The IRC has defined a new strategic mission & vision, along with initiatives and key processes to meet strategic objectives. The IT department provides reliable and scalable application development and infrastructure for the IRC’s offices around the world, including technologically complicated locations. IRC’s ITHQ department includes 70 professionals primarily in the US & Nairobi and over 150 IT professionals in 40 counties supporting 13, 000 staff globally.
The Security Operations Manager (Manager) is accountable for managing and maturing the Security Operations Center (SOC) to improve security operations and measurably reduce risk and incident response time. This key role will also lead security technology deployment and coordinate with Managed Security Services Providers (MSSP). The manager will be supported by at least one analyst with significant, additional support from the GIS team, Global IT (i.e Network Ops, Infrastructure, Database, Cloud Apps, Endpoint, DevOps, MSSPs and several Field and additional HQ technologists. This role further builds out and runs the SOC, including hands-on day-to-day operations and service delivery.
Security Operations and Incident Response
• Day to day management and further maturation of the security operations function including daily monitoring, management and response to security control systems, including SIEM/Sentinel and coordinates with other sysadmins on incidents and other service requests including but not limited to: content search, lost assets, vendor risk assessment, vulnerability management, technical advisory; logs appropriate incidents and service requests and resolves according to priority.
• Serves as custodian for the security of Azure, M365, IEM – Sentinel, Proofpoint, PAM, Qualys and other systems/tools. Leads and guides the DSO.
• Leads incident response, including vendor security issues and manages incidents with up-to-date playbooks. Orchestrates IR activities (i.e. IoC detection, Legal, platform security, communications, threat hunting, etc.).
• Leads development of an IT Business Continuity and Disaster Recovery plan. Monitors patching, threat intelligence, pertinent events; disseminate as needed. Supports IT Audit.
• Working with MSSPs and IT Develop and evolves SOC capabilities for better threat identification, and response automation
Systems Engineering, and Standards
• Provides security engineering leadership and hands on support to deploy security controls.
• Provides mentorship and technical standards for secure systems architecture, design and operations. Standards include feedback KRIs.
• Leverages the Cyber Security Working Group to author and update global standards and ensures alignment with Field IT.
• Manages standards exceptions and maintains the risk register
• Leads hands-on assessment of critical systems and advises Custodians with tools such as Security Compass, secure score, Azure Security Config, Qualys to assess their environments.
• Acts as technical focal point for BUs and handles security vendors.
• Builds reports, dashboards, metrics and presents to Sr. Mgmt.
• Collaborates with team members to develop and maintain the IT security roadmap
Plans and completes projects in a timely manner; escalates as necessary
Quickly develops and maintains relationships the organization.
Key Working Relationships:
Position Reports to: CISO
Position directly supervises: 1+ Information Security Analyst(s)
Indirect Reporting: Director, Network Operations
Other Internal and/or external contacts:
Internal: IT staff across regions, HQ and Nairobi iHub, global Safety and Security Team, line personnel across all regions, emphasis on International Programs.
External: Industry/sector peers and vendors. Law enforcement if needed for incident response. Participates in sector discussions of IT security-related issues.
Education: Bachelor’s degree in an information systems-related field required. Masters preferred.
Work Experience: 3-5 years in IT system design, implementation, and operations in a global organization; 1-3 years in security operations including team leadership.
Demonstrated Skills and Competencies:
• Validated experience in effectively supporting and managing cyber security operations, incident response and security technology deployment and support.
• Validated expertise engineering and implementation enterprise class technologies such as firewalls, proxy servers, messaging security (i.e. S/MIME, TLS, DMARC/SPF/DKIM, etc.) M365 / Google Workspace, Encryption, Box, VPN, DLP, endpoint management and security; WIFI/Bluetooth, IAM and biometrics, SSO/SAML, message filtering, UEM Azure, Azure AD, ServiceNow, mobile, cloud security, etc. Dynamics 365 and Fastpath is a significant plus.
• Demonstrated experience in supervising, mentoring, and building capacity of staff
• Proven capacity to be a self-starter and work remotely with limited reliance on supervision
• Solid project management capabilities for engineering and deployment of IT security products and strong organizational change skills.
• Strong interpersonal skills required to help identify key relationships and to maintain them.
• Strong oral and written communications skills sufficient for senior-level presentation and technical policy and standards development.
Language Skills: English required; French and Arabic a plus
Certificates or Licenses: CISSP, CISSP/ITIL, CISM or others, which support adequate aptitude to design, deploy and operate IT security solutions; CISSP strongly preferred.
Working Environment: Standard office work environment; work location may be another IRC office.
Travel: up to 15%; two trips annually to NYHQ.
The IRC and IRC workers must adhere to the values and principles
outlined in IRC Way - Standards for Professional Conduct. These
are Integrity, Equality, Service, and Accountability. In accordance with
these values, the IRC operates and enforces policies on Beneficiary Protection
from Exploitation and Abuse, Child Safeguarding, Anti Workplace Harassment,
Fiscal Integrity, and Anti-Retaliation