• Develops and implements multi-year strategic plans to enhance information security maturity across the organization. Aligns plans with business goals, risk tolerance, and emerging cybersecurity trends.
• Develops, maintains, and continuously improves information security frameworks, governing policies, standards, and procedures. Ensure alignment with industry best practices and evolving organizational needs.
• Collaborates with internal data protection counsel to ensure compliance with global data protection regulations, including the GDPR. Leads the development and implementation of a comprehensive data protection and privacy program.
• Collaborate with regional teams to ensure the effective execution of security measures aligned with company policies and local regulations.
• Directs and approves the designing of security architecture and systems.
• Leads information security operations, including managing managed security service provider(s), incident response, impact analysis, remediation, and prevention activities.
• Manages IT control policies for the organization. Provide hands-on oversight of the implementation and maintenance of controls outlined in CIS Controls and NIST SP 800-53, adapting strategies to regional and global requirements. Conducts hands-on risk assessments and audits to ensure ongoing compliance.
• Reviews vulnerability and event detection plans, reports risks and follows-up with IT teams, as necessary.
• Schedules periodic security audits, including coordination and participation. Leads and ensures execution of remediation plan[s].
• Leads the evaluation and mitigation of internal/external threat prevention.
• Acts as the subject matter expert responding to cybersecurity questions and concerns from staff, partners, and donors.
• Communicates security policies, standards, procedures, and best practices across the organization.
• Leads the development and maintenance of a global incident response plan, actively coordinating efforts in the event of a security incident. Conduct hands-on post-incident reviews and implement remediation plans globally.
• Reports regularly to the Chief Information Officer and other key stakeholders as required on the status of the digital protection and cybersecurity program, including metrics, risks, and remediation actions.
• Provides coaching and mentoring to direct reports as well as others within the global IT team.
• Coordinates with internal and external stakeholders on information security governance and compliance.
• Manages information security program budget within annual plan.
• Designs and executes IT supplier assessments and due diligence to ensure compliance with Global Communities contractual/legal obligations and information security policies and procedures.
• Conducts periodic testing of cybersecurity defenses using tooling, “red team” exercises or other well-recognized testing mechanisms and provides areas of improvements.
• Develops and delivers hands-on global training programs to educate employees on security best practices and data protection requirements.
• Collaborates with regional teams, procurement, and legal to assess and manage the security risks associated with third-party vendors globally.
• Provides hands-on leadership of a global information security team, actively participating in strategic planning and providing direct support to regional security leads. Foster a collaborative and inclusive global team culture.

POSITION SPECIAL RESPONSIBILITIES:

• Supervise a unit of at least two employees in accordance with the organization’s policies and applicable laws. Responsibilities include servant and inclusive leading, coaching, mentoring, assigning, and directing work; interviewing, hiring, and training employees; appraising performance; rewarding and disciplining employees; addressing complaints by providing solutions.
• Expected to travel on behalf of organization up to 15% annually in support of technology audits, projects, and/or initiatives.

• Undergraduate degree in a related discipline and a minimum of eight years of related work experience or a minimum of 12 years of related work experience.
• Degree in computer science, Information Technology, Information Systems, Cybersecurity, or related field, or equivalent cybersecurity experience.
• Certified Information Systems Security Professional (CISSP) or equivalent certification.
• Proven ability to manage multiple concurrent engagements with shifting priorities, demands, and timelines.
• Minimum 7 to 8 years’ experience in digital protection and cybersecurity role(s).
• Minimum 3 to 5 years’ experience in leading global digital protection and cybersecurity programs, including staff management and IT project management.
• Strong understanding of cybersecurity principles, risk management, and regulatory requirements in various countries.
• Experience assessing IT security risks, designing practical action plans, and exposure to IT service management processes and tools.
• Familiarity with industry standards such as ITIL, CIS Controls, ISO 27001, and NIST SP 800-53.
• Exceptional planning, organizational, problem-solving, analytical, interpersonal, decision-making, oral, and written communication skills.
• Knowledge of servant and inclusive leadership philosophies and practical application in a geographically dispersed team context.
• Evidence of successful operation in organizations with global, regional, and country-based staff.
• Capacity to build and maintain excellent relations, work effectively in a multicultural environment, and respect diversity.
• Strong personal, organizational, and self-management skills, with an ability to lead teams and motivate others.
• Second language is a plus.
• Experience working in an international development nonprofit/NGO environment preferred.
• Knowledge of the NGO Reference Model preferred.