MSF is an international, independent medical humanitarian organisation. We provide medical assistance to people affected by conflict, epidemics, disasters, or exclusion from healthcare. We are a non-profit, self-governed, member-based organisation. MSF was founded in 1971 in Paris by a group of journalists and doctors. Today, we are a worldwide movement of more than 67,000 people.
MSF coordinates operations through collaborations between global offices. The ‘MSF Operational Centre Amsterdam’ (OCA) is a partnership that is composed of the partners MSF-Canada, MSF-Germany, MSF-SARA, MSF-Sweden, MSF-Holland and MSF-United Kingdom. MSF-OCA operates medical humanitarian interventions in about 25 countries with more than 11,000 staff.
The office of MSF-Holland located in Amsterdam hosts more than 400 employees, offering direct support to MSF-OCA operations. Around 50 staff focus on recruitment, communication and fundraising in The Netherlands (MSF-Holland) and 350 staff are focused on supporting MSF-OCA operations.
At Médecins Sans Frontières (MSF) / Artsen zonder Grenzen, we are committed to an inclusive culture that encourages and supports the diverse voices of our employees. Our diversity fuels our innovation and connects us closer to our beneficiaries and the communities in which we work. We welcome applications from individuals of all genders, ages, sexual orientations, nationalities, races, religions, beliefs, ability status, and all other diversity characteristics.
As per 1 November, we are looking for an
Information Security Officer
Based in Amsterdam
Information Security Officer (ISO) is part of the Control Unit and reports directly to the Controller. The Control Unit is a department that reports to the General Director and the Board of the association. Besides controllers and auditors, the team also has a data protection officer in place and legal counsel functions. This role reports to control but will closely work with the ICT department on a daily basis.
The IT department is strengthening the information management set-up and we are therefore supporting the team with a few roles. This is a temporary role, as the expectation is that current roles take over the responsibilities in two years from now.
- In line with the global IT strategy and in close coordination with the various departments at MSF-Holland, the Information Security Officer provides the strategies necessary to ensure the confidentiality, integrity, and availability of MSF’s information. This will be done in close cooperation with the Information Security Management working group on international level.
- You take ownership of creating and implementing policies & procedures related to the above from a technical and process perspective;
- You also take the lead in the information security related incidents, including proposing curative / preventive measures.
- You create information security strategies for the short- and long-term. These strategies naturally support the organization’s goals and the legal and regulatory requirements (for example, GDPR compliance). You work in close collaboration with the IT department, especially with the Information Management Lead (a new role for which we are just finalising recruitment).
- You implementing afore-mentioned policies by hands-on involvement. Implementation takes place for the head office in Amsterdam and for MSF-OCA’s missions and projects in other countries.
- You communicate risks and recommendations in a non-technical way and in cost/benefit terms to senior management, so decisions can be made to ensure the security of information systems and information entrusted to the organization.
- You monitor all ongoing activities related to the development, implementation, and maintenance of the information security policies and procedures by ensuring these policies and procedures encompass the overall security aspects.
- You assist departments in the development of local process and procedures and the implementation of those, ensuring they are in line with the organizations policies.
- You balance between the efficiency of business processes and maintaining the confidentiality, integrity, and availability of organizational or stakeholder information.
- You ensure vulnerabilities are managed by directing periodic vulnerability scans and threat analyses, in line with the state of the art in information security standards and developments.
- You participate on risk / security assessment on assets / third parties involved in information processes.
- You develop information security awareness training and education programs; work with other organizational or external entities to present them to staff, and management. You also schedule awareness sessions to raise the awareness of MSF staff and volunteers.
- You participate in local, regional, and national awareness and education events, as appropriate.
- You ensure an organization system-wide disaster recovery program, and incident response plans.
A key challenge of the role has to do with the understanding that MSF is not an IT-centric organization. This implies that both the budget and awareness regarding this topic are low, and don’t always get prioritized. Therefore we are looking for someone with the right expertise and work experience to hit the ground running, but who is motivated to use this experience to support the goals of our organisation.
We are looking for an enthusiastic person who has a self-confident and result oriented attitude. Integrity and contextual awareness are key competences, combined with technical know-how. This technical know-how can be learned by a degree in computer science, information security, IT Risk Management, or a related field. The role will require an excellent understanding of information security concepts, protocols, industry best practices and strategies. You will also need to have experience in performing risk, business impact, control and vulnerability assessments, and in defining treatment strategies. Furthermore you will need to have an understanding of GDPR and you must be able to think “outside of the box” to mitigate risks and reduce vulnerabilities to the minimum.
In order to set this role up in a good way it is key that you can commit to and feel motivated by the MSF principles and that you have work experience in an international environment like ours. The working language is English so you need to excellent speaking and writing skills. You will need to be persuasive and have a professional communication style. You should be capable of communicating security related topics to a wide variety of audiences with varying levels of technical understanding. The ability to interact with senior management and to influence decision makers is key. Therefore you must have strong organisational sensitivity but also assertiveness.
- A challenging and exciting position in an international environment.
- A Dutch employment contract for one year, full time, at first. There is an option for renewal for another year (based on satisfactory performance).
- A gross salary in scale 7 between € 3,360 and € 4,798 depending on relevant professional work experience, for full-time employment (based on a 40-hour week).
- A holiday entitlement of 30 days per annum.
- A premium-free pension.
Information and Application
If you are interested in this post and would like additional information, please contact Rim Mukhopadhyay at email@example.com.
If you believe that you fit the profile, you can react directly via the ‘Apply Now’ button and upload a letter of motivation and Curriculum Vitae in English as one combined document.
Deadline for application is 18 October. Due to the urgency with which we would like to fulfil this role, we might interview already before the closing date. The selection will be done by means of an assignment and two interviews.
*** Acquisitions regarding this position are not appreciated ***