ACCOUNTABILITIES

1. Security Management

• Develop, implement, and maintain comprehensive IT security policies and procedures.
• Conduct regular security assessments, vulnerability testing, and risk analysis to identify and mitigate potential security threats.
• Monitor and manage security tools and systems to protect the organization’s network, systems, and data.

2. Incident Response

• Develop and implement an incident response plan for addressing security breaches and cyber attacks.
• Coordinate and manage the response to security incidents, including investigation, containment, and recovery.
• Conduct post-incident analysis to determine the root cause and implement measures to prevent recurrence.

3. Security Awareness and Training

• Develop and deliver security awareness training programs for staff to promote best practices in information security.
• Create and maintain security-related documentation, including user guides, policies, and procedures.
• Provide guidance and support to staff on security-related issues and best practices.

4. Compliance and Reporting

• Ensure compliance with relevant security standards, regulations, and policies (e.g., GDPR, ISO/IEC 27001).
• Conduct regular audits and assessments to ensure compliance with security policies and procedures.
• Prepare and present security reports to management, highlighting risks, incidents, and recommendations for improvement.

5. Technical Security Implementation

• Implement and manage security measures such as firewalls, intrusion detection/prevention systems (IDS/IPS), antivirus software, and encryption tools.
• Manage access controls, including user permissions and authentication mechanisms.
• Perform regular security updates and patch management to ensure systems are up-to-date and secure.

6. Collaboration and Support

• Collaborate with IT team members and other departments to ensure security measures are integrated into all IT projects and initiatives.
• Provide technical support and troubleshooting for security-related issues.
• Stay updated with the latest security trends, technologies, and best practices to continually improve the organization’s security posture.

7. Safeguarding

• Ensure that Plan International’s global policy for Safeguarding and PII policy for Preventing Sexual Harassment Exploitation and Abuse; and Gender Equality and Inclusion are fully embedded in accordance with the principles and requirements of the policy including relevant Implementation Standards and Guidelines as applicable to their area of responsibility. This includes, but is not limited to, ensuring staff and associates are aware of and understand their responsibilities under these policies and Plan International’s Code of Conduct (CoC), their relevance to their area of work, and that concerns are reported and managed in accordance with the appropriate procedures.

TECHNICAL EXPERTISE AND KNOWLEDGE

• Bachelor’s degree in information technology, Computer Science, Cybersecurity, or a related field.
• Relevant certifications (e.g., Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), CompTIA Security+, ISO 27001 Certified) are highly desirable.
• Minimum of 3-5 years of experience in IT security, including security policy development, risk management, and incident response.
• Experience with security technologies and tools such as firewalls, IDS/IPS, antivirus software, and encryption tools.
• Familiarity with security frameworks and standards (e.g., ISO/IEC 27001, NIST).
• Experience in a non-profit organization or international development sector is a plus.