Director of Information Security, Data Protection and Global IT Operations
Director of Information Security, Data Protection and Global IT Operations
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Job Description
Save the Children International has an exciting opportunity for a Director of Information Security Data Protection and Global IT Operations to join our global team.
Team purpose
The Information Security Data Protection and Global IT Operations team is at the forefront of ensuring technology is delivered across SCI in a safe secure and effective manner. The team is responsible for the maintenance and continual improvement of SCIs Information Security and Data Protection management programme including the delivery of key services such as cybersecurity operations IT risk management and governance and compliance with key data protection and privacy legislation. The team is also responsible for ensuring the delivery of IT across SCIs global country and regional offices is maintained in line with SCI standards and is fit for purpose.
Role purpose
The primary purpose of this role is to safeguard the confidentiality integrity and availability of all SCIs information assets through the implementation maintenance and enhancement of key information security and data protection controls. The role holder will ensure that information security risks across both SCI and Save the Children Association are identified and mitigated through compliance with the SCA Global Cybersecurity standard. The role will advise the SCI SLT Member CEOs and the SCA Audit & Risk Board Committee on compliance and risk in these areas. Responsibilities will include the design and implementation of information security and data protection strategy and annual roadmaps reviewing and setting global standards risk management data protection and privacy management.
Through the Head of Global IT Operations (a direct report) and team of Regional IT Operations Leads the role will ensure all SCI Country Offices and Field Offices deliver safe secure and effective IT operations to support our global humanitarian programmes driving compliance to SCI standards and ensuring IT delivery is fit for purpose.
Through leadership of the SCA Information Security and Data Protection Service the role holder will work with Member IT and Information Security Leads to deliver a consistent approach to information security and data protection management across the movement and deliver cost-effective tools and services through the shared service catalogue.
The Director of Information Security Data Protection and Global IT Operations will also be expected to act as SCIs Data Protection Officer (DPO) pending a review of data protection capabilities and strategy.
The role will lead on major incidents relating to Information Security and Data Protection within SCI and will form a key member of the Crisis Management Team for SCI and Members where required.
Job Title: Director of Information Security Data Protection and Global IT Operations
Reports To: Chief Information Officer
Work Pattern: Hybrid/Remote with flexible working options available
Contract Length: Permanent
Grade: M5
Location: Any approved Save the Children International office location worldwide. For a full list of locations that Save the Children International can hire in please visit: SCI Careers
Time Zone: The role holder must be available to work within Africa Europe or Middle East Time Zones (UTC/GMT / - 3 hours)
Language Requirements: English
International Travel Requirements: up to 5% international travel
Budget Responsibility: $5m
People Management Responsibility: (direct/indirect reports)
Number of people managed in total: c. 26
Manager of a team: Yes
Team Manager (manager of multiple teams): Yes
Principal Accountabilities
- Lead the development and continual improvement of SCIs information security and data protection programme to ensure adequate protection for SCI against information security and privacy risks whilst balancing the application of controls with enabling SCI business operations.
- Identify manage and direct remediation of IT and business risks and compliance gaps in order to maintain appropriate and adequate information security and data protection.
- Act as SCIs Data Protection Officer (DPO) and ensure SCI maintains compliance with UK GDPR requirements providing appropriate policy process and standards to ensure all data handled in accordance with required practices. This role will chair the SCI Data Security and Privacy Working Group
- Direct the provision and delivery of global SCA Information Security (chairing the SCA Information Security Steering Committee) and Data Protection Service for Members ensuring that appropriate value adding services are delivered that reduces key risk and enhances security maturity across the organisation.
- Lead on crisis management response to major security and data protection incidents leading engagement with SCI Crisis Management Team and external authorities as needed.
- Promote a culture of cybersecurity excellence by coaching and mentoring IT members and internal stakeholders leading by example setting standards of integrity and good practice.
- Ensure secure by design is embedded into all technology initiatives through the Architecture Design Board and TDIT Change Request (TDIT CR) process.
- Support SCIs wider risk management efforts (the SCA Risk Framework or SCARF by acting as Senior Risk Owner for Cybersecurity and Data Protection and membership of SCIs Senior Risk Leadership Group (SRLG)
- Ensuring the Global IT Operations team hold COs to account for the delivery of safe secure and effective IT services and that COs adhere to SCI standards and policies for IT delivery. Where any risk is identified hold RDs/CDs to account for the delivery of the remediation plan to agreed timelines.
- Ensure technology suppliers and 3rd party technology services are fit for purpose with information security and are compliant with SCI information security and data protection policies procedures and standards and adhere to SCI Technology Minimum Requirements.
Experience and Skills
Essential
- Information Security Expertise: Strong understanding of security frameworks such as ISO 27001 and NIST CSF. Proficient in risk assessment methodologies security technologies knowledge of current IT and privacy laws specifically GDPR and their implementation in a global context.
- Significant Experience in Information Security Management: Leadership in designing and implementing security frameworks and governance models capable of providing effective security and risk management whilst balancing cost vs value and risk.
- Strategic Vision and Leadership: Ability to develop and implement strategic security initiatives with leadership skills to manage and guide cross-functional teams and capacity to influence stakeholders and drive cultural change towards cybersecurity and data protection excellence.
- Crisis Management and Incident Response: Skills in effectively managing and responding to major high profile security incidents and able to engage with external authorities during crises. Experienced in developing and testing disaster recovery and business continuity plans.
- Communication and Collaboration: Excellent communication skills for articulating complex security concepts to diverse audiences. Able to build and sustain effective relationships with internal teams external partners and stakeholders.
- Training and Mentorship: Proficient in developing and delivering information security training programs. Able to coach and mentor team members and stakeholders fostering a culture of continuous learning and integrity
- Supplier and Vendor Management: Skills in assessing and ensuring third-party compliance with security standards. Able to manage vendor relationships to ensure service delivery aligns with organisational security policies.
- Considerable Experience with Risk and Compliance Management: Identifying and mitigating IT and business risks effectively and ensuring organisational policies comply with regulations like GDPR.
- Experience in Crisis Management: Proven track record of leading crisis management responses to complex security incidents.
- Substantial Experience in Cultural and Organisational Change: Promoting cybersecurity and data protection awareness across organisations.
Desirable
- Experience of field operations and the IT Security-related issues associated with working in remote inhospitable and insecure environments
- A second language preferably Spanish.
Education and Qualifications
Essential:
- A degree in Computer Science Information Technology or a related field is preferred.
- Equivalent practical experience may be considered.
- Professional qualification in Cybersecurity (CISM CISSP or equivalent)
- Familiarity with information security frameworks tools and technology
Desirable:
- Data Protection or Privacy qualification (e.g. CIPP/E or C-DPO)
- Professional qualifications in service management (ITIL) risk management project management (e.g. PMP Scrum Master) will be beneficial.
Working at Save the ChildrenInternational
We know that great people make a great organisation and that our employees play a crucial role in helping us achieve our ambitions for children. We value our people and offer a meaningful and rewarding career along with a collaborative and inclusive environment where ambition creativity and integrity are highly valued.
The work here is challenging but is also immensely rewarding. At Save the Children you will be in good company working with talented like-minded individuals who are determined to ensure that all children survive learn and are protected. Your contribution will help ensure childrens voices are heard at the highest levels and that we achieve our global strategy Ambition for Children 2030 and reach every last child.
Diversity Equity and Inclusion and Equal Opportunities
DEI is core to our vision values and global strategy. Save the Children is committed to creating a truly diverse equitable and inclusive organisation and one which will support us in our vision to ensure every child attains the right to survival protection development and participation.
We are committed to equal employment opportunities regardless of gender sexual orientation race colour ethnic origin nationality disability marital or civil partnership status gender reassignment pregnancy and maternity caring or parental responsibilities age or beliefs and religion. We are committed to diversifying our staff to better represent the communities we serve and actively welcome underrepresented groups to apply.
Reasonable adjustments will be made should any candidate invited to interview require this.
Application Information
Please attach a copy of your CV and cover letter with your application. A full copy of the role profile can be found herevia the job listing. It is recommended that you save a copy of the role profile as it will no longer be available after the advert closes.
Applications will be reviewed on a rolling basis and the job advert may be closed earlier than advertised subject to the volume of suitable applicants. Please submit your application at your earliest convenience to avoid disappointment.
Due to the high volume of applications we receive only shortlisted candidates will be contacted. Candidates who are successfully shortlisted should expect to hear from us within 2 weeks of the advert deadline.
Our recruitment process:
- Application review by our recruiting team based on your CV and cover letter
- Two-stage competency-based interviews with the hiring team
- Some recruitmentmay include an additional assessment or case study stage or a third stage interview
- If successful you will receive a conditional offer of employment followed by your contract subject to passing background checks
We need to keep children and adults safe so our selection process includes rigorous background checks and reflects our commitment to the protection of children and adults from employees are expected to carry out their duties in accordance with our Code of Conduct and all policies and procedures relating to Anti-harassment Health and Safety Safeguarding and DEI and Equal Opportunities.
Save the Children does not charge a fee at any stage of the recruitment process.
Required Experience:
Exec
Employment Type
Full-Time
