Vacancy Announcement

Information Security Officer (ISO) For

GIZ Rwanda Country Office

The Deutsche Gesellschaft für Internationale Zusammenarbeit (GIZ) GmbH is a federally owned international cooperation enterprise for sustainable development with worldwide operations. The GIZ Office in Kigali covers GIZ’s portfolio in Rwanda and Burundi. GIZ Rwanda/Burundi implements projects on behalf of the German Federal Ministry for Economic Cooperation and Development, the European Union and other commissioning authorities in the following priority areas: Sustainable Economic Development; Good Governance; Climate, Energy and Sustainable Urban Development; Digitalization and Digital Economy; and regional projects in the Great Lakes Region.

Location:  Country office Kigali – depending on the size of the country office also

                  Transnational.

Fixed Term: 24 months (renewable upon review)

Position: one (1)

A.    Background

To enable the worldwide protection of all critical information processed by the GIZ, the establishment of an Information Security Management System (ISMS) and therefore Information Security Officers in the field structure are indispensable. Through the company-wide international standard ISO/IEC 27001 certification of information security management (ISO27001), the GIZ targets a wide variety of permanent restructuring-processes, all of them requiring experts to coordinate and maintain these changes. While the company-wide coordination lies with the Chief Information Security Officer (CISO) and his/her Information Security Management Team (ISMT) located at the headquarters, the extensive local establishment and continuous operation of information security needs the support of a new local role, which works closely together with already existing local roles such as IT-Professionals and Digital Partners (DIPAs). Concerning existing roles, it is important to note that Information Security Officers cannot be at the same time IT-Professionals due to conflicts of interests.

The goal of Information Security Officer is to be a central single point of contact (SPoC) for organizational overview and control as well as professional knowledge concerning information security in the country office. As information technology (IT) has a big role in information security, IT-specific knowledge and/or close cooperation with technical roles is also an expected area of expertise. For the implementation of information security and the ISO27001-certification, the Information Security Officer is expected to work within the existing management organization of local offices while initiating and controlling relevant processes.

The security risk management Advisor performs the following responsibilities and tasks:

B.    Contents and Tasks

• Initial tasks

In the initial phase of implementation, the establishment of a local information security management is focused. To successfully do this, the Information Security Officer establishes and later manages the security incident process, supports/accompanies the Audit Management process (including the local coordination of “penetration testing”) and ensures that a functioning vulnerability management is in place. As the local representation of the information security organization and thus the Information Security Management System (ISMS), the Information Security Officer acts as Single Point of Contact (SPoC) for information security. He also is the SPoC for projects and contact for all topics concerning information security.

The Information Security Officer ensures through a structural analysis (asset recording) an up-to-date and complete asset inventory (in cooperation with asset owners). Towards Headquarters, specifically towards the CISO, he/she provides structured reporting to the CISO. The Information Security Officer is responsible for recording the current status of information security, which includes the mentioned assets.

The Information Security Officer establishes the local InfoSec Risk Management (IRM) and accompanying risk register which is implemented through identification of risks with asset owners, risk assessment with risk owner involvement, risk treatment management and further connected tasks.

Continuous Operation and Updates

After the initial establishment, the Information Security Officer is responsible for elaborating, reviewing, and updating the local security concept, the coordination and implementation of measures, guidelines/concepts as well as the adaptation of guidelines/concepts to local conditions.

Concerning the information security awareness among employees, the Information Security Officer coordinates existing awareness measures and is to a limited extend personally responsible for the awareness/training efforts.

He/She is further responsible for the control of the effectiveness of security measures, for revisions and audits and for ensuring the investigation of security-related incidents & coordination of their reporting (reporting system). As representative of the Information Security Management System Team (ISMS Team) the Information Security Officer (ISO) also has the permanent task of reporting to the CISO and supply necessary information for the management report of the CISO.

For the local offices, the Information Security Officer provides continuous consulting on information security topics and the constant operation of risk management and level estimation of information protection requirements.

C.    Profile and Abilities

The Information Security Officer is responsible for all information security issues in the country office. He/She should have the following competencies and capabilities or should be able to acquire them within a reasonable period of time:

• Knowledge and experience in information security
• Basic knowledge of actual Microsoft Software and Services ecosystem
• Methodological competence in: ISO/IEC 27001, risk management, vulnerability management, audit
• Has overview of tasks and objectives of the institution and can evaluate and classify them with respect to information security
• Ability to “think inside” organizational structures and processes
• Ability to work independently
• Ability to adapt, communicate and implement key requirements
• Communication skills
• Comprehensive and factual reporting
• Handling of objections
• Mastery of facilitation and auditing techniques
• Managing conflicts
• Persuasion skills
• Social competence
• Quick comprehension
• Analytical skills
• Perseverance
• Professional and personal maturity
• Willingness for further training
• Ability to communicate
• Conscientiousness
• Credibility
• Ability to cooperate and work in a team
• Objectivity, especially when dealing with sensitive issues
• Self-confidence
• Independence
• Un-influenceability and impartiality,
• Unconditional discretion,
• Incorruptibility,
• Ability to argue on the basis of objective evidence
• Language
• High proficiency in English

Interested candidates should submit their application (motivation letter, updated CV, certificates and references) until 12^th June 2023 by e-mail to [email protected]. All attachments should be put together in one PDF file not larger than 2 MB. Please quote the job title in the subject.

GIZ is an equal opportunities employer and is committed to the full inclusion of all qualified candidates. This includes the provision of reasonable accommodation, if needed, in order to participate in the job application and interview process and to perform essential job functions. Please let us know, if you have any particular requirements should you be invited for assessment/interview or that you wish us to consider, when considering your application. Women and persons with disabilities are particularly encouraged to apply.

Only shortlisted candidates will be contacted for test and interview.

GIZ Office Rwanda

KN 41 St. / Nr.17, Kiyovu

P.O. Box 59, Kigali,

Rwanda

GIZ reserves all rights!