ISO – Information Security Officer

The “GIZ Country office – Portfolio Management Unit” in Jordan is seeking to recruit an “ISO – Information Security Officer” on full-time base employment as per the below job description.

Qualifications and specialist knowledge

• Bachelor's degree in computer science, information technology, or a related fieldknowledge of hardware and networking systems.
• Advanced knowledge of security frameworks and risk management.
• Experience with implementing and maintain detection systems, firewalls, and prevention systems.
• Certification in information security Implementer based on ISO 27001, CISM/CISA is a plus
• 5 years of professional experience in the field of information security in an international organization with at least 1000 employees
• Knowledge and experience in ISO/IEC 27001
• Experience in conducting audits and ability to argue
• Basic knowledge of the latest Microsoft software and services ecosystem
• Self-initiative at work, and ability to work independently as well as a team
• Excellent communication and interpersonal skills
• Ability to coordinate, adapt, communicate and implement key requirements
• Ability to "think inside" organisational structures and processes

• Excellent command of spoken and written English. German language is a plus.

Core tasks

Under close guidance and in consultation with the Chief Information Security Officer (CISO) and the Information Security Management Team (ISMT) at GIZ’s head office in Germany, you coordinate the local establishment of an Information Security Management System (ISMS) in GIZ Jordan. The Information Security Officer thus acts as the local representative i.e., the single Point of Contact (SPoC) for the ISMS and information security topics. In consultation with the responsible stakeholders at head office and GIZ Jordan, you assume tasks related to the local planning, steering, implementing, monitoring a,nd maintenance of the ISMS project according to ISO27001 standards.

Subsequent to supporting the setting up of the ISMS, the Information Security Officer manages the security incident process, supports/accompanies the audit management process – including the local coordination of “penetration testing” – and ensures that functioning vulnerability management is in place. Through a structural analysis in cooperation with asset owners i.e., asset recording, the Information Security Officer ensures an up-to-date and complete asset inventory and is responsible for recording its information security status. With the involvement of asset owners, the Information Security Officer supports the establishment of a local Information Security Risk Management (IRM) via a risk register for identified risks, mitigation measures, treatment, etc.

After the initial establishment, the Information Security Officer is responsible for reviewing and updating the local information security concept, the coordination and implementation of measures and the communication and implementation of guidelines/concepts as well as the adaptation of guidelines/concepts to local conditions. In conjunction, the Information Security Officer coordinates awareness measures and – to a limited extent, directly assumes responsibility for awareness-raising and training efforts targeting employees.

Guided via head office support, the Information Security Officer assesses the effectiveness of security measures for revisions and audits, ensures the investigation of information security-related incidents, and coordinates their reporting (reporting system). Vis-a-vis the local offices in Jordan, the Information Security Officer advises on information security topics, the operation of risk management and level estimation of information protection requirements. Vis-a-vis the GIZ head office in Germany, the Information Security Officer has the ongoing task of reporting to the CISO/Management Country Office Jordan and supplies necessary information for the management report.

Main activities

• Supports establishing a local Information Security (InfoSec) Risk Management – (IRM) and managing a risk register, which is implemented by identifying risks with asset owners, risk assessment involving risk owners, risk management, and other related tasks
• Implements and coordinates awareness-raising measures and, to a limited extent, assumes personal responsibility for awareness-raising/training activities
• Carries out control of the effectiveness of security measures
• responsible for revisions and audits regarding information security aspects with guidance from CISO (Chief Information Security Officer)
• Ensures the communication and implementation of guidelines/concepts/security measures as well as the adaptation of guidelines/concepts to local conditions
• Ensures an up-to-date and complete asset inventory (in cooperation with asset owners) by means of structural analysis (asset registration)
• Provides structured reporting to the Chief Information Security Officer (CISO) at GIZ Head Office in Germany and GIZ Jordan management
• Reviews and updates policies/concepts after the initial establishment of the local information security concept
• supports of the investigation of IT security or information security incidents & coordinates their reporting (reporting system) and prepares reports and action plans in the event that a security breach does occur continuously evaluating and managing the cyber and technology risk posture of the organization

Interested candidates are kindly requested to submit their motivation letter and CV maximum by 20.12.2022

Emanating from GIZ’s role in enhancing and promoting the efficiency and competency of its political partners and entities and their respective employees, and in view of GIZ’s aim at maintaining and encouraging the stability of employment at its political partners and entities, this position will not be available to any official employee currently working at any of GIZ’s political partners, governmental ministry, department or entity, including any official employees who are on unpaid leave.

GIZ Jordan is applying the defense order no.35, which indicates that all employees should receive two shots of a COVID-19 vaccine and this is shall not apply to those who have not received the Covid-19 vaccine due to medical reasons pursuant to a decision by the Minister of Health or their nominee and those shall present a negative PCR test valid for 72 hours.

GIZ is committed to gender balance and diversity without distinction as to race, gender, or religion, and without discrimination against persons with disabilities. Remuneration will be in accordance with the candidate's qualification, experience, as well as the scope of responsibility for the job announced and in line with local standards.

GIZ would like to increase the proportion of employees with disability. Applications from persons with disabilities are most welcome.

GIZ will send feedback only to the candidates that are shortlisted and interviewed.

للتقديم على الوظيفة من خلال الموقع الأصلي