or programs.

Cybersecurity professionals plan, implement, and manage complex compliance, risk assessment and mitigation, control assurance, business continuity and disaster recovery, and user awareness projects. They create and implement security plans, policies, and standards, ensure solution efficacy, and provide corporate security consultancy.

IT security specialists develop, execute, and manage business unit and firm-wide data, system, network, and internet security strategies and solutions. They establish user authentication and log-on rules, security breach escalation mechanisms, security auditing procedures, firewalls, and encryption routines. By reviewing security violation notifications and analyzing security exceptions, they manage data security profiles on all platforms to help enforce security regulations.

Security controls are managed, updated, and recorded as they serve business and internal IT departments. IT security experts evaluate and suggest security products, services, and procedures. They also advise IT and enterprises on security policies and industry standards and solve enterprise/business security concerns.

IT Security specialists need technical, analytical, communication, and consulting skills and knowledge of IT Security and related technology. Security certifications like CISSP, CRISC, CISM, GIAC, and others may be needed.

Principal Responsibilities

(5%) STRATEGY

Provides strategic and tactical security and IT compliance direction and consultation.

STANDARDS, POLICIES, AND PROCEDURES (5%)

Serves as the primary point of contact for secure application and process development.
Maintains current knowledge of industry best practices.
Creates, improves, and executes enterprise-wide security policies, procedures, and standards across a variety of platform and application contexts.
Keeps an eye on the legal and regulatory landscape for changes.
Manages the execution of necessary modifications to IT rules and processes.
Compliance with security policies, standards, guidelines, and procedures is monitored.
Ensures legal and regulatory compliance with security standards.

READ ON: SENIOR SECURITY OFFICER

BUSINESS REQUIREMENTS (5%)

Engages with the business directly to gain a thorough grasp of the project scope and business requirements.
Assesses business requirements in relation to security problems and communicates issues and potential hazards to management.
Consults with other business and technical staff about the potential commercial consequences of proposed security changes.
Provides security-related business process recommendations.

SECURITY SOLUTIONS (5%)

Collaborates with IT and development teams to provide secure infrastructure solutions and apps, easing the deployment of protective and mitigating controls.

OPERATIONS SOLUTIONS (5%)

It is decided how security systems and apps should be set up and how they should work. These include policy assessment and compliance tools, network security appliances, and host-based security systems.
Baseline security configurations for operating systems, applications, networking, and telecommunications equipment are defined and validated.

RISK ASSESSMENTS (10%)

Directly interacts with customers and other internal departments and organizations to support IT risk analysis and risk management processes, as well as to define acceptable levels of residual risk.
Performs business impact analysis to verify that resources are sufficiently safeguarded with appropriate security measures.
Assesses potential risk items and vulnerabilities in the network, as well as on information technology infrastructure and applications.
Examines risk assessments, evaluates the efficacy of IT control operations, and reports on them with actionable recommendations.
Assesses security threats and develops compliance solutions in accordance with rules and regulations.
Risk assessments and security briefings are provided to management to inform them of key concerns that may compromise customer or corporate security objectives.
In order to handle technical and procedural IT security threats, communicate with numerous departments and levels of management.
Creates remediation solutions to reduce risks connected with infrastructure and information asset protection.

INFORMATION/DATA SECURITY (5%)

Defines, detects, and categorizes data assets.
Assesses information asset risks and vulnerabilities and suggests appropriate security policies and solutions.
Develops and oversees information system security procedures to prevent security breaches.
Consults with clients about resource data classification.
Reports to leaders on the effectiveness of information security and makes recommendations for new policies and procedures to be implemented.
Creates and implements strategies to connect information security with corporate objectives and goals, ensuring data integrity, confidentiality, and availability.

SECURITY AUDITS (10%)

Conducts security audits.
As required by external auditors, participates in security investigations and compliance checks.
Consults with clients on security breaches.
Assists internal audit and IT in ensuring that commitments are met and controls are effectively applied.

READ ON: TeamAlfy Job Opening 2021

INCIDENT MANAGEMENT (10%)

Helps the security operations team troubleshoot and resolve escalating security concerns.
Constructs security incident response teams.
Creates incident response plans, as well as supporting documentation and diagrams.

BUSINESS CONTINUITY/DISASTER RECOVERY (5%)

Creates an impact analysis.
Assists business partners in determining key business processes and systems.
Identifies and coordinates recovery issues for solutions.

SECURITY PERFORMANCE MANAGEMENT (5%)

Creates measures to evaluate security initiatives and adapts techniques as needed.
Reports are analyzed and recommendations for changes are made.

COMMUNICATIONS/CONSULTING (5%)

Assesses security requirements and controls in application development projects and verifies that security controls are executed as anticipated.
Collaborates on major IT projects to ensure that security risks are handled throughout the life cycle of the project.
Contributes to the development of the security architecture.
Instructs stakeholders on compliance and security concerns and actions affecting the designated region or project.
Interacts with business and IT leaders to discuss security issues and respond to requests for help and information.
Management receives reports on residual risk, vulnerabilities, and other security exposures, such as information asset misuse and noncompliance.

VENDOR MANAGEMENT (5%)

Works with third-party vendors to solve problems. Interacts with third-party vendors to review new security solutions or as part of the security evaluation process.
Coordinates with vendors to ensure that managed services are properly introduced and maintained.

RESEARCH/EVALUATION (5%)

Responsible for leading and reviewing application security risk assessments for new or modified internal or third-party applications.
Maintains contact with vendors for security system updates and security product technical support.
Helps in cost-benefit and risk analysis.

TRAINING (5%)

Programs for security awareness and compliance training are created. As needed, provides communication and training. Provides security briefings to clients in order to advise them on significant concerns that may affect them.
After technology implementation, conduct knowledge transfer training sessions for the security operations team.

COACHING/MENTORING (10%)

Ongoing knowledge transfer on security products and standards to team members and clients.
Mentor team members with less experience.
Knowledge/Qualifications Required for the Position

Knowledge/Qualifications For The Role

10 – 15 years of experience in a cyber, privacy, compliance, or risk management position or a closely comparable role is required.
Experience as a senior management or information security officer for at least ten years.
Experience managing cyber security incident response teams for over 5 years. Design and implementation of security systems.
In-depth understanding of PCI-DSS, privacy legislation, security standards, security best practices, and security regulations is required. It is necessary to have a high level of skill in threat management, risk management, vulnerability management, and compliance management.
Effective in written and spoken English communication
Willingness to travel both domestically and abroad as needed.
Education, training, licensing, registration, and certification are all required.
A bachelor’s degree in computer science, information systems, or a related discipline, or comparable work experience, is required.
Security certification is required (for example, Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Global Information Assurance Certification (GIAC).

READ ON: CLEANER/GROUNDSKEEPER/MESSENGER

Knowledge and Qualifications Preferred

English and French are both second languages.
Have excellent incident and investigation management abilities.
Have excellent communication skills.
Possesses strong organizational and planning abilities.
Strategic thinker with exceptional professional credibility and persuasive abilities.
Outstanding stakeholder management abilities are mixed with the capacity to constructively challenge and influence.
Possess a demonstrated ability to cooperate successfully and build excellent working connections at all levels of an organization.
Strong analytical abilities are required, as well as the ability to gather, analyze, and evaluate information and generate concise written reports.
Have technical knowledge of risk assessment techniques and procedures, or be willing to learn.
Good grasp of the many field contexts or experience working in at least two different contexts (e.g., development, transitioning, fragile, conflict, humanitarian, and so on).

How to Apply for this Job Opportunity at World Vision

Click Here to Apply Online

Closing Date: 19th November, 2023

Latest Posts

Latest Job Opportunity at World Vision