Вакансія: Information Security Officer

Deutsche Gesellschaft für Internationale Zusammenarbeit (GIZ) GmbH is looking for a qualified professional for the Country Office to fill the position of a:

Information Security Officer (full-time, Kyiv)

(internal SAP code: Information Technology Specialist)

As a service provider in the field of international cooperation for sustainable development and international education work, we are dedicated to shaping a future worth living around the world. GIZ has over 50 years of experience in a wide variety of areas, including economic development and employment promotion, energy and the environment, and peace and security. The diverse expertise of our federal enterprise is in demand around the globe – from the German Government, European Union institutions, the United Nations, the private sector and governments of other countries. We work with businesses, civil society actors and research institutions, fostering successful interaction between development policy and other policy fields and areas of activity. Together with our partners in national governments worldwide and cooperation partners from the worlds of business, research and civil society, we work flexibly to deliver effective solutions that offer people better prospects and sustainably improve their living conditions.

To enable the worldwide protection of all critical information processed by the GIZ, the establishment of an Information Security Management System (ISMS) and therefore Information Security Officers in the field structure are indispensable.

The goal of Information Security Officer is to be a central single point of contact (SPoC) for organizational overview and control as well as professional knowledge concerning information security in the Country Office. As information technology (IT) has a big role in information security, IT-specific knowledge and/or close cooperation with technical roles is also an expected area of expertise.

The Information Security Officer is responsible for:

• Establishing and later managing the security incident process;
• Supporting/ accompanying the Audit Management process (including the local coordination of “penetration testing”);
• Ensuring that a functioning vulnerability management is in place;
• Acting as Single Point of Contact (SPoC) for information security for projects and contact for all topics concerning information security;
• Ensuring through a structural analysis (asset recording) an up-to-date and completing asset inventory (in cooperation with asset owners);
• Providing structure reporting to Chief Information Security Officer (CISO);
• Is responsible for recording the current status of information security, which includes the mentioned assets;
• Establishing the local InfoSec Risk Management (IRM) and accompanying risk register which is implemented through identification of risks with asset owners, risk assessment with risk owner involvement, risk treatment management and further connected tasks;
• Elaborating, reviewing, and updating the local security concept;
• Coordinating and implementing of measures, guidelines/concepts as well as the adapting of guidelines/concepts to local conditions;
• Coordinating existing awareness measures among employees and being to a limited extend personally responsible for the awareness/training efforts;
• Being further responsible for the control of the effectiveness of security measures, for revisions and audits and for ensuring the investigation of security-related incidents & coordination of their reporting (reporting system);
• Providing continuous consulting on information security topics and the constant operation of risk management and level estimation of information protection requirements.

Required qualifications and experience:

• BA or MA degree in a related area, e.g. with a focus on information technologies, digitalization or similar area, recognized certificate;
• At least 3 years of professional experience in a comparable position;
• Upper-intermediate level of English, native speaker of Ukrainian;
• Knowledge and experience in information security;
• Basic knowledge of actual Microsoft Software and Services ecosystem;
• Methodological competence in: ISO/IEC 27001, risk management, vulnerability management, audit;
• Ability to “think inside” organizational structures and processes;
• Ability to adapt, communicate and implement key requirements;
• Ability to handle objections in a polite manner;
• Mastery of facilitation and auditing techniques;
• Willingness for further training;
• Ability to cooperate and work in a team;
• Objectivity, especially when dealing with sensitive issues.

We offer:

• Official employment;
• Salary fixed in EUR, performance-related bonuses and 13th salary;
• Medical insurance, 29 vacation days annually;
• Language classes, hard and soft skills trainings;
• Individual and group psychological support;
• Possible remote and flexible work;
• Meaningful and valuable work, international environment.

Employment conditions:

Full-time position with 40-hours working week. Place of assignment is Kyiv. Contract duration is 2 years. Prolongation is possible.

GIZ is an equal opportunity employer and offers an attractive and challenging working environment with opportunities for skill enhancement.

Application:

We are looking forward to your application in English, comprising your CV and a Cover letter explaining your motivation to apply for the job to [email protected] until COB 05 September 2023, Tuesday.

By sending the application the candidate gives the consent for the personal data processing for recruitment processes solely.

Only shortlisted candidates will be contacted for the next stages of the recruitment process.