ICT Security Expert

What we do

The International Committee of the Red Cross (ICRC) works worldwide to provide protection and humanitarian assistance to people affected by conflict and armed violence. We take action in response to emergencies and, at the same time, promote respect for international humanitarian law. We are an independent and neutral organization, and our mandate stems essentially from the Geneva Conventions of 1949. We work closely with National Red Cross and Red Crescent Societies and with their International Federation in order to ensure a concerted, rational and rapid humanitarian response to the needs of the victims of armed conflict or any other situation of internal violence. We direct and coordinate the international activities conducted in these situations.

Purpose

The ICT Security Expert is a member of the Cyber Security Risks and Compliance (CSRC) office. The expert provides information security advisory services, solution design and L3 operational support to the organisation to ensure that ICRC operates securely across diverse locations and functions delivering services to beneficiaries impacted by armed conflict.

Accountabilities & Functional responsibilities

• Carries out monitoring (e.g. vulnerabilities assessments) using security tools, to ensure that information systems are protected at the appropriate and expected security levels.
• Identifies potential security threats, analyses their consequences and impact, informs the parties concerned and makes sure threats are handled properly.
• Sets up and leads security activities in reaction to critical incidents during emergency situations.
• Develops and maintains an information-security management system.
• Develops and monitors technical compliance with ICT security policies, procedures and standards.
• Provides advice and support to the implementation of systems, applications and processes to ensure compliance with policies, standards and guidelines.
• Participates in Architecture Review Board to approve security design of new projects.
• Provides information security training to specialist roles.
• Provides end-user security awareness training.

People management responsibilities

No

Scope & Impact

Work is related to the security, integrity, and availability of the ICRC’s information systems.

Geographical remit: global.

Relationships

• Internally, interacts with ICT employees and end-users (at headquarters and in the field).
• Externally, interacts with service providers.

Certifications / Education required

• University degree in computer science, engineering or a related field
• Post-graduate degree in information security or networking, or equivalent experience is an asset
• Security certifications such as GIAC, CompTIA Security+ or CEH are required, CISSP and CISM are an asset
• Excellent command (spoken and written) of English is required, French is an asset.
• Knowledge of information security standards, control frameworks and best practice (ISO 27001, NIST, CIS, ENISA, SANS).

Professional Experience required

• 8+ years of professional ICT experience.
• At least 5 years’ professional experience in information security which must include security operations, security control design and solution design.

Additional information

• Type of role: Headquarters
• Working rate: 100%
• Starting date: ASAP
• Location: Geneva - HQ
• Job level: C1
• Length of assignment: Long-Term Assignment 
• Application deadline: 28/04/2024

Our Values

At the ICRC, we value impact, collaboration, respect, and compassion. We seek candidates who demonstrate behaviors based on these shared values. For more information on the ICRC values, please visit this