Development of an ISMS
- Implementing, coordinating, and continuously improving the local information security management system (ISMS) based on the ISMS country project plans
- Coordinate, create and revise the security policies and related sub-concepts based on the context of the country or country region
Implementation of measures
- Planning and coordinating the implementation of information security measures in close alignment with management level and key stakeholders such as e.g., HQ-ISMT (Information Security Management Team), IT Department, central Data Protection Team, and Digitalization Partner, local Security Risk Management Officer (SRMO) and projects
- Support in the implementation and coordination of security-relevant processes
- Monitor the effectiveness of the information security program and make recommendations for improvements to the departments of the country office
- Support and maintain incident management
Advising and reporting to management
- Reporting on the local information security management system (ISMS) performance to local management level and HQ/ Chief Information Security Officer (CISO)
- Reporting of security risks and issues to local management and HQ/CISO
- Advising the local management and HQ/CISO how audit findings should be implemented
Internal audits and support on external audits
- Develop an internal audit plan based on the audit program from HQ/ISMT
- Support and conduct internal audits for the implementation of applicable security control objectives
- Prepare and support the continuous improvement through the certification and surveillance audit
- Contact person for all internal and external non-conformities in audits
Awareness and central contact person
- Provide guidance and support to employees on information security best practices
- Initiation and implementation of awareness-raising measures for information security in consultation with various stakeholders (such as IT professionals and local digitization partners)
- Close interaction and communication to Headquarter ISM-Operations and relevant stakeholders
- At least 5 years of experience working in the field of information security, setting up and/or operating an ISMS
- Knowledge and experience in information security with methodological competences in ISO/IEC 27001 and related standards, risk management, vulnerability management and audit are required
- Basic knowledge of IT – management systems will be an asset
- Excellent communication skills in English and the ability to network with key stakeholders and to work in a team are key requirements for this position
- The ability to interpret standard ISO requirements for the local context and propose practical implementation measures is highly relevant for this role
- Being pro-active, having a commitment to life-long learning and staying up to date with security and threat-related trends by attending necessary further training is required
- Independence, credibility, impartiality, and unconditional discretion is essential for the job
- Frequent travels between Viet Nam and Laos is required for this regional role
GIZ is committed to create an appreciative work environment, irrespective of age, ethnic background and nationality, gender and gender identity, physical and mental abilities, religion and worldview, sexual orientation and social background. We ensure human resource processes live up to the diverse competencies and talents of all employees, as well as satisfy our performance expectations.
What we can offer to the successful candidates:
· Good working environment
· Competitive compensation and benefit packages such as contribution of all compulsory insurances, providing with the additional health care, the annual health check-up and the 24-hours accident insurance.
· Covering all travel expenses with travel allowances when traveling on business
· And good policy on training and development
· And policy on flexible working time
Interested qualified candidates are invited to send the GIZ Application Form in English, copies of relevant certificates and references, either by email or by post (to GIZ Office Hanoi, 6th Floor Hanoi Towers, 49 Hai Ba Trung Street, Hanoi, Vietnam) before 21st November 2024.