Save the Children International s5
Total Page:16
File Type:pdf, Size:1020Kb
SAVE THE CHILDREN INTERNATIONAL ROLE PROFILE
TITLE : Information Security Analyst TEAM/PROGRAMME: IT LOCATION: London GRADE: TBC CONTRACT LENGTH: 2 years CHILD SAFEGUARDING: Level 3 - the post holder may have access to personal data about children and/or young people as part of their work; therefore a police check will be required (at ‘standard’ level in the UK or equivalent in other countries) ROLE PURPOSE: This role will primarily focus on delivering information systems, network and application security compliance globally within SCI, and where required support participating Member organisation to achieve the same. This will include on-going security assessments as well as implementation of agreed actions and activities in response to identified IT security risks.
SCOPE OF ROLE: Reports to: Head of Global Information Security (London) Staff directly reporting to this post: None Dimensions: This role works alongside 2 regionally based Information Security Analysts. Save the Children International has a staff compliment of around 18,000, based in London and c55 country offices. Save the Children is a federated organisation, with 27 Member organisations. KEY AREAS OF ACCOUNTABILITY: Lead accountability, on behalf of the Head of Global Information Security, for systems, network and application security within Save the Children International (SCI). Develop, manage and update security policies, standards and processes to prevent, detect, analyse, and respond to information security incidents. Develop information security risk management process to drive risk based implementation of security controls for protection of information systems, networks and applications Proactively research and develop technical solutions/security tools to help mitigate security vulnerabilities and automate repeatable tasks. Conduct annual compliance reviews and provide comprehensive reports including assessment-based findings, outcomes and propositions to improve SCI information security and data privacy compliance. Analyse and make recommendations to improve systems, network and application security in global projects. Collaborate with IT Shared Services and IT Architecture & Innovation teams to ensure systems, applications and networks are secure by design. Assist internal and external stakeholders including auditors, when required, with information security questionnaires, audits, reviews, investigations, etc. BEHAVIOURS (Values in Practice) Accountability: holds self accountable for making decisions, managing resources efficiently, achieving and role modelling Save the Children values holds the team and partners accountable to deliver on their responsibilities - giving them the freedom to deliver in the best way they see fit, providing the necessary development to improve performance and applying appropriate consequences when results are not achieved. Ambition: sets ambitious and challenging goals for themselves and their team, takes responsibility for their own personal development and encourages their team to do the same widely shares their personal vision for Save the Children, engages and motivates others future orientated, thinks strategically and on a global scale. Collaboration: SAVE THE CHILDREN INTERNATIONAL ROLE PROFILE
builds and maintains effective relationships, with their team, colleagues, Members and ex- ternal partners and supporters values diversity, sees it as a source of competitive strength approachable, good listener, easy to talk to. Creativity: develops and encourages new and innovative solutions willing to take disciplined risks. Integrity: honest, encourages openness and transparency; demonstrates highest levels of integrity
QUALIFICATIONS Degree or diploma in information security or cyber security management / equivalent Experience working on ISO27001, NIST CSF or similar standards/frameworks.
EXPERIENCE & SKILLS Essential Minimum of 5+ years’Proven experience in an Information Security role. Familiarity with SANS Top 20 and OWASP critical controls requirements. Experience of addressing a wide range of IT security challenges in complex IT environment. Experience in designing and implementing IT security risks management and contributing to the development and execution of practical cost effective plans to mitigate them. Proven experience of working within a distributed IT infrastructure, networking and application environment. The capacity to build and maintain excellent relations and to work effectively in a multicul- tural and multi-ethnic environment respecting diversity. Excellent problem solving skills and a proactive, solutions orientated approach Strong personal, organisational and self-management skills. Strong communication skills in English. Ability to understand organizational mission, values, and goals and consistent application of this knowledge. Commitment to SCI values.
Desirable Demonstrable work experience driving information security and/or data protection compliance within a not for profit organization would be a plus. Experience on Microsoft technologies – Windows Server and Workstation OS (Server 2012/16, Windows 10 etc), Active Directory, SSO, IDAM and Office 365. Proficiency with one or more of the scripting language (e.g.: Javascript Powershell, Perl, Python) Exposure to ‘field operations’ and the IT Security-related issues associated with working in remote, inhospitable and insecure environments. Understanding of/willingness to learn key trends in international and humanitarian development, and utilising technology to support these developments.
Additional job responsibilities The duties and responsibilities as set out above are not exhaustive and the role holder may be required to carry out additional duties within reasonableness of their level of skills and experience. Equal Opportunities The role holder is required to carry out the duties in accordance with the SCI Equal Opportunities and Diversity policies and procedures. Child Safeguarding: SAVE THE CHILDREN INTERNATIONAL ROLE PROFILE
We need to keep children safe so our selection process, which includes rigorous background checks, reflects our commitment to the protection of children from abuse. Health and Safety The role holder is required to carry out the duties in accordance with SCI Health and Safety policies and procedures.
Date of updated draft: January 2018 Author : JSP