Jobinformant.com

Information Security Officer at the Deutsche Gesellschaft fur Internationale Zusammenarbeit (GIZ)

The Deutsche Gesellschaft fur Internationale Zusammenarbeit (GIZ) GmbH (German Agency for International Cooperation) is an international enterprise owned by the German Federal government, operating in many fields across more than 130 countries.

In Nigeria, GIZ’s portfolio includes among others, a programme to support the Economic Community of West African States (ECOWAS) in its regional integration goals. The programme aims to strengthen sector-specific capacities in the areas of Peace and Security, Customs and Trade as weir as Strategic Management and Organizational Development in the ECOWAS Commission.

We are recruiting to fill the position below:

Job Title: Information Security Officer

Vacancy No.: 055
Location: Abuja
Organization: GIZ Nigeria, Country Office

Background
GIZ. Solutions that work:

  • As a service provider in the field of international cooperation for sustainable development and international education work, we are dedicated to shaping a future worth living around the world. GIZ has over 50 years of experience in a wide variety of areas, including economic development and employment promotion, energy and the environment, and peace and security.
  • The diverse expertise of our federal enterprise is in demand around the globe – from the German Government, European Union institutions, the United Nations, the private sector and governments of other countries.
  • We work with businesses, civil society actors and research institutions, fostering successful interaction between development policy and other policy fields and areas of activity. Our main commissioning party is the German Federal Ministry for Economic Cooperation and Development (BMZ).
  • The registered offices of GIZ are in Bonn and Eschborn. Our approximately 23,500 employees, almost 70 percent of whom are national personnel, work in a round 120 countries (July 2020) GIZ has worked in Nigeria since 1974.
  • From 2004, GIZ has maintained a country office in the capital city Abuja. Currently 361 national and 66 international employees, 19 regional staff, 4 integrated specialists and 3 development workers are working in the country (June 2020).

The Project

  • GIZ Country offices are the central element of GIZ’s field structure. They ensure consistent overall representation of the company and its successful positioning as a service provider in the international cooperation market.
  • They are headed by a country director. The Country Directors represent GIZ as a whole in the country or countries they service.
  • The Country Director is responsible for shaping the GIZ country portfolio and assuring its quality, and in particular ensures that GIZ activities in all business sectors are coherent.
  • The Country Directors generally have management responsibility for the officers responsible for commissions in the public-benefit TC measures in their area.
  • The GIZ Offices provide human resources and commercial support services for programmes and projects in their areas. These services must be contracted as set out individually in the respective processes and rules sections.
  • Furthermore, the GIZ Offices perform internal audits of the project administrations in the public-benefit sector, and by agreement for International Services projects and offices too.

Responsibilities and Task
Responsibilities:

  • The ISO, as the focal point, must establish, implement, maintain, and continually improve the information security management system.

The areas of action remain in the following domains:

  • Organizational, physical, people, technological. In this position the ISO must control the necessary measurements that are in place.
  • The ISO is a facilitator and advisor of the documented measures within the policies.

Tasks
The ISO performs the following tasks:

Development of an ISMS:

  • Implementing, coordinating, and continuously improving local information security management system (ISMS) based on the ISMS country project plans.
  • Coordinate, create and revise the security policies and related sub-concepts based on the context of the country or country region.

Implementation of measures:

  • Planning and coordinating the implementation of information security measures in close alignment with management level and key stakeholders such as e.g., HQ-ISMT, IT Department, central Data Protection Team, and Digitalization Partner local SRMO and projects.
  • Support in the implementation and coordination of securityrelevant processes.
  • Establishment of a reporting process for security-relevant incidents and their investigation within the country office and with HQ/ISMT.
  • Monitor the effectiveness of the information security program and make recommendations for improvements to the departments of the country office or commissioning manager.
  • Support and maintain incident management:
    • Support establishing an incident management process
    • Support in evaluating the incident and defining the next steps in the country office
    • Involve all needed parties and communicate the incident to the CISO/ISM-T
    • Securing evidence after security incident

Advising and reporting to management:

  • Reporting on the local information security management system (ISMS) performance to local management level and HQ/CISO.
  • Reporting of security risks and issues to local management and HQ/CISO.
  • Advising the local management and HQ/CISO how audit findings should be implemented.

Internal audits and support on external audits:

  • Develop an internal audit plan based on the audit program from HQ/ISMT
  • Support and conduct internal audits for the implementation of applicable security control objectives.
  • Prepare and support the continuous improvement through the certification and surveillance audit.
  • Contact person for all internal and external non-conformities in audits.

Awareness and central contact person:

  • Provide guidance and support to employees on information security best practices.
  • Initiation, alignment with IT Prof (IT Professional) and Digitalization Partner (DiPa), and implementation of awareness-raising measures for information security in consultation with various stakeholders (such as IT professionals and local digitization partners).
  • Close interaction and communication to Headquarter ISMOperations and relevant stakeholders.
  • The ISO should support in implementing and improving existing awareness measures and programs.
  • Advisor/supporter for new and follow-up projects (InfoSec checklist).

Required Qualifications, Competences, and Experience
Qualifications:

  • Bachelor’s Degree in Information Science and Technology and related degree. Masters would be an advantage. In addition, industry certification such as CISSP is a must. Others such as ISO/IEC 27001, CISM etc would be a plus.

Professional experience:

  • At least 5 years proven experience in information security and related role.
  • Knowledge and experience in information security with methodological competences in ISO/IEC 27001 and related standards, risk management, vulnerability management and audit should be given.
  • Basic knowledge of IT – management systems will be helpful in fulfilling the role to the full extent and to provide better advice to responsible employees
  • Experience in other international organisations is an advantage.

Desired additional qualifications, competencies, and experiences

  • As communication skills are a key factor in successfully cooperating within the organization, the ISO must be able to handle objections and conflict objectively and effectively as well as persuade and manage people.
  • To ensure effective collaboration with colleagues the ISO must adapt to changing frameworks, “think inside” organizational structures and processes and compile comprehensive reports.
  • Being able to communicate back and forth between country director and different departments while staying impartial is key for the ISO role.
  • The ISO must also possess excellent social skills such as being pro-active, having a commitment to life-long learning and staying up to date with security and threat-related trends by attending necessary further training.
  • He/She should also display the ability to be flexible and the willingness to comply to additional regulatory frameworks
  • High level of integrity and confidentiality in handling matters.
  • He/She must be able to network effectively with all levels of expertise, extending from projects to GIZ-HQ.
  • He/she must display independence, credibility, impartiality, and unconditional discretion as essential qualities in his character.

Salary
According to the GIZ salary scale for Band 4

Deadline: 24th July, 2023.

How to Apply
Interested and qualified candidates should send their CV and Letter of Motivation as one document with complete contact details to: recruitment-nigeria@giz.de using vacancy no. 055 as the subject of the email

Note

  • GIZ is an equal opportunities employer committed to diversity.
  • All qualified candidates, regardless of age, sex, ethnicity, race, and religion are encouraged to apply.
  • Please note that only shortlisted candidates will be contacted

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *