ICT Cybersecurity Officer (m/f/x) – MSF Belgium – Brussels

Médecins Sans Frontières

Médecins Sans Frontières (MSF) is an international humanitarian aid organization that provides assistance in more than 60 countries to populations in distress, to victims of natural or manmade disasters and to victims of armed conflicts, without discrimination and irrespective of origin, religion, creed or political affiliation.

ICT Cybersecurity Officer (m/f/x) – MSF Belgium – Brussels

CONTEXT

The ICT Unit of MSF OCB (Operational Center Brussels) delivers ICT services to MSF field teams (4000 users) in about 40 countries around the world and to +/- 500 users in Brussels Headquarters. In a rapidly evolving digital landscape, the OCB ICT vision & capacity are meant to be “Agile, field-inspired, and user-centric while driving MSF towards digitally enabled humanitarian operations”. It aims to build, implement, maintain, and continuously improve ICT architecture, ICT services and infrastructure that support MSF operations’ agility and efficiency. It enables new and more effective ways of working; enhances transversal collaboration between functional departments, supports exploration and innovation.

As ICT Cybersecurity Officer your mission is:

  • to define the strategy of the OCB ICT Unit in regard to digital information security,
  • to design and implement both technical and organizational policies and guidelines concerning digital information security,
  • to build up technical expertise within the unit, and to establish a security-aware culture, both within the technical ICT teams in Brussels and in the field, as well as in the organization as a whole; in order to protect the integrity of ICT infrastructure, to safeguard data (be it medical, financial, HR, or other) against loss or theft,
  • and to minimize the risk of reputational damage to the organization in case of security incidents.

This mission applies to all OCB field operations as well as to the headquarters in Brussels.

You play the role of advisor/subject matter expert in ICT projects, as part of the project team or the steering committees, in collaboration with the project manager.

RESPONSIBILITIES

  • Manage the ICT cybersecurity priorities and roadmap for OCB
  • Be the focal point for the organization in case of ICT security breaches and threats
  • Document security breaches, evaluate impact and implement mitigation plans
  • Work closely with other key members of the ICT Unit Leadership Team to ensure that key interventions identified as part of the cybersecurity roadmap are implemented timely and according to the relevant security controls
  • Design and implement security policies aimed at avoiding, and/or minimizing the impact of security incidents and the necessary control mechanisms to make sure that these policies are being applied
  • Design and implement an incident-response and business continuity strategies to be applied when a security incident does occur aimed at reducing the impact of such security incidents
  • Review and keep up to date the cybersecurity chapters in the Safety and Security Management SOPs
  • Participate in intersectional groups and network related to cybersecurity
  • Assess the level of ICT security both of HQ and of the different field missions and projects by performing audits and evaluations, and formulate concrete steps to address any shortcomings
  • Act as a technical referent during the design and implementation of both application and infrastructure projects
  • Work closely with the entities/people in charge of security in general (Operations (OPS) and finance Risk management Units) or data protection (DPO – Data Protection Officer)
  • Promote and enable a security-aware mindset
    • within the ICT unit, by giving technical guidance and facilitating trainings;
    • among the field staff responsible for ICT in the missions and projects, by creating the needed documentation, policies and guidelines and by giving trainings to increase the awareness of and knowledge about the subject of ICT security;
    • within OCB as a whole, by presenting and motivating the importance of the topic to different stakeholders within the organization.

REQUIREMENTS

Education

  • University degree in computer science or a related field, or equivalent by experience

Experience

  • At least 5 years of experience with both software development and IT operations
  • Experience in performing risk, business impact, control and vulnerability assessments, and in defining treatment strategies
  • Experience in designing and implementing security-related projects is a strong asset
  • Experience in Change management is a MUST HAVE
  • Experience with Central of Internet Security (CIS) Controls is a plus
  • Field experience with MSF or another international NGO is a plus
  • Experience in the area of medical data protection is an asset

Competencies

  • Excellent understanding of information security concepts, protocols, industry best practices and strategies
  • Excellent understanding of modern IT operations:
    • Networking
    • Different operating systems, including at least Linux and Windows
    • Virtualization
    • Containerization
    • Cloud computing
    • Configuration management
    • Infrastructure as code
  • Excellent understanding of modern software development methodologies and tools and their security implications, including a good understanding of the software development lifecycle
  • Excellent knowledge of different aspects of (web) application security
  • Understanding of GDPR and other legal frameworks concerning data privacy and IT security is an asset
  • Sense of urgency; Immediate attention to security incidents
  • Strong oral and written communication skills
  • Team player; Understanding of needs and constraints of different teams
  • Being able and comfortable to work in a green field
  • Being able to take initiative

Languages

  • Fluent in English
  • Proficiency in French a plus

CONDITIONS

  • Expected starting date: As soon as possible
  • Location***: Brussels (Belgium) Possible other locations (within Central European Time zone) where there is a MSF office can be discussed
  • Possible field visits twice a year
  • Contract type: Open-ended contract – Full time
  • For Brussels, Belgian contract; Salary according to MSF-OCB HQ grid. Meal Vouchers – Hospital Insurance (DKV) – Pension Plan – 100% reimbursement for public transportation costs – In-house canteen at fair prices
  • For other locations, the contractual terms, conditions and salary will be established according to the place of work and in respect of MSF standard function and salary grids
  • Adhere to the MSF principles and to our managerial values: Respect, Transparency, Integrity, Accountability, Trust and Empowerment
  • Adhere to the MSF Behavioral Commitments

* For eventual other location, the final outcome depends on local legal limitations (residency, work permit, etc.) and on agreement with the hosting MSF office in these locations.

Deadline for applications: 27 October 2022

How to apply

How to apply?

CV + cover letter to be sent by e-mail [email protected] with “ICT Cybersecurity Officer” in the title. Please name your application documents (CV and cover letter) with your LAST NAME.

Only shortlisted candidates will be contacted.

MSF values diversity and is committed to create an inclusive working environment. We welcome applications from all qualified candidates regardless of disability, gender identity, marital or civil partnership status, race, color or ethnic and national origins, religion or belief, or sexual orientation.

The protection of your personal data is important to MSF. By submitting your application, you consent to MSF using your personal data. For more information, consult our privacy notice to job applicants.


*Closing date: 27-Oct-22