VisionFund is World Vision’s microfinance provider serving vulnerable clients through loans, savings, and insurance. We enable families to grow their livelihoods in hard to reach, rural locations in 28 countries so that caregivers can create secure futures for their children.
We believe in brighter futures for children; empowering families to create incomes and jobs; unlocking economic potential for communities to thrive.
Join VisionFund as we seek to end intergenerational poverty through microfinance
PURPOSE OF POSITION
The Technical Director, Cybersecurity role in VisionFund International (VFI) will oversee the planning, execution, and management of multi-faceted projects related to compliance, control assurance, risk management, security, and infrastructure/ information asset protection. The role will have the responsibility of plan, execute, and manage multi-faceted projects related to compliance management, risk assessment and mitigation, control assurance, business continuity and disaster recovery, and user awareness. The role furthermore will also develop security policies and procedures such as user log-on and authentication rules, security breach escalation procedures, security auditing procedures and use of firewalls and encryption routines.
Responsibilities
STRATEGY: Work closely with Global CISO on designing and implementing the Global Cybersecurity Strategy. Provides strategic and tactical direction and consultation on security and IT compliance.
- POLICIES, PROCEDURES, & STANDARDS: Acts as primary support contact for the development of secure applications and processes. Maintains an up-to-date understanding of industry best practices. Develops, enhances and implements enterprise-wide security policies, procedures and standards across multiple platform and application environments. Monitors the legal and regulatory environment for developments.
- BUSINESS REQUIREMENTS: Engages directly with the business to gather a full understanding of project scope and business requirements. Assesses business needs against security concerns and articulates issues and potential risks to management. Consults with other business and technical staff on potential business impacts of proposed changes to the security environment. Provides security-related guidance on business process.
- SECURITY SOLUTIONS: Works closely with IT and development teams to design secure infrastructure solutions and applications, facilitating the implementation of protective and mitigating controls.
- Defines security configuration and operations standards for security systems and applications, including policy assessment and compliance tools, network security appliances, and host-based security systems.
- RISK ASSESSMENTS: Works directly with the customers and other internal departments and organizations to facilitate IT risk analysis and risk management processes and to identify acceptable levels of residual risk. Conducts business impact analysis to ensure resources are adequately protected with proper security measures.
- INFORMATION/DATA SECURITY: Defines, identifies and classifies information assets. Assesses threats and vulnerabilities regarding information assets and recommends the appropriate security controls and measures. Develops and manages security measures for information systems to prevent security breaches.
- SECURITY AUDITS: Performs security audits. Participates in security investigations and compliance reviews as requested by external auditors. Consults with clients on security violations. Acts as liaison between internal audit and IT to ensure commitments are met and controls are properly implemented
- INCIDENT MANAGEMENT: Assists security operations team in troubleshooting and resolving escalated security related issues. Builds security incident response teams. Authors incident response plans and support documentation and diagrams.
- BUSINESS CONTINUITY/DISASTER RECOVERY: Develops impact analysis. Assists business partners with the determination of critical business processes and systems. Identifies and coordinates resolution of recovery issues.
- SECURITY PERFORMANCE MANAGEMENT: Develops measures to evaluate the security programs and modifies strategies as appropriate Analyzes reports and makes recommendations for improvements
- COMMUNICATIONS/CONSULTING: Serves in an advisory role in application development projects to assess security requirements and controls and ensures that security controls are implemented as planned.
Required qualifications and experience
- Bachelor’s Degree in Computer Science, Information Systems or other related field, or equivalent work experience.
- Requires in-depth knowledge of PCI-DSS, privacy laws, security standards, security best practices, and security regulations.
- A high proficiency level in threat management, risk management, vulnerability management, and compliance management is required.
- Requires 10 – 15 years cyber, privacy, compliance, or risk management function or a closely related role
- Over 10 years of experience as a senior manager or information security officer.
- Over 5 years of experience managing cyber security incident response teams.
- Experience designing and implementing security solutions.
- Experience in banking and microfinance is desirable.
- Willingness and ability to travel domestically and internationally, as necessary
- Requires Security Certification (i.e., Certified Information Systems Security Professional (CISSP), Certified Information Security Manage (CISM), or Global Information Assurance Certification (GIAC).
- Effective in written and verbal communication in English.