Germany has been providing Mali with technical and financial development cooperation since its independence in 1960. On behalf of the German Federal Government, the Deutsche Gesellschaft für Internationale Zusammenarbeit (GIZ) GmbH supports the Government of Mali, the authorities, local communities, civil society organizations and the private sector.

The GIZ offices are the central element of GIZ’s decentralized structure and are responsible for ensuring the coherence of the company’s overall representation and for positioning GIZ as a service provider in the international cooperation market. The office is responsible for the management of GIZ’s national staff in Mali.

In the framework of its activities in Mali, the Office of the Deutsche Gesellschaft für Internationale Zusammenarbeit (GIZ) in Bamako is seeking to recruit an: Information Security Officer

• Location of the post: Bamako
• Nature of the contract: Fixed-term contract of one year renewable
• Classification: Band 4

Responsibilities 

The Information Security Officer is establishing and maintaining an information security management system at GIZ in (Country) guided and supported by the company-wide Chief Information Security Officer, the LSS project team and later, after establishment of the ISMS, by the ISM-Team at headquarters in Germany. The Information Security Officer is advising and collaborating with all units and projects of GIZ in Mali

Tasks 

Initial Tasks 

In the initial phase of implementation, the establishment of a local information security management is focused. To successfully do this, the Information Security Officer establishes and later manages the security incident process, supports/accompanies the Audit Management process (including the local coordination of “penetration testing”) and ensures that a functioning vulnerability management is in place. As the local representation of the information security organization and thus the Information Security Management System (ISMS), the Information Security Officer acts as Single Point of Contact (SPoC) for information security. He/She also is the SPoC for projects and contact for all topics concerning information security.

The Information Security Officer ensures through a structural analysis (asset recording) an up-to-date and complete asset inventory (in cooperation with asset owners). Towards Headquarters, specifically towards the Chief Information Security Officer (CISO), he/she provides structured reporting. The Information Security Officer is responsible for managing and recording the status of information security, which includes the mentioned assets.

The Information Security Officer establishes the local InfoSec Risk Management (IRM) and is accompanying the risk register which is implemented through identification of risks with asset owners, risk assessment with risk owner involvement, risk treatment management and further connected tasks.

Continuous Operation and Updates 

After the initial establishment, the Information Security Officer is responsible for reviewing and updating the local information security concept, the coordination and implementation of measures and the communication and implementation of guidelines/concepts as well as the adaptation of guidelines/concepts to local conditions.

Concerning the information security awareness among employees, the Information Security Officer coordinates existing awareness measures and is to a limited extend personally responsible for the awareness/training efforts.

He/She is further responsible for the control of the effectiveness of security measures, for revisions and audits and for ensuring the investigation of IT security-related or Information security incidents & coordination of their reporting (reporting system). As representative of the ISMS and sort of local counterpart of the CISO, the Information Security Officer also has the permanent task of reporting to the CISO and supply necessary information for the management report of the CISO.

For the local offices, the Information Security Officer provides continuous consulting on information security topics and the constant operation of risk management and level estimation of information protection requirements.

Desired qualifications, competences, and experience 

The Information Security Officer is responsible for all information security issues in the country office. He/She should have the following competencies and capabilities or acquire them over a reasonable period of time:

• 5 years work experience in an international organization with a minimum of 1000 employees, familiar with organizational structures and processes
• Experienced in conducting audits
• Knowledge and experience in information security
• Knowledge and experience in ISO/IEC 27001
• Basic knowledge of actual Microsoft Software and Services Excellent communication skills
• Ability to work independently
• Proficiency in English

All applications must include: (i) a letter of motivation, (ii) a curriculum vitae, (iii) legalized copies of diplomas and (iv) contact details of referees.

All applications with the full title of the post:  » Information Security Officer » should be sent by e-mail to: recrutementmali@giz.de

The closing date for submissions is 18 February 2022, at 17:00. If you need information, please send an e-mail to recrutementmali@giz.de

GIZ encourages applications from women and people with disabilities.

Only shortlisted candidates will be contacted