Information Security Manager, Information and Media Practice at IREX

Description

Who We Are

IREX is a global development and education organization. We strive for a more just, prosperous, and inclusive world—where individuals reach their full potential, governments serve their people, and communities thrive. With a projected annual portfolio of more than $100 million and more than 600 staff worldwide, we work with partners in more than 100 countries in four areas essential to progress: cultivating leaders, empowering youth, strengthening institutions, and increasing access to quality education and information.

The Information Security Manager oversees and/or manages all aspects of the project and/or multiple programs assigned to a specific country. Responsible for the development and execution of project work products, to include but not limited to program timelines, budgets, reports, and other products as identified. This role will represent IREX inside the country or region.

The Information Security Manager implements and executes direct technical assistance to project beneficiaries, supports Deputy Project Director (DPD), and is responsible for day-to-day assigned activities. Responsible for the project's beneficiary work reports directly to the DPD. They manage and are responsible for beneficiary relations, communications, and quality of (assistance) service. They will plan, manage, and conduct Organizational Security Risk Assessments (OSRA), provide guidance, training, coaching, mentoring, and support on cybersecurity issues and topics to beneficiaries per projects outlined activities and objectives.

We are doers. Our decades of on-the-ground experience help us create greater impact, practical recommendations, and lasting partnerships.

Are you the next member of our team?

Skills & Experience – Required

• Bachelor's degree in Computer Information Systems, Management Information Systems, or Computer Science.
• Minimum 7+ years’ experience in information security, digital security principles, and safe computing practices, or a master’s degree and 6 years of experience.
• Strong working knowledge of diverse IT systems and cybersecurity fundamentals.
• Working knowledge of networking concepts, vulnerability, and industry security technologies such as endpoint protection and network/device monitoring
• Ability to work independently on assigned efforts.
• Strong interpersonal skills as well as experience developing solid professional relationships.
• Broad training experience working with staff with limited technical knowledge.
• Familiar with both commercial and open-source digital security tools.
• Ability to work under pressure and manage multiple activities.
• Proven experience managing multiple complex programming in a demanding, time-sensitive work environment.
• Experience conducting cybersecurity assessments and ability to proficiently articulate findings in the English language.
• Strong problem-solving skills and demonstrated flexibility to meet program outcomes.
• Strong representational and organizational skills.
• Proficient in Microsoft Office products
• Speaking, reading, and writing proficiency in English is required. Excellent written and spoken English.
• Excellent cross-cultural and interpersonal communication skills.
• Self-motivated and result oriented.
• Must demonstrate valid proof of unrestricted authorization to work in a country where this position is based.

Skills & Experience – Preferred

• Existing, trust-based relationships with a wide array of stakeholders working for civil society organizations, human rights organizations, and independent media or any relevant experience.
• Familiarity with Center for Internet Security, Critical Security Controls (CIS CSC v8), or at least one industry-recognized security framework like NIST, ISO27000, and/or CSO community-driven SAFETAG framework.
• Experience with the development of educational programs in security awareness.
• Possess Certified Information Systems Security Professional (CISSP) or other information systems security certifications.

Your Daily Tasks

• Draft OSRA reports geared towards a non-technical audience in mind.
• Plan, manage, and conduct Organizational Security Risk Assessments (OSRA), provide guidance, training, coaching, mentoring, and support on cybersecurity issues and topics to beneficiaries per projects outlined activities and objectives.
• Develop organizational Action Plans (APs) driven by OSRNA findings in consultation with beneficiary organization leadership helping improve beneficiary security postures.
• Develop, lead, implement, and coordinate Security Awareness Programs (SAPs) with beneficiary organizations.
• Draft, help develop, or review documentation including processes, procedures, and policies.
• Write technical and programmatic reports on the activities and the program implementation.
• Participate in conferences, organize trainings, and other events as needed and requested.
• With supervision, provide input to internal/external reports, presentations, and other products.
• Contribute to monitoring and evaluation activities including data management and analysis if assigned.
• Draft correspondence with stakeholders. Guidance and/or approval before engaging stakeholders may be required.
• Perform additional duties as assigned by DPD/STA II.
• Maintain communications and relationships with beneficiary organizations.
• Support DPD as instructed in developing partnerships and new business initiatives
• Perform additional duties as assigned.