Global Communities works at the intersection of humanitarian assistance, sustainable development and financial inclusion to save lives, advance equity and secure strong futures. We support communities at the forefront of their own development in more than 35 countries, partnering with local leaders, governments, civil society and the private sector to achieve a shared vision of a more just, prosperous and equitable global community. 

The Director, Information Security is a hands-on leadership role responsible for advancing, improving, and managing Global Communities digital protection and cybersecurity program across all offices worldwide. This includes the appropriate framework(s), architecture, internal/external threat prevention and information security operations. S/he oversees the development, implementation and enforcement of information security policies, standards, and procedures.

The Director, Information Security ensures all information systems are functioning in accordance with established security policies and procedures. S/he oversees IT risk evaluations, audits, and security incident investigations. The Director, Information Security Director provides strong and clear guidance, advice, and recommendations to the Chief Information Officer and other key Global Communities’ staff on risk management, digital protection, and cyber security. S/he actively contributes to the development and implementation of a comprehensive information security strategy, including ongoing collaboration with data protection counsel.

• Develops and implements multi-year strategic plans to enhance information security maturity across the organization. Aligns plans with business goals, risk tolerance, and emerging cybersecurity trends.
• Develops, maintains, and continuously improves information security frameworks, governing policies, standards, and procedures. Ensure alignment with industry best practices and evolving organizational needs.
• Collaborates with internal data protection counsel to ensure compliance with global data protection regulations, including the GDPR. Leads the development and implementation of a comprehensive data protection and privacy program.
• Collaborate with regional teams to ensure the effective execution of security measures aligned with company policies and local regulations.
• Directs and approves the designing of security architecture and systems.
• Leads information security operations, including managing managed security service provider(s), incident response, impact analysis, remediation, and prevention activities.
• Manages IT control policies for the organization. Provide hands-on oversight of the implementation and maintenance of controls outlined in CIS Controls and NIST SP 800-53, adapting strategies to regional and global requirements. Conducts hands-on risk assessments and audits to ensure ongoing compliance.
• Reviews vulnerability and event detection plans, reports risks and follows-up with IT teams, as necessary.
• Schedules periodic security audits, including coordination and participation. Leads and ensures execution of remediation plan[s].
• Leads the evaluation and mitigation of internal/external threat prevention.
• Acts as the subject matter expert responding to cybersecurity questions and concerns from staff, partners, and donors.
• Communicates security policies, standards, procedures, and best practices across the organization.
• Leads the development and maintenance of a global incident response plan, actively coordinating efforts in the event of a security incident. Conduct hands-on post-incident reviews and implement remediation plans globally.
• Reports regularly to the Chief Information Officer and other key stakeholders as required on the status of the digital protection and cybersecurity program, including metrics, risks, and remediation actions.
• Provides coaching and mentoring to direct reports as well as others within the global IT team.
• Coordinates with internal and external stakeholders on information security governance and compliance.
• Manages information security program budget within annual plan.
• Designs and executes IT supplier assessments and due diligence to ensure compliance with Global Communities contractual/legal obligations and information security policies and procedures.
• Conducts periodic testing of cybersecurity defenses using tooling, “red team” exercises or other well-recognized testing mechanisms and provides areas of improvements.
• Develops and delivers hands-on global training programs to educate employees on security best practices and data protection requirements.
• Collaborates with regional teams, procurement, and legal to assess and manage the security risks associated with third-party vendors globally.
• Provides hands-on leadership of a global information security team, actively participating in strategic planning and providing direct support to regional security leads. Foster a collaborative and inclusive global team culture.

POSITION SPECIAL RESPONSIBILITIES:

• Supervise a unit of at least two employees in accordance with the organization’s policies and applicable laws. Responsibilities include servant and inclusive leading, coaching, mentoring, assigning, and directing work; interviewing, hiring, and training employees; appraising performance; rewarding and disciplining employees; addressing complaints by providing solutions.
• Expected to travel on behalf of organization up to 15% annually in support of technology audits, projects, and/or initiatives.

• Undergraduate degree in a related discipline and a minimum of eight years of related work experience or a minimum of 12 years of related work experience.
• Degree in computer science, Information Technology, Information Systems, Cybersecurity, or related field, or equivalent cybersecurity experience.
• Certified Information Systems Security Professional (CISSP) or equivalent certification.
• Proven ability to manage multiple concurrent engagements with shifting priorities, demands, and timelines.
• Minimum 7 to 8 years’ experience in digital protection and cybersecurity role(s).
• Minimum 3 to 5 years’ experience in leading global digital protection and cybersecurity programs, including staff management and IT project management.
• Strong understanding of cybersecurity principles, risk management, and regulatory requirements in various countries.
• Experience assessing IT security risks, designing practical action plans, and exposure to IT service management processes and tools.
• Familiarity with industry standards such as ITIL, CIS Controls, ISO 27001, and NIST SP 800-53.
• Exceptional planning, organizational, problem-solving, analytical, interpersonal, decision-making, oral, and written communication skills.
• Knowledge of servant and inclusive leadership philosophies and practical application in a geographically dispersed team context.
• Evidence of successful operation in organizations with global, regional, and country-based staff.
• Capacity to build and maintain excellent relations, work effectively in a multicultural environment, and respect diversity.
• Strong personal, organizational, and self-management skills, with an ability to lead teams and motivate others.
• Second language is a plus.
• Experience working in an international development nonprofit/NGO environment preferred.
• Knowledge of the NGO Reference Model preferred.