Information Security Lead at Voluntary Service Overseas

Job Purpose: Leads and manages VSO's overall approach to data security and information protection. Plans, analyses, designs, configures, tests, implements, and maintains VSO's information security infrastructure responsive to business requirements and applicable regulations.

Job Responsibilities:

• Develops and manages VSO's overall approach to data security and information protection
• Align standards, frameworks and security with overall business and technology strategy
• Design's security architecture elements to mitigate threats as they emerge
• Audits the collection, use and retention of all personal data within VSO
• Ensures all VSO policies around data protection and information security are up to date and fit for purpose
• Defines, implements, and maintains corporate security policies
• Leads on the identification of data security and information protection risks across the organization and works with stakeholders to develop and implement mitigation plans, escalating issues as appropriate
• Acts as a subject matter expert on data security for projects looking to implement new tools, products, or processes.
• Supports the Global IT Operations Manager to achieve the highest standards of information security across VSO's network
• Oversees maintenance of systems to protect data from unauthorized users
• Develops and maintains process maps, which show how data flows through the organization
• Leads and facilitates organizational training and communications around data security and information protection issues.
• Oversee incident response planning as well as the investigation of security breaches and assist with disciplinary and legal matters associated with such breaches as necessary.
• Implements measures to protect digital files and information systems against unauthorized access, modification, or destruction
• Maintains data and monitor security access
• Develops strategies to respond to and recover from a security breach
• Coordinate's security plans with outside vendors
• Develop or implement tools to assist in detection, prevention, and analysis of security threats
• Develops modules and leads on awareness training on information security standards, policies, and best practices
• Conducts periodic network scans to find any vulnerability
• Other duties commensurate with the post as required.

Knowledge/qualifications:

• Degree in Information Technology, Computer Science, Software Engineering, or related field
• Knowledge of Information Technology security issues and approaches to manage Information
• Technology security.
• Knowledge of data protection operations and legislation (GDPR)

Experience:

• Experience of identifying risks in data security management processes, developing, and implementing remedial action.
• Excellent communication, influencing and stakeholder management skills
• Experience of working across teams to deliver solutions and generate high levels of internal buy-in
• Excellent project management skills and experience of leading on data security projects across multiple locations.
• Experience of developing and delivering training.
• Experience of developing and implementing data security policies and protocols.
• Experience of working in a culturally diverse environment

Skills/Abilities:

• Administering information security software and controls
• Analyzing security system logs, security tools, and data
• Communicating up, down, and across all levels of the organization
• Creating, modifying, and updating Intrusion Detection Systems (IDS)
• Creating, modifying, and updating Security Information Event Management (SIEM)
• Deep understanding of risk management frameworks
• Familiarity with security regulations and standards
• Installing firewall and data encryption programs
• Maintaining security records of monitoring and incident response activities
• Monitoring compliance with information security policies and procedures
• Providing timely and relevant security reports
• Strong technical background in data loss prevention
• Training organizations on security measures

Technical requirements:

• Advanced technical knowledge and understanding of: Window OS, Windows Server, O365,
• Azure, AD, DHCP, DNS, VPN, Networking, Firewalls, Routers, VMware, Enterprise AV, Cyber
• Security, Encryption, Cisco Meraki, DMARC,Endpoint Management

Desirable:

At least one recognized security certification:

• Certified Ethical Hacker (CEH)
• CompTIA Security+
• Certified Information System Security Professional (CISSP)
• Certified Information Security Manager (CISM)
• Certified Information Systems Auditor (CISA)