Technical Advisor Job , Information Security, Data.FI at Palladium International,
Technical Advisor Job , Information Security, Data.FI at Palladium International
Palladium develops and delivers solutions that create positive impact for communities, businesses, societies and economies. We transform lives and create enduring value by working with governments, corporations and non-profit organisations.
Technical Advisor, Information Security, Data.FI
Primary Duties and Responsibilities:
- Assist with the continuous development, implementation and updating of Data.FI’s information security and data privacy standards, guidelines, processes and procedures in compliance with USAID and Palladium Information Security policy, with a particular focus on protecting PII/PHI and security in the software development life cycle.
- Operationalize a security assessment and testing program to regularly verify that Data.Fi projects have adequate security controls and that those security controls are functioning properly to safeguard information assets.
- Manage the frameworks, processes, tools and partners/consultants to manage risk and to support risk-based decisions related to information system activities
- Coordinate routine activity audits to proactively identify and mitigate information security risks and facilitate the management response and remediation efforts
- Identify acceptable levels of residual risk and assist with action plans, policy and procedural changes for risk mitigation. Provide strategic recommendations to activities to help improve project results, quality of deliverables, risk optimization, security processes and compliance with regulations
- Facilitate information systems security management education and training in USAID, corporate and project standards for all project staff
- Document any security breaches and assess their damage, working with the project leadership team and Global ICT, following Palladium’s Information Security Policy processes and procedures, In compliance with the Company’s ISO27001 Certification.
- Review all project data sharing / data access agreements and keep a current roster of agreements.
- Collaborate with Palladium Global ICT team, as well as the Lead for Information Security across our Americas Business Unit, on policy development and implementation, as needed
Key Competencies Required:
- Proficient knowledge of information security regulatory requirements and standards such as, GDPR, ISO 27001/2, SANS top 20, ITIL, OWASP, and NIST 800-53.
- Ability to educate a non-technical audience about various information security including cybersecurity measures
- Ability to think through potential scenarios and mitigating interventions to deliver project objectives in diverse and complex environments, including a willingness to think outside the box, approach challenges with creative solutions
- Demonstrated ability to work effectively as part of a team, capturing input and feedback, as well as independently with a high degree of drive, initiative and autonomy
- Demonstrated high level project management skills. Demonstrated ability to coordinate complex activities, meet deadlines, and exercise sound judgment and discipline
- Prior experience of working in a fast-paced, solution-focused and dynamic workplace, with expert skills in multi-tasking
- Ability to work cross-culturally, using inclusive collaborative approaches and language
- Flexibility to work across time zones, at times accommodating meeting times beyond the regular workday
- Excellent oral and written communication skills in English
Professional Expertise/Competencies Preferred:
- Solid industry related certification (e.g., CISSP, CISM, CEH, CISA, CASP, CRISC) strongly preferred
- Experience working in the international development sector
- Prior experience in an information security role for a large project or company
- Familiarity with information security policy in African and Central American countries, highly desired
- French and/or Spanish language skills, strongly preferred