Information System Security Officer

Who We Are

At IREX we strive for a more just, prosperous, and inclusive world—where individuals reach their full potential, governments serve their people and communities thrive.

But around the globe, persistent poverty, repression, and injustice prevent too many people form achieving their full potential.  To address these problems, we focus on people, not on vaccines, roads, or wells. We support individuals and institutions to create change in their own communities—and to create person to person bridges between nations.

IREX works with partners in more than 100 countries in four areas essential to progress: cultivating leaders, empowering youth, strengthening institutions, and increasing access to quality education and information.

IREX seeks an Information System Security Officer (ISSO) that will be responsible for proposing, coordinating, implementing, and enforcing information systems security policies, standards, and methodologies. They will maintain operational security posture for Information Systems to ensure information systems security policies, standards, and procedures are established and followed and assist with the management of security aspects of the information systems and perform day-to-day security operations of the systems. They will also evaluate security solutions to ensure they meet security requirements for processing sensitive information. 

The ISSO will develop and manage an effective cybersecurity awareness program to educate and change the cybersecurity culture of IREX. This role will report to the Chief Technology Officer.  

We are doers. Our decades of on-the-ground experience help us create greater impact, practical recommendations, and lasting partnerships.

Are you the next member of our team?

Your Background & Skills

Required:   

• Minimum of a bachelor’s degree in Computer Science or a similarly relevant technical field. 
• Minimum 10+ years of work experience, including 5+ years of experience managing Information Security in a complex environment. 
• CISSP Certification.
• Excellent stakeholder management skills, high emotional intelligence, and ability to develop strong relationships with colleagues and partners. 
• Excellent analytical skills, ability to understand complex information, consider trade-offs and make recommendations. 
• Strong working knowledge of diverse information technology systems and information security practices. 
• Working knowledge of common information security frameworks and standards such as NIST, GDPR, ISO27001, SOC2. 
• Ability to communicate security and risk concepts to non-technical audiences and non-native English speakers. 
• You must have unrestricted authorization to work in the United States.

Preferred:   

• CIPP Certification.

Your Daily Tasks

• Completes and updates documentation such as Data Classification Guidance, System Security Plans, Risk Assessment Reports, Contingency Plans.
• Conducts periodic reviews of IREX information systems to ensure compliance with established policies and procedures.  
• Develops an effective cybersecurity awareness program to educate and change the cybersecurity culture of IREX, and to ensure understanding of the information system security policies and how those policies apply to their day-to-day activities.  
• Conducts system audits and analyze results for reporting.
• Monitors systems for compliance and vulnerabilities.
• Implements high-priority security mitigations and coordinate critical fixes with the IREX IT system administrators.
• Protects enterprise systems and information by promptly responding to security threats and incidents, acting individually and as part of a the IREX IT Team to resolve issues.
• Proactively hunts for threats and enacting identification, containment, and eradication measures while supporting recovery efforts.
• Acts as subject matter expert to provide insight and guidance.
• Works with IREX IT and Global Program Managers to develop secure technical solutions in the classified environments.
• Captures and refines information security requirements and works with IREX IT to ensure that they are effectively integrated into IREX information systems.
• Provides technical guidance and support for all headquarters and country office teams. 
• Creates training content and conducts regular training sessions for all headquarters and country office project teams  
• Oversees relationship with outsourced providers to ensure prompt and accurate processing. 
• Accountable for ensuring accurate and timely response for business development efforts. 
• Provides support and advice to IREX New Business team during proposal stage and project teams during setup 
• Responsible for the execution of the unit budget; provide input as requested. 
• Identifies opportunities to reduce cost or lower expenses through industry trends in innovation and/or technology 
• Provides ongoing support. 

IREX will make reasonable accommodations in compliance with the Americans with Disabilities Act of 1990, and the Americans with Disabilities Act Amendments of 2008.

We conduct background checks on all successful candidates.

This position is eligible for Telework. The eligible employee is a regular, full-time DC-based staff who works from a worksite outside the DC office for one or more days a week. 

This position is not eligible for Immigration Sponsorship.

NO PHONE CALLS PLEASE

EOE – Equal Opportunity Employer

We are an equal opportunity employer with a commitment to diversity.

All individuals, regardless of personal characteristics, are encouraged to apply. AA/EOE/M/F/Vet/Disabled