Senior Information Officer

About CWS

Position Title: Senior Information Security Officer

Reports To: Information Security Coordinator

Supervises: None

Division: CWS Africa

Department: Administration, Information Technology

Team: South Africa

Job Location: Pretoria, South Africa

Grade Level: 7, National

Introduction :

Church World Service (CWS) is a not-for-profit, faith-based organization transforming communities around the globe through just and sustainable solutions to hunger, poverty, displacement and disaster. CWS does not discriminate based on race, color, religion, sex, national origin, gender identity, genetic information, age, disability, or veteran status in employment or in the provision of services.

Primary Purpose

Primary Purpose :

This position is primarily responsible for the development, adoption, implementation, and enforcement of information security policies, procedures, and standards; ensuring compliance with the organizational IT security framework; regular monitoring and network vulnerability scanning; internal IT security audit; cyber risk mitigation and internal cyber staff cyber security best practices training. The position requires flexibility, initiative, and confidence in dealing with different types of complex systems, networks, software, equipment, and more importantly, different types of people.

Key Relationships

Internal to CWS

• Country Representative
• Finance & Administration Manager
• IT Supervisor
• Nairobi Information Security Coordinator
• Nairobi SISOs

External

• Information Security service providers
• POPI Act service providers
• Office internet service provider

Working Environment

• Officeand/work from home environment.
• Periodic travel to the field as may be required.
• Occasional holiday and weekend coverage.
• Short notice response to emergencies, including after hours, on weekends and holidays.

Responsibilities

Core Job Responsibilities

Administration (40%)

• Leads vendor risk management responds to outside vendor requests for information regarding policies, standards, questionnaires, and baselines, and provides status reporting and metrics.
• Creates and maintains all systems security documentation.
• Creates and maintains standard operating procedures and manuals.
• Leads cyber incident response and collaborates with the organization to improve processes.
• Resolves all IT security-related requests escalated from the helpdesk.
• Performs other duties assigned by the IS Coordinator or IT Management and Governance when necessary.

Compliance (35%)

• Ensures that all CWS Africa ICT systems, data, and networks are secured according to the organizational defined policies, Integrity and Compliance Manual, PRM NOFO IT security requirements, and the National Institute of Standards Technology (NIST) moderate controls.
• Ensures consistent implementation of the NIST security framework and enforces related security policies and procedures.
• Coordinates with the Training Unit to develop and implement all security training, awareness, and progress programs to educate the organization’s employees regarding information security requirements and initiatives.
• Achieves and maintains a thorough knowledge and adherence to established RSC Africa, CWS/IRP, DOS/PRM and USCIS policies and procedures regarding the Information System for CWS/RSC Africa
• Conducts Annual internal IT security Audit/Assessment against the NIST security framework; including a risk assessment and budget estimation for risk mitigation and treatment; and ensuring compliance with all the regulatory controls.

Leadership & Management (20%)

• Provides input and recommendations to IT management on systems security updates and trends.
• Advises the CWS Africa leadership on key IT security areas including risk management, legal and regulatory compliance, and policy in all countries of operation; and oversees ongoing risk identification, remediation, compliance, and vendor risk.
• Serves as an SME (Subject Matter Expert) and provides information security mentoring and training to CWS Africa IT and other staff as appropriate.
• Collaborates with all IT Staff in systems configuration management, changes, updates, and daily monitoring and reporting as required by IT management; Provides IT security-related assistance and oversight to all IT staff.
• Liaises with RPC and CWS HQ IT security personnel on any security-related matters or incidents.

Additional Responsibilities (5%)

• Assisting with IT duties.
• Any other duties as assigned.

Qualifications

Qualifications:

Experience:

• Five (5) years paid work experience required.
• Four (4) years of paid IT work experience is required.
• Three (3) years of experience in IT Security is required.
• Two (2) years’ experience in managing, securing, maintaining and design of computer systems, preferably Windows based, is preferred.
• Experience in managing major IT projects is preferred.

Skills:

• Proven information system risk and security framework management.
• Information system security auditing strong skills.
• Strong, up-to-date knowledge in systems security in a large network environment.
• Strong Knowledge in intrusion prevention and detection systems (Cisco Firepower or any other).
• Strong Knowledge in data leak, loss and encryption methods (McAfee or any other).
• Strong working knowledge in networking (LAN, WLAN and VPN), especially with Cisco managed devices (Firewalls, Routers and switches).
• Thorough knowledge of computer licensing and legal requirements.
• Strong knowledge in domain management and Active directory services.
• Knowledge in Microsoft 365 Azure compliance and security controls.
• Strong knowledge and skills in Windows server 2016 and above administration.
• Strong knowledge and working experience with administration of database systems, especially MS SQL Server.
• Through knowledge of TCP/IP Architecture and OSI Model.
• Knowledge in Linux servers administration is a plus.
• Troubleshooting and problems solving skills in a Windows based environment is a plus.
• Knowledge in software development languages (PHP, Java, C# and other scripting skills) and software design is a plus.

Education & Certifications:

• Bachelor’s degree in IT field, or an additional four (4) years’ experience in an IT-related field in lieu of a bachelor’s degree required.
• A Master’s degree is preferred.
• Other advanced professional training in IT Security is required (CISSP, GIAC, CISA, CISM) related or equivalent.

Abilities:

The ISO must have the ability to:

• discuss technical information with users of diverse technical levels and discern their needs.
• facilitate and negotiate.
• communicate technical reports effectively at any level.
• communicate effectively both verbally and in writing.
• follow instructions from the Supervisor with a positive and receptive attitude.
• deal effectively and courteously with a large number of associates, outside agencies, refugees and members of the general public.
• conduct oneself in a professional and courteous manner to represent the best interests of RSC Africa and CWS/IRP.
• maintain a high-performance standard with attention to detail.
• carry out all of the duties of the position efficiently and effectively with minimal supervision.
• work independently and contribute to overall operations at management level.
• take initiative in the development and completion of projects.
• lead others and address issues as they arise.
• maintain strict confidentiality with RSC Africa administrative and operational information.
• manage a large and diverse workload under pressure with competing priorities.
• analyze and solve complex problems.
• work well as a team in a multi-cultural environment while maintaining a high level of motivation.
• effectively manage RSC Africa’s resources.
• actively participate in the implementation of the U.S. Government Operational Refugee Processing Program in Africa

Important Requirements:

• Strong English communication skills, both written and oral.
• Ability to work in a multi-cultural environment required.
• Commitment to diversity, equity, and inclusion and willingness to support as a CWS employee required.

Special Requirements

Special Requirements:

• COVID Vaccination is strongly recommended for all successful candidates.
• The candidate should be of good health, willing and able to travel extensively in often difficult conditions and have a high degree of flexibility. Must have proof of Yellow Fever vaccination before traveling for RSC Africa.
• This position is based in Pretoria, South Africa.
• This position requires use of laptops at all times, competence in Microsoft office packages is required.
• This position may require travel in sub-Saharan Africa on short notice and under sometimes difficult conditions to meet the demands of a dynamic operational program.
• Driver’s License Code 08.
• Background check, which includes references and an educational criminal check is required before the start of employment for International applicants.
• A valid passport and the ability to maintain a valid passport throughout the entire appointment is required, which includes having enough passport pages for travel.
• Internationals - International applicants must be legally eligible to work and obtain a work permit in South Africa OR A valid U.S. passport and the ability to maintain a valid U.S. passport throughout the entire appointment is required, which includes having enough passport pages for travel.
• Physical: This position requires bending, squatting, crawling, climbing, kneeling, sitting, standing, walking, pushing/pulling, handling objects (manual dexterity), reaching above shoulder level, using fine finger movements and lifting/carrying heavy loads.
• Environmental: Incumbents in this position will be exposed to excessive noise, marked changes in temperature and/or humidity, dust and infectious diseases, harsh weather climates, long work hours, bumpy roads, extended travel, excessive sun exposure, and non-ventilated spaces.
• Full time.
• All employees should be prepared to work from the CWS office within their location of hire. Remote work arrangements may vary depending on location and the governing rulings regarding the COVID-19 pandemic.

CWS recruitment is free of charge. Church World Service (CWS) does not charge fees of any kind during the recruitment process (Submission of application, interviews, assessments, trainings, etc.). Any solicitation of funds should be reported to

CWS is an Equal Opportunity / Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, gender identity, genetic information, disability or protected veteran status. Auxiliary aids and services are available upon request to individuals with disabilities.