Information Security Officer (ISO) is part of the Control Unit and reports directly to the Controller. The Control Unit is a department that reports to the General Director and the Board of the association.
MSF is an international, independent medical humanitarian organisation. We provide medical assistance to people affected by conflict, epidemics, disasters, or exclusion from healthcare. We are a non-profit, self-governed, member-based organisation. MSF was founded in 1971 in Paris by a group of journalists and doctors. Today, we are a worldwide movement of more than 67,000 people.
MSF coordinates operations through collaborations between global offices. The ‘MSF Operational Centre Amsterdam’ (OCA) is a partnership that is composed of the partners MSF-Canada, MSF-Germany, MSF-SARA, MSF-Sweden, MSF-Holland and MSF-United Kingdom. MSF-OCA operates medical humanitarian interventions in about 25 countries with more than 11,000 staff.
The office of MSF-Holland located in Amsterdam hosts more than 400 employees, offering direct support to MSF-OCA operations. Around 50 staff focus on recruitment, communication and fundraising in The Netherlands (MSF-Holland) and 350 staff are focused on supporting MSF-OCA operations.
At Médecins Sans Frontières (MSF) / Artsen zonder Grenzen , we are committed to an inclusive culture that encourages and supports the diverse voices of our employees. Our diversity fuels our innovation and connects us closer to our beneficiaries and the communities in which we work. We welcome applications from individuals of all genders, ages, sexual orientations, nationalities, races, religions, beliefs, ability status, and all other diversity characteristics.
Effective immediately, MSF-Holland is looking for an:
Information Security Officer (100%)
Based in Amsterdam
Information Security Officer (ISO) is part of the Control Unit and reports directly to the Controller. The Control Unit is a department that reports to the General Director and the Board of the association. Besides controllers and auditors, the team also has two data protection officers in place and legal counsel functions. This role is part of Control but will closely work with the ICT department on a daily basis.
- In line with the global IT strategy and in close coordination with the various departments at MSF-Holland, the Information Security Officer provides the strategies necessary to ensure the confidentiality, integrity, and availability of MSF’s information. This will be done in close cooperation with the Information Security Management working group on international level;
- You take ownership of implementing and maintaining policies & procedures related to the above from a technical and process perspective;
- You play an active role in the management of information security related incidents, proposing mitigations/preventative measures, and ensuring contingency plans are in place, as well as keeping an overview of incidents and contributing to their resolution;
- Engage with various stakeholders within MSF OCA (Operations, Logistics, Public Health Department…) and the wider MSF movement (Infosec network, miss/ disinformation) to ensure operational and organisational risks are being addressed.
- You create information security strategies for the short- and long-term. These strategies naturally support the organisation ’s goals and the legal and regulatory requirements (for example, compliance with data protection and privacy regulations, national legislation in mission countries & external parties). You work in close collaboration with the IT department, especially with the Information Management Team and the data protection officers.
- Ensure implementation of the Information Security policies by hands-on involvement and engagement with departments. Implementation takes place in the head office in Amsterdam and for MSF-OCA’s missions and projects in other countries.
- You monitor all ongoing activities related to the development, implementation, and maintenance of the information security policies and procedures by ensuring these policies and procedures encompass the overall security aspects.
- You assist departments in the development of local process and procedures and the implementation of those, ensuring they are in line with the organisation s policies.
- You communicate risks and recommendations in a non-technical way and in cost/benefit terms to senior management, so decisions can be made to ensure the security of information systems and information entrusted to the organisation.
- You balance between the efficiency of business processes and maintaining the confidentiality, integrity, and availability of organisation al or stakeholder information.
- You ensure vulnerabilities are managed by directing periodic vulnerability scans and threat analyses, in line with the state of the art in information security standards and developments.
- You develop information security awareness training and education programs; work with other organisation al or external entities to present them to staff, and management. You also schedule awareness sessions to raise the awareness of MSF staff and volunteers.
- You participate on risk / security assessment on assets / third parties involved in information processes.
- You ensure an organisation system-wide disaster recovery program, and incident response plans remain relevant and tested.
- You participate in local, regional, and national awareness and education events, as appropriate.
A key challenge of the role has to do with the understanding that MSF is not an IT-centric organisation . This implies that both the budget and awareness regarding this topic are low, and don’t always get prioritized. Therefore, we are looking for someone with the right expertise and work experience to hit the ground running, but who is motivated to use this experience to support the goals of our organisation.
- A degree in computer science, information security, IT Risk Management, or a related field.
- The role will require an excellent understanding of information security concepts, protocols, industry best practices and strategies. You will also need to have experience in performing risk, business impact, control and vulnerability assessments, and in defining treatment strategies. Furthermore, you will need to have an understanding of data protection and privacy and you must be able to think “outside of the box” to help mitigate risks and reduce vulnerabilities to the minimum.
- MSF or INGO experience is highly preferred.
- Fluency in written and spoken English is required .
- You will need to be persuasive and have a professional communication style. You should be capable of communicating security related topics to a wide variety of audiences with varying levels of technical understanding.
- The ability to interact with senior management and to influence decision makers is key. Therefore you must have strong organisational sensitivity but also assertiveness.
- In order to set this role up in a good way it is key that you can commit to and feel motivated by the MSF principles and that you have work experience in an international environment like ours.
- We are looking for an enthusiastic person who has a self-confident and result oriented attitude. Integrity and contextual awareness are key competences, combined with technical know-how .
- A challenging and exciting position in an international environment.
- A Dutch employment contract for one year, full time, at first. There is an option for renewal for another year (based on satisfactory performance).
- A gross salary in scale 7 between € 3,488 and € 4,980 depending on relevant professional work experience, for full-time employment (based on a 40-hour week).
- A holiday entitlement of 30 days per annum.
- A premium-free pension.
- Your career path within MSF is a journey, with Learning & Development (L&D) as one of your loyal companions. From the moment you are recruited until the moment you decide to explore new horizons outside of MSF, L&D will support you with a variety of learning and development opportunities
If you recognize yourself in this profile, we welcome you to apply directly via our website and upload a letter of motivation + Curriculum Vitae (in English) as one combined document.
Deadline for application is 24/04/2022 at 23:59 CET.
Interviews will be held on rolling-basis. Selection will be by means of two interviewing rounds and a test/case may be part of the process.
If you are interested in this post and would like additional information, please contact Taritha Sari Data Protection Officer at Taritha.Sari@amsterdam.msf.org
For more information about the application and recruitment process, please contact Ali Hamdan (recruiter) at email@example.com
***Acquisition is not appreciated***