Result Areas and Key Deliverables
- In line with the Oxfam Novib ICT strategy and in close coordination with the various departments and units at Oxfam Novib offices, providing the strategies necessary to ensure the confidentiality, integrity, and availability of Oxfam information. This will be done in close cooperation with the Information Security Management working group at the Oxfam confederation level.
- Taking ownership of creating and implementing policies & procedures related to the above from a technical and process perspective;
- Taking the lead in the information security related incidents, including proposing curative / preventive measures.
- Ensuring the organization’s compliance with GDRP and applicable laws, including but not limited to daily operations of the program, development, implementation, and maintenance of policies and procedures, monitoring program compliance, investigation and tracking of incidents and breaches.
- Creates information security strategies for the short- and long-term that naturally support the organization’s goals and the legal and regulatory requirements (e.g. GDPR compliance), and to work in close collaboration with the different units and offices.
- Performs or oversees initial and periodic information security & privacy risk assessment/analysis, mitigation and remediation.
- Implements afore-mentioned policies by hands-on involvement. Implementation takes place for the head office in The Hague and countries where Oxfam Novib is the Executing Affiliate.
- Communicates risks and recommendations in a non-technical way and in cost/benefit terms to senior management, so decisions can be made to ensure the security of information systems and information entrusted to the organization.
- Monitors all ongoing activities related to the continuous improvement, implementation, and maintenance of the information security and privacy policies and procedures by ensuring these policies and procedures encompass the overall security aspects.
- Assists units and country offices in the development of local process and procedures and the implementation of those, ensuring they are in line with the organizations policies.
- Balances between the efficiency of business processes and maintaining the confidentiality, integrity, and availability of organizational or stakeholder information
- Ensures vulnerabilities are managed by directing periodic vulnerability scans and threat analyses, in line with the state of the art in information security standards and developments.
- Participates on risk / security assessment on assets / third parties involved in information processes.
- Develops information security awareness training and education programs to present them to staff, and management and to schedule awareness sessions to raise the awareness of Oxfam staff.
- Participates in local, regional, and national awareness and education events, as appropriate.
- Ensures an organization system-wide disaster recovery & prevention program, and incident response plans.
- Maintains comprehensive records of all data processing activities conducted by Oxfam Novib, including the purposes of all processing activities, which must be made public on request.
- Interfaces with data subjects to inform them about how their data is being used, their right to have their personal data erased, and what measures the organization has put in place to protect their personal information.
- Serves as the point of contact between Oxfam Novib and GDPR Supervisory Authorities.
- If you have any questions about the job description, please contact Rick de Zoete at Rick.de.Zoete@oxfamnovib.nl
- If you have any questions about the application process, please contact Latifa Ait Mbarek at Latifa.Aitmbarek@oxfamnovib.nl
- Only applications submitted before the closing date and through our recruitment portal will be considered.
- Click on the link for the vacancy