ISO – information security officer
The title for internal and official attribution: ICT + Digitalization specialist
Qualifications and specialist knowledge
- Certification in information security Implementer based on ISO 27001, CISM/CISA is a plus
- At least 5 years of professional experience in the field of information security in an international organisation with at least 1000 employees
- Knowledge and experience in ISO/IEC 27001
- Knowledge and experience in information security
- Experience in conducting audits and ability to argue
- Basic knowledge of the latest Microsoft software and services ecosystem
- Self-initiative at work, and ability to work independently as well as in a team
- Excellent communication and interpersonal skills
- Ability to coordinate, adapt, communicate and implement key requirements
- Ability to "think inside" organisational structures and processes
- Excellent command of spoken and written English. German language is a plus.
Major Responsabilities
- Establishes a local Information Security (InfoSec) Risk Management – (IRM) and manages a risk register, which is implemented by identifying risks with asset owners, risk assessment involving risk owners, risk management and other related tasks
- Implements and coordinates awareness-raising measures and, to a limited extent, assumes personal responsibility for awareness-raising/training activities
- Carries out the control of the effectiveness of security measures and acts as responsible for revisions and audits regarding information security aspects
- Ensures the communication and implementation of guidelines/concepts/security measures as well as the adaptation of guidelines/concepts to local conditions
- Ensures an up-to-date and complete asset inventory (in cooperation with asset owners) by means of a structural analysis (asset registration)
- Provides structured reporting to the Chief Information Security Officer (CISO) at GIZ Head Office in Germany and GIZ Jordan management
- Reviews and updates policies/concepts after the initial establishment of the local information security concept
- Takes care of the investigation of IT security or information security incidents & coordinates their reporting (reporting system)
Establishing an information security management system according to ISO 27001 in GIZ Jordan To enable the worldwide protection of critical information processed by GIZ, the establishment of an Information Security Management System (ISMS) is indispensable. This not only protects the compa-ny and our employees but also our partners – in the long term a key competitive factor with our clients. Through the company-wide international standard ISO/IEC 27001 certification of information security management (ISO27001), GIZ targets a wide variety of restructuring processes, requiring experts to coordinate and maintain these changes. While the company-wide coordination lies with the Chief In-formation Security Officer (CISO) and their Information Security Management Team (ISMT) at GIZ head office in Germany, the local establishment and continuous operation of information security ne-needhe the support of a local “Information Security Officer (ISO)” that works closely together with al-ready existing local roles such as IT-Professionals and Digitalisation Partners (DIPAs). The Infor-mation Security Officer works within the existing management organisation in Jordan, while initiating and controlling relevant processes. Under close guidance and in consultation with the Chief Information Security Officer (CISO) and the Information Security Management Team (ISMT) at GIZ’s head office in Germany, you coordinate the local establishment of an Information Security Management System (ISMS) in GIZ Jordan. The Information Security Officer thus acts as the local representative i.e., Single Point of Contact (SPoC) for the ISMS and information security topics. In consultation with the responsible stakeholders at head office and GIZ Jordan, you assume tasks related to the local planning, steering, implementation monitoring and maintenance of the ISMS project according to ISO27001 standards.Subsequent to setting up the ISMS, the Information Security Officer manages the security incident process, supports/accompanies the audit management process – including the local coordination of “penetration testing” – and ensures that a functioning vulnerability management is in place. Through a structural analysis in cooperation with asset owners i.e., asset recording, the Information Security Officer ensures an up-to-date and complete asset inventory and is responsible for recording its information security status. With the involvement of asset owners, the Information Security Officer establishes a local Information Security Risk Management (IRM) via a risk register for identified risks, mitigation measures, treatment, etc. After the initial establishment, the Information Security Officer is responsible for reviewing and updating the local information security concept, coordinating and implementing measures, and communicating and implementing guidelines/concepts as well as the adaptation of guidelines/concepts to local conditions. In conjunction, the Information Security Officer coordinates awareness measures and – to a limited extent, directly assumes responsibility for awareness-raising and training efforts targeting employees. |
The Information Security Officer assesses the effectiveness of security measures for revisions and audits, ensures the investigation of information security-related incidents, and coordinates their reporting (reporting system). Vis-a-vis the local offices in Jordan, the Information Security Officer advises on information security topics, the operation of risk management and level estimation of information protection requirements. Vis-a-vis the GIZ head office in Germany, the Information Security Officer has the ongoing task of reporting to the CISO/Management Country Office Jordan and supplies necessary information for the management report.
للتقديم على الوظيفة من خلال الموقع الأصلي