Information Security Officer at Rainforest Alliance

Position summary:

• The Technology department is responsible for the Development, Realization, and Implementation of the strategic Digital Product Roadmap for Rainforest Alliance (including all supporting Technology processes), for all Global Business Initiatives and Assurance programs. “Information Office’ ’is one of the four teams under Technology Department. It’s responsible for planning and leading implementation of leading technology ecosystem that will enable achievement of the 2030 strategy. Ensure alignment of technology investment and initiatives with the business goals, requirements and expectations and ensure optimal utilization of investments in technology and delivery of services by the technology vendors across the organization. 
• Within the Information Office is the "Information Security Officer", reporting to Director Information Office. This role is responsible for managing and enforcement of all aspects of information security at Rainforest Alliance. You will work proactively to identify security risks, develop, and implement security frameworks, and ensure the integrity and confidentiality of our IT systems and data. 
• The Information Security Officer will be responsible for all KPIs related to cyber security. You will be expected to coordinate implementation of all information security related processes in conjunction with others at Rainforest Alliance. You will also be leading and coordinating task/activities by firms/individuals contracted to provide information security services.

Responsibilities: 

Security Policy and Strategy:

• Analyse the current IT security policy and strategy and make recommendations, ensuring these recommendations are translated into policies and applied by the organization.
• Ensure compliance with internal and external security regulations and standards.

Risk Analysis and Management:

• Identify and evaluate security risks in IT systems and processes.
• Prepare risk assessments and develop strategies to minimize these risks.

Security Measures:

• Collaborate with the IT Operations and IT Platform departments to oversee/lead the implementation of technical security measures such as firewalls, IDS/IPS systems, antivirus software, and encryption.
• Monitor access control and user rights management.
• Analyse and shape cybersecurity within RA, including setting up secure email traffic using methods like DMARC, SPF, and DKIM.

Incident Response:

• Serve as the Single Point of Contact (SPOC) for the IT Incident Management Team.
• Coordinate security incidents, including investigating and resolving security breaches.
• Prepare incident reports and recommendations for preventive measures.

Awareness and Training:

• security awareness within the organization.
• Provide training and guidance to employees regarding security issues.

Compliance and Audits:

• Ensure compliance with legal regulations and industry standards related to IT security.
• Prepare and coordinate security audits and evaluations.

Collaboration:

• Collaborate with IT teams and other departments to achieve security objectives.
• Maintain relationships with external security partners and stay updated on the latest developments in the IT security industry.

Qualifications:

• Bachelor's or master's degree in information technology, information security, or a related field.
• Certifications in information security (e.g., Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM)) are a plus.
• At least 7 years’ experience in cyber/information security role
• Proven experience in IT security, preferably in a similar role.
• In-depth knowledge of security practices, standards, and legislation.
• Strong analytical and problem-solving skills.
• Excellent communication skills, both oral and written.
• Ability to respond quickly to emergencies and make decisions under pressure.
• Integrity and confidentiality in handling sensitive information.
• You are expected to be proactive and stay up to date with the latest security technologies and trend
• Experience in business process analysis and modelling

Deadline: 13 March 2024