Background
The International Federation of Red Cross and Red Crescent Societies (IFRC) is the world's largest humanitarian organization, with 190 member National Societies. As part of the International Red Cross and Red Crescent Movement, our work is guided by seven fundamental principles; humanity, impartiality, neutrality, independence, voluntary service, unity and universality.
Organizational Context
The IFRC is headquartered in Geneva, with regional and country offices throughout the world.
The headquarters is organized in three main divisions: (i) Partnerships, including Movement and Membership; (ii) Programmes and Operations; and (iii) Management.
The Management Division comprises three departments: Human Resources, Finance and Administration and Information Technology. Each is led by a Director.
The Information Technology Department currently includes 3 teams, an IT Global service centre in Budapest and technical line management to teams in five regional offices.
The headquarters is organized in three main divisions: (i) Partnerships, including Movement and Membership; (ii) Programmes and Operations; and (iii) Management.
The Management Division comprises three departments: Human Resources, Finance and Administration and Information Technology. Each is led by a Director.
The Information Technology Department currently includes 3 teams, an IT Global service centre in Budapest and technical line management to teams in five regional offices.
Job Purpose
The position ensures various roles related to the management of the information security systems such as auditing information systems, protection of information assets, acquisition, development and implementation of information systems, advising, informing, training and alerting.
You will establish, update and lead the various policies related to information technology domain and used in any business areas. You will ensure their implementation and effectiveness at all organizational levels through continuous quality controls during audits.
Bringing a solid business and operational expertise for the various IFRC department, you will act as a reference for continuous improvement and harmonisation in the alignment with the current industry standards and best practices for the technologies involved within the scope of responsibility.
You act as a subject matter expert on IT security standards and quality controls, will maintain a solid knowledge in the security activities and audit methodologies, provides strong expertise in establishment of audit processes/procedures to reinforce information assets protection, mitigate threats and lower related risks.
Job Duties and Responsibilities
General duties
- IT policies: Define, maintain and update the IT policies through setting objectives and requirements related to the information systems usage, identify, define and establish processes and procedures accordingly.
- Risk analysis: Evaluate the overall and specific IT risks, threats and consequences from an information system perspective, study and implement mitigation ensuring proper use of the IT systems.
- Audit and controls: Control and ensure that IT policies and rules are applied at all company level and within each business unit. Analyse and define IT processes, IT procedures and test protocols to support audit activities and reports. Manage the security “crisis” unit in case of IT security breach or “disaster”
- Propose and validate the security tools employed in the enterprise. Set security norms, standards and best practices at all company levels.
- Inform and educate executives on behaviours and strategies adoption for a reinforced security and reduced risks. Train the operations and business units on security best practices. Participate in the company security charter realization and promote it at all organizational levels.
- Keep track of regulatory and technical developments in the IT security field. Watch over required changes to ensure physical and logical security of the information systems as a whole.
- Mobilize a wide range of expert knowledge on new technologies while exhibiting a strong understanding of business to propose secure solutions for the future. Provides expert perspective to guide the management team towards strategic security decisions.
- Be innovative by considering creative solutions to provide new concepts, ideas, products or services. Promotes an open and innovative thinking to exploit technological advances in the needs and defining objectives of the company and society.
Specific duties
IT Security & IT Policies
- Define and implement a formal strategy ensuring the information integrity and security against external or internal threats (such as a legal request, an IT audit or a penetration testing report).
- Develop and maintain security policies and procedures including management of risk assessments, security compliancy, security related incident activities.
- Deploy the foundations of the information security management system, including the identification of roles and responsibilities.
- Use relevant and established industry standards to define information integrity and availability objectives and data privacy.
- Manage the IT policies life cycle from the establishment phase through requirements assessment, their enforcement at all organizational level and their continuous improvement through quality controls managed by audits.
IT Quality
- Be responsible for the internal controls and risks by identifying weaknesses in the organisation information systems and create the action plan accordingly.
- Perform information control reviews to include system development standards, operating procedures, system security, programming controls, communication controls, backup and disaster recovery, and system maintenance.
- Develop the audit charters to support various audit needs, evaluate technology, identify controls and keep records in alignment with the information systems and the IT Department requirements.
- Coordinate, communicate and collaborate effectively with the stakeholders involved by organizing their planning, the risk assessment, gathering of evidences, performing audit tests, analysing and reporting the results.
- Directs and/or performs reviews of internal control procedures and security for systems under development and/or enhancements to current systems.
- Prepare audit finding memoranda and working papers to ensure that adequate documentation exists to support the completed audit and conclusions.
- Manage written and oral reports and other technical information in a pertinent, concise, and accurate manner for distribution to management.
Miscellaneous job-related duties
- Support the IT project managers during project life cycles by providing policies and risk advises from an information systems aspect.
- Contribute actively to the overall satisfaction level of IFRC end users while develop and promote effective working relationship within the ITD, the wider IFRC and the RCRC movements including ICRC.
- Manage personal knowledge and continuously update your skillset on various systems and applications used at IFRC.
- Adhere to staff regulations of the IFRC and to the IT security rules at all times.
- Identify, review and participate in the development of training and awareness workshops to deliver unified understanding of security best practices at all organizational levels.
- Follow and apply industry standards and best practices; implement compliance requirements to ensure proper operations and standardization of operational environment from an IT information systems stand point.
Reporting and Documentation
- Identify documentation requirements to maintain efficient operational level, anticipate documents needs and regularly update operational documentation.
- Create, maintain and improve the security knowledge base and knowledge documentation managed through the Service Management Tool.
- Document incidents, problems, changes with relevant information to allow continuous improvement within IT department and the end users satisfaction level.
- Provide periodic reports upon request on security threats, vulnerabilities and protection measures to the IT Service Manager responsible for the support units in Budapest.
- Record and Treat operational information (general and specific) accurately and confidentially.
External Relation
- Maintain regular contact with end users within the Secretariat as required.
- Maintain contacts with other support teams involved during the request resolution process.
Office Activities
Adhere to all administrative procedures linked to his/her work.
Education
- University degree, (or equivalent) in Engineering, computer sciences or similar discipline.
- ITIL certification or equivalent experience and proven track record of ITIL procedures use in enterprise environment.
- CEH or CISSP or CISA professional certification and proven track record of use in enterprise environment.
- Project management capability (PMP certification preferred).
Experience
- Minimum 5 years of professional experience in IT security & quality management and administration.
- Minimum 5 years of professional experience in information system operation controlling and auditing methodology.
- Extensive experience in defining and executing audit and controls on information system, in reporting and relative documentation establishment.
- High level of expertise with computer networks, IP telephony, backup, internet technologies and related areas.
- Experience in working in a humanitarian organization supporting both disaster response and ongoing programmes
Knowledge, skills and languages
Required:
- Excellent understanding of controlling processes from audit subject area definition to execution and reporting to decision makers.
- Excellent problem solving and critical thinking skills; ability to identify problems, gather facts, analyse potential risks and impacts, and choose or propose a solution.
- Self-starter with excellent documentation skills, including the ability to maintain documentation and requirements for traceability throughout checkpoints, and for evaluation after close.
- Ability to drive situations when challenged with aggressive timelines, well organized with collaborative and an open-minded attitude.
- Able to undertake strategic thinking and translate this into practice
- Strong written and oral communication skills (including advanced knowledge of one of the major languages of the Federation)
- Fluently spoken and written English
Preferred:
- Proven interpersonal skills, able to interfere and coordinate with stakeholders across different teams (internal or external), with or without direct hierarchical relation.
- Affinity for team work, collaborative attitude, open-minded and adaptable
- Well organized, able to work under pressure and manage priorities
- Good command of another IFRC official language (French, Spanish or Arabic)
Competencies and values
- Accountability
- National Society relations
- Teamwork
- Development
- Integrity
- Strategic Orientation
- Collaborating, influencing
- Managing performance
- Building alliances
- Building trust
- Effective communication Comments
The Federation is an equal opportunity employer.
HOW TO APPLY:
Please apply on the organisation's website: Click Here