Technical Advisor, Information Security Engineer, Data.FI at Palladium International

This Opportunity:

Our Data, Informatics, and Analytical Solutions (DIAS) group is made of three portfolios that strengthen and harness digital and data ecosystems to accelerate development investments and outcomes: 1- Information Systems (IS), 2- Monitoring, Evaluation, Learning and Analytics (MELA) and 3- Digital Solutions and Transformation (DST).
Palladium’s Information Systems Portfolio is seeking a Technical Advisor, Information Security Engineer for the Data for Implementation (Data.FI) Project.

Data.FI is a five-year global project funded by the U.S. Agency for International Development (USAID) to support the HIV and COVID-19 response. Data.FI partners with programs to accelerate and sustain access to and use of high-quality data to expedite HIV and COVID-19 epidemic control and maintenance. By improving global, regional, national, and community/local in-depth analyses of HIV and COVID-19 epidemiologic and programmatic data, Data.FI expedites program achievements to improve client services and attain and sustain control of the epidemics. Data.FI supports host country governments to enhance existing health information systems (HIS), informing management responses to gaps in programming and sustaining impact by supporting local partner transition.

The Technical Advisor, Information Security Engineer will be responsible for implementing information security, cybersecurity and IT risk management tasks based on industry-accepted information security and risk management frameworks. This includes supporting security assessments of information systems, training staff training and auditing best practices. The Technical Advisor will also support the implementation of information system governance approaches and tools that support information security across our country programs, including with external stakeholder groups. The postholder will work with Palladium’s Global IT team to ensure activities follow corporate policy.

Location:

• This position is located in either Palladium’s Washington, D.C. or Nairobi, Kenya office
• The position will entail up to 20% travel internationally

You and Your Career:

If you are a Software Engineer with exceptional expertise in improving information security in a development context; have a clear understanding of USAID information security and responsible data use policy; have strong project management skills, are enthusiastic about building capacity and guidance in information security, and approach new and complex tasks with curiosity and a commitment to deliver, we are interested in hearing from you. 

We are a learning organization and provide growth opportunities from the start.  We pride ourselves on giving you the freedom, resources, and guidance to chart a fulfilling career!

Reporting and Supervision:

• This person will report to the Senior Technical Advisor, Health Information Systems (located in D.C.)
• This position could entail up to 20% of travel

Primary Duties and Responsibilities

The Information Security Engineer will be responsible for implementing information security, cybersecurity and IT risk management tasks based on industry-accepted information security and risk management frameworks. Specific responsibilities are:

• Ensure information systems implement best practices for software design and information security
• Ensure databases are properly configured and managed, and there are business continuity protocols in place.
• Ensure server networks and local area networks are properly designed and configured
• Produce guidelines and documentation to ensure software client devices are secure
• Build and keep up-to-date a register of project systems, and key stakeholders
• Support the design of recommendations and actions plans to address security risks.
• Support the continuous development, implementation and updating of Data.FI’s information security and data privacy standards, guidelines, processes, and procedures
• Complete routine activity audits to proactively identify and mitigate information security risks.
• Review project activities to identify and mitigate information security risks
• Facilitate information systems security training in USAID, corporate and project standards for all project staff
• Document any security breaches and assess their damage, working with the project leadership team and Palladium’s Global ICT team
• Collaborate with Palladium Global ICT team, as well as the Lead for Information Security across our Americas Business Unit, on policy development and implementation, as needed

Key Competencies Required:

• Ensure information systems implement best practices for software design and information security
• Solid experience configuring network security equipment and managing information systems
• Experience working in the international development sector
• Ability to think through potential scenarios and mitigating interventions to deliver project objectives in diverse and complex environments, including a willingness to think outside the box, approach challenges with creative solutions
• Knowledge of IT processes and controls and strong understanding of risk and control frameworks such as (CoBIT, ISO, NIST, ITIL, PCI).
• General knowledge of information security regulatory requirements and standards such as, GDPR, ISO 27001/2, SANS top 20 and NIST 800-53
• Knowledge and understanding of USAID information security, responsible data use, governance, risk and compliance practices and standards
• Ability to educate a non-technical audience about various information security issues, including cybersecurity measures
• Excellent oral and written communication skills in English
• Demonstrated ability to work effectively as part of a team, capturing input and feedback, as well as independently with a high degree of drive, initiative, and autonomy
• Demonstrated high level project management skills. Demonstrated ability to coordinate complex activities, meet deadlines, and exercise sound judgment and discipline
• Prior experience of working in a fast-paced, solution-focused, and dynamic workplace, with expert skills in multi-tasking
• Ability to work cross-culturally, using inclusive collaborative approaches and language
• Flexibility to work across time zones, at times accommodating meeting times beyond the regular workday

Professional Expertise/Competencies Preferred:

• Professional Information Security certification
• French and/or Spanish language skills, strongly preferred
• Familiarity with information security policy in African and Latin American countries, highly desired