ICT Cybersecurity Officer (m/f/x) AT Médecins Sans Frontières

CONTEXT

The ICT Unit of MSF OCB (Operational Center Brussels) delivers ICT services to MSF countries of interventions teams (approx. 6,000 users) in about 40 countries around the world and to +/- 500 users in Brussels Headquarters. In a rapidly evolving digital landscape, the OCB ICT unit is a field-centric and people-inspired team, and our vision is to “digitally empower MSF to improve our humanitarian and medical impact”. It aims to provide and support MSF with a “fit-for-purpose, reliable and secure digital ecosystem that is responsive to MSF operational and organisational needs”. It enables new and more effective ways of working; enhances transversal collaboration between functional departments and supports exploration and innovation.

As ICT Cybersecurity Officer your role is:

• to contribute to the definition and to lead the implementation of the ICT Cybersecurity strategy of the OCB ICT Unit,
• to contribute to the definition and to lead the implementation of technical policies and procedures, providing guidelines for the improvement of information security and data privacy,
• to establish a security-aware culture, both within the technical ICT teams in Brussels and in the countries of interventions, as well as in the organisation as a whole; to protect the integrity of ICT infrastructure, to safeguard data (be it medical, financial, HR, or other) against loss or theft,
• to minimise the risk of reputational damage to the organization in case of security incidents.

This role applies to all OCB countries of interventions as well as to the headquarters in Brussels.

You play the role of advisor/subject matter expert on behalf of the ICT Team, by promoting best practices and preventive measure related to Cybersecurity for our infrastructure, digital ecosystem and projects.

MAIN RESPONSIBILITIES

• Coordinate the ICT cybersecurity improvement priorities and roadmap for OCB
• Be the focal point for the organisation in case of ICT security breaches and threats
• Contribute to the design and lead the implementation of security policies aimed at avoiding, and/or minimizing the impact of security incidents and the necessary control mechanisms to make sure that these policies are being applied
• Document security breaches, evaluate impact and implement mitigation plans
• Contribute to the design and lead the implementation of an incident-response and business continuity strategies to be applied when a security incident does occur aimed at reducing the impact of such security incidents
• Lead the Cybersecurity working group with representatives from the different team of the ICT organisation (approximately 8 people)
• Work closely with other key members of the ICT Unit to ensure that key interventions identified as part of the cybersecurity roadmap are implemented timely and according to the relevant security controls
• Review and keep up to date the cybersecurity chapters in the Safety and Security Management SOPs
• Participate in intersectional groups and network related to cybersecurity
• Assess the level of ICT security both of HQ and of the different countries of interventions and their projectsby performing audits and evaluations and formulate concrete steps to address any shortcomings
• Work closely with the entities/people in charge of security in general (Operations (OPS) and finance Risk Management Units) or data protection (DPO – Data Protection Officer) to ensure consistency of policies and procedures and share information in relation to potential or detected incidents
• Promote and enable a security-aware mindset:
• within the ICT unit, by giving technical guidance and facilitating trainings
• among the staff responsible for ICT in the countries of interventions and their projects, by creating the needed documentation, policies and guidelines and by giving trainings to increase the awareness of and knowledge about the subject of ICT security
• within OCB as a whole, by presenting and motivating the importance of the topic to different stakeholders within the organization

REQUIREMENTS

Education & Experience

• Master’s degree in computer science, Information System Management, Engineering, Business administration, or related areas, or equivalent by demonstrated experience
• Minimum 4 years’ experience in securing ICT infrastructure (both Cloud and on premise)
• Experience with both software development and IT operations
• Experience in performing risk, business impact, and vulnerability assessments, and in defining and implementing the appropriate safeguards to address the identified risks is mandatory
• Experience in designing and implementing security-related projects
• Experience in Change management
• Experience with Central of Internet Security (CIS) Controls or other security frameworks is an asset
• CISSP Certification is an asset
• International MSF experience or with another international NGO is an asset
• Experience in the area of medical data protection is an asset

Competencies

• Excellent understanding of information security concepts, protocols, industry best practices and strategies
• Excellent understanding of modern IT operations:
• Networking
• Different operating systems, including at least Linux and Windows
• Virtualisation
• Containerisation
• Cloud computing
• Configuration management
• Excellent understanding of modern software development methodologies and tools and their security implications. including a good understanding of the software development lifecycle
• Excellent knowledge of different aspects of (web) application security
• Understanding of GDPR and other legal frameworks concerning data privacy and IT security
• Sense of urgency; Immediate attention to security incidents
• Ability to work autonomously with limited managerial supervision and be able to establish strong relationships with remote stakeholders
• Team player; understanding of needs and constraints of different teams
• Ability to take initiative

Languages

• Strong oral and written communication skills in English
• Proficiency in French is an asset

CONDITIONS

• Expected starting date: February 2024
• Location*: Brussels (Belgium) or Nairobi (Kenya)

*The final outcome depends on the residency of the candidate, the local legal limitations (residency, work permit, etc.) and on agreement with the hosting MSF entity of these locations

• Mobility: international travel up to 10%
• Position type: Open-ended position – Full-time

*The location and the contractual legal limitations will determine the type of contract (open-ended or extendable fixed term contracts)

• The contractual conditions will be established based on candidate residency and administrative constraints (work permit, residency, etc) and in respect of MSF function grids and salary policies
• Adhere to the MSF principles and to our managerial values: Respect, Transparency, Integrity, Accountability, Trust, and Empowerment
• Adhere to the MSF Behavioural Commitments