With over 70 years of experience, our focus is on helping the most vulnerable children overcome poverty and experience fullness of life. We help children of all backgrounds, even in the most dangerous places, inspired by our Christian faith.

Come join our 33,000+ staff working in nearly 100 countries and share the joy of transforming vulnerable children’s life stories!

Employee Contract Type

Local – Fixed Term Employee (Fixed Term)

Job Description

As Global Cybersecurity Advisor you are responsible for developing and managing security across multiple IT functional areas (e.g., data, systems, network and/or Web) across the enterprise, develop and manage enterprise security services, and develop security solutions for complex assignments to ensure the company’s infrastructure and information assets are protected. You also work on multiple projects as a team lead.

As part of the IT Security job family you will plan, execute, and manage multi-faceted projects related to compliance management, risk assessment and mitigation, control assurance, business continuity and disaster recovery, and user awareness. You are focused on developing and driving security strategies, policies/standards, ensuring the effectiveness of solutions, and providing security-focused consultative services to the organization.

Major Responsibilities

POLICIES, PROCEDURES, & STANDARDS:

Maintains an up-to-date understanding of industry best practices. Develops, enhances and implements of enterprise-wide security policies, procedures and standards. Monitors the legal and regulatory environment for developments. Recommends required changes to IT policies and procedures. Supports service-level agreements (SLAs) to ensure that security controls are managed and maintained. Monitors compliance with security policies, standards, guidelines and procedures. Ensures security compliance with legal and regulatory standards.

Business Requirements

Engages directly with the business to gather a full understanding of project scope and business requirements. Works with customers to identify security requirements using methods that may include risk and business impact assessments. Consults with other business and technical staff on potential business impacts of proposed changes to the security environment. Provides security-related guidance on business processes.

Risk Assessments And Security Testing

Works directly with the customers and other internal departments and organizations to facilitate IT risk analysis and risk management processes and to identify acceptable levels of residual risk. Conducts business impact analysis to ensure resources are adequately protected with proper security measures. Assesses potential items of risk and opportunities of vulnerability in the network and on information technology infrastructure and applications. Reviews risk assessments, analyzes the effectiveness of IT control activities, and reports on them with actionable recommendations. Monitors risk mitigation and coordinates policy and controls to ensure that other managers are taking effective remediation steps. Manages the oversight of technical risks assessments, such as vulnerability scanning and penetration testing. Performs data breach simulations and testing

APPLICATION SECURITY

Assesses application threats, vulnerabilities, risks and compliance Recommends the appropriate information security controls and measures for Applications. Develops and manages security measures for Applications to prevent security breaches. Manages application security documentation (compliance documentation, security plans, risk assessment, corrective action plans, etc.). Consults with clients on the application security

Security Audit

Performs security audits. Participates in security investigations and compliance reviews as requested by external auditors.

Communications/Consulting

Serves in an advisory role in application development projects to assess security requirements and controls and ensures that security controls are implemented as planned. Collaborates on critical IT projects to ensure that security issues are addressed throughout the project life cycle. Informs stakeholders about compliance and security-related issues and activities affecting the assigned area or project. Interfaces with business and IT leaders communicating security issues and responding to requests for assistance and information. Reports to management concerning residual risk, vulnerabilities and other security exposures, including misuse of information assets and noncompliance.

Vendor Management

Works with third party vendors during problem resolutions. Interfaces with third party vendors to evaluate new security products or as part of a security assessment process.

Coaching/Mentoring

Provides ongoing knowledge transfer to team members and clients on security policies, products and standards. Mentors less-experienced team members.

Qualifications

• Bachelor’s Degree in Computer Science, Information Systems or other related field, or equivalent work experience. Requires in-depth knowledge of security issues, techniques and implications across all existing computer platforms. A high proficiency level in specific job related skills is required.
• Typically requires 5 – 7 years of combined IT and security work experience with a broad range of exposure to security testing, compliance, vulnerability management, risk management, application security, and DevSecOps. Experience designing and implementing security processes, functions, and solutions.
• Willingness and ability to travel domestically and internationally, as necessary.

Preferred Skills, Knowledge And Experience

• CISSP certification CISA certification
• Security Certification (i.e., Certified Information Systems Security Professional (CISSP).
• Effective in written and verbal communication in English (desired)
• Vendor Management experience Project Management experience Risk Management experience Incident Management experience Vulnerability Management experience Threat Management experience Application Security and OWASP experience Compliance Management Experience