International Rescue Organization (IRC)
We respond to the world’s worst humanitarian crises and help people to survive, recover, and gain control of their future. Join us #StandWithRefugees.
The Senior Information Security Analyst is a key member of the Global Information Security (GIS) team supporting cyber security and data privacy services, operations, communications, and awareness. Reporting to and supporting the Deputy Director of Security Operations (DD SecOps), this role strengthens IRC’s risk posture through the support of the multi-year Security Enhancement Program (SEP). This position serves as a backup to the Deputy Director SecOps and develops and aligns IT security controls with strategy and best practices, proactively and reactively assessing threats. The ideal candidate has a consistent record in both IT security technology implementation, operation and incident response.
This role is a key member of the GIS team supporting cyber security and data privacy services, operations, communications, and awareness. Reporting to and supporting the Deputy Director of Security Operations (DD SecOps), this role strengthens IRC’s risk posture through the support of the multi-year Security Enhancement Program (SEP). This position serves as a backup to the Deputy Director SecOps and develops and aligns IT security controls with strategy and standard methodologies, proactively and reactively assessing threats. The ideal candidate has a proven record in both IT security technology implementation, operation and incident response.
Cyber Incident Response and IT Security and Privacy Support
- Strengthen security operations by leading the design and deployment of key technology security and privacy features. Lead organizational threat intelligence, incident response teams, and server as the primary author for IR playbooks and processes.
- Be responsible for and administer Security Information and Event Management (SIEM) system, improving processes to ensure alerts are dispositioned according to standard processes at all levels of support. Provides ongoing analysis and tuning of the SIEM and implements SIEM and EDR-related management processes, including incident response playbooks and procedures for current and emerging threats.
- Design and implement security and privacy health feedback metrics for multiple audiences. Use multiple sources, as necessary, to create and maintain metrics/measurements to articulate the current risk posture.
- Serve as primary custodian (administrative, operational, and technical system administrator) for key Sentinel, Zerofox, Mandiant, Azure Defender, M365 security and compliance, and other systems as specified. Provide technical direction and training to technical staff to correct high-priority vulnerabilities. Resolve problems through internal resources or consultation with vendor technical support staff.
- Provides input and advisory support to MS Dynamics 365 security team.
- Actively supports Managed Security Services Providers and other related risk management providers.
Change and Project Management
- Works with organizational change management specialists to update and strengthen communications.
- Coordinates with PMO and adheres to PMO project methodology.
- Completes projects on time and quickly develops and maintains relationships with the organization.
Key Working Relationships:
Position Reports to: Deputy Director – Security Operations
Position directly supervises: NA
Indirect Reporting: Other Internal and/or external contacts:
Internal: IT staff across regions, HQ and Nairobi iHub, Safety and Security Team, Integra
External: Industry/sector peers and vendors. Law enforcement if needed for incident response.
Bachelor’s degree in an information systems-related field is required or 5 years of equivalent work experience. Advanced degree preferred.
Min 3-6 years in IT including at least 2 years in IT security operations, 2-5 years in a global organization;
Demonstrated Skills and Competencies
- Demonstrable experience leading and improving incident response for 8,000+ enterprises including establishing processes, standards, and runbooks.
- Validated, hands-on understanding of Azure and enterprise-class technologies including phishing simulators, and email security (i.e. gateway, DMARC/SPF/DKIM, etc.) M365, DLP and SSO/SAML, etc. sufficient to engineer technical security controls and respond to incidents.
- Confirmed, hands-on experience optimizing cloud security systems such as MS Defender, Google Security Center, and AWS (i.e. IAM, Macie, GuardDuty, Cloudtrail, etc.) Meraki, CASB, Box or Salesforce Shield, etc.)
- Experience with MS KQL, python, and cyber frameworks (i.e Mitre Attack Framework, CIS, OWASP, etc.).
- Good interpersonal skills to help identify key relationships and maintain them, and adequate oral and written communications skills for technical policy and standards development.
- Proven project management capabilities for deployment of IT security products and supporting communications skills needed to drive organizational change.
Language Skills: English required
Language Skills: English required; French and Arabic a plus
Certificates or Licenses: GIAC, CISSP, ITIL, CISM or others, which support the adequate ability to design, deploy and operate IT security solutions; must possess or be actively working towards AZ500 Microsoft Azure Security Technologies.
Looking to sharpen your IT Security skills to stay relevant in the market? CLICK HERE to have a look at the top schools.
For all your IT certification needs, please, click here for information on how to get started