Information Security Specialist

Context

NRC’s global strategic plan for 2022 – 2025 includes Digital Transformation as a strategic enabler for the organization and a key element in expanding the reach of our assistance towards the 2030 ambition. To do so, NRC is increasingly adopting digital solutions to drive internal efficiencies as well as provide digital services to the people it serves. Key to all this will be NRC’s ability to secure systems, applications and the data these will process, to ensure privacy, confidentiality and avoid causing digital harm.

Are you looking to put your information security skills to support digital solutions for millions of people across the globe fleeing conflict?

Great! Please read on..

What you will do

As the Information Security Specialist, you will be working in the global ICT Development Section, alongside the Information Security Risk Management Advisor, ICT operations, infrastructure and development teams to improve our digital security set-up and practices.

Some of your day-to-day tasks will include;

• Contribute to the establishment of critical elements of an Information Security Management System;
• Assist in development and implementation of CIS 20 controls across the organization;
• Develop, maintain, and present IT security education, awareness, and training for all members of the organization as appropriate;
• Work in tandem with NRC’s developer team and external developer consultants to ensure we are addressing security concerns in our architecture and development efforts.
• Provide cyber-security input, advice and reviews on any digital solution development and implementation;
• Design, implement new, and review existing, IT security measures and controls;
• Contribute to setting up and monitoring a SIEM solution on prioritised components;
• Manage periodic security audits, vulnerability and threat assessments, and direct adequate responses;
• Assess any identified information security risks, propose remedial actions and keep the track of these;
• Handle serious IT operational incidents or security breaches in accordance with ITIL process;.
• Ensure that processes are documented and communicated in language that is relevant and understandable to non-technical audiences.

What you will bring

• Knowledge of cloud security concepts, technologies, and best practices, including but not limited to, automation frameworks, securing containers and container orchestration frameworks, Active Directory, LDAP, Federated SSO, One-Time Password (OTP) technology, SSL, encryption, IDS/IPS, SIEM, malware detection, forensics in a cloud environment, network and web app firewalls.
• Skills in the use of vulnerability assessment and penetration testing tools.
• Able to write sufficient and easy-to-understand technical documentation.
• Comfortable with presenting technical information to a non-technical audience.
• Knowledge of cloud-based technologies (e.g O365, Azure, Kubernetes, Docker and OKTA Authentication tool) is considered a plus.
• Great team player to support other team members and ready to share existing workloads.

We know that you are curious and would like to learn more about this role; please click here to access the full Job Description.

What makes this position attractive?

• A challenging and exciting opportunity with an international team dedicated to advocating for the rights of people forced to flee;
• A chance to lead and direct our efforts towards a major shift in how NRC staff interacts with and values data;
• A Permanent full-time contract with Norway as the primary duty station but we are also open to considering applications from other duty stations such as Germany, United Kingdom, Nigeria, Kenya, Jordan, Lebanon, Bangladesh and Belgium;
• Salary and benefits according to NRC’s salary scale and terms and conditions in the location of employment.

We are also looking for people who share our values:

• To be dedicated in what we do;
• To be innovative with our solutions;
• To act as one unified and inclusive team;
• To be accountable to the donors that make our work possible; the beneficiaries that we exist to serve; and to each other… the members of our NRC family.

We are happy about early applicants.