VACANCY ANNOUNCEMENT
As a federal enterprise, the Deutsche Gesellschaft für Internationale Zusammenarbeit (GIZ) GmbH supports the German Government in achieving its objectives in the field of international cooperation for sustainable development. We work in a variety of fields and support our cooperation partners in designing strategies and meeting their policy goals. GIZ Viet Nam is currently engaged in four priority areas: 1) Vocational training; 2) Environmental policy and sustainable natural resource use; 3) Energy; 4) Sustainable Economic Development. Gender equality is one of the key values of our company and of the work we do. Fostering gender equality in our project operation and our internal equal opportunity provisions are two strategic pillars of our corporate identity and policy. For further information please visit our website: www.giz.de/viet-nam.
In order to protect all valuable information processed by GIZ worldwide, it is necessary to establish an information security management system (ISMS). GIZ is currently implementing such a system based on the ISO/IEC 27001 standards. To further develop and operate the ISMS at GIZ Viet Nam and Laos, it is necessary to have a person who takes care of the function as regional Information Security Officer (ISO) for both countries.
There are various roles and functions to ensure information security at GIZ. Coordination at the corporate level is handled by the Chief information Security Officer (CISO) and his/her ISM-T team. However, for the local development and operation of information security, a local ISO is responsible. The local ISO works closely with other existing functions such as IT-Professionals, Digitalization Partners, Head of Units and Country Office Management team.
The GIZ Country Office Hanoi is looking for an qualified candidate to fill the following position:
Regional Information Security Officer
for Viet Nam and Laos
Duty station: Hanoi, Viet Nam and/or Vientiane, Laos
Duration: 3 years contract starting from February 2025
Main tasks:
Development of an ISMS
- Implementing, coordinating, and continuously improving the local information security management system (ISMS) based on the ISMS country project plans
- Coordinate, create and revise the security policies and related sub-concepts based on the context of the country or country region
Implementation of measures
- Planning and coordinating the implementation of information security measures in close alignment with management level and key stakeholders such as e.g., HQ-ISMT (Information Security Management Team), IT Department, central Data Protection Team, and Digitalization Partner, local Security Risk Management Officer (SRMO) and projects
- Support in the implementation and coordination of security-relevant processes
- Monitor the effectiveness of the information security program and make recommendations for improvements to the departments of the country office
- Support and maintain incident management
Advising and reporting to management
- Reporting on the local information security management system (ISMS) performance to local management level and HQ/ Chief Information Security Officer (CISO)
- Reporting of security risks and issues to local management and HQ/CISO
- Advising the local management and HQ/CISO how audit findings should be implemented
Internal audits and support on external audits
- Develop an internal audit plan based on the audit program from HQ/ISMT
- Support and conduct internal audits for the implementation of applicable security control objectives
- Prepare and support the continuous improvement through the certification and surveillance audit
- Contact person for all internal and external non-conformities in audits
Awareness and central contact person
- Provide guidance and support to employees on information security best practices
- Initiation and implementation of awareness-raising measures for information security in consultation with various stakeholders (such as IT professionals and local digitization partners)
- Close interaction and communication to Headquarter ISM-Operations and relevant stakeholders
Minimum requirements:
- At least 5 years of experience working in the field of information security, setting up and/or operating an ISMS
- Knowledge and experience in information security with methodological competences in ISO/IEC 27001 and related standards, risk management, vulnerability management and audit are required
- Basic knowledge of IT – management systems will be an asset
- Excellent communication skills in English and the ability to network with key stakeholders and to work in a team are key requirements for this position
- The ability to interpret standard ISO requirements for the local context and propose practical implementation measures is highly relevant for this role
- Being pro-active, having a commitment to life-long learning and staying up to date with security and threat-related trends by attending necessary further training is required
- Independence, credibility, impartiality, and unconditional discretion is essential for the job
- Frequent travels between Viet Nam and Laos is required for this regional role
GIZ is committed to create an appreciative work environment, irrespective of age, ethnic background and nationality, gender and gender identity, physical and mental abilities, religion and worldview, sexual orientation and social background. We ensure human resource processes live up to the diverse competencies and talents of all employees, as well as satisfy our performance expectations.
What we can offer to the successful candidates:
- Good working environment
- Competitive compensation and benefit packages such as contribution of all compulsory insurances, providing with the additional health care, the annual health check-up and the 24-hours accident insurance.
- Covering all travel expenses with travel allowances when traveling on business
- And good policy on training and development
- And policy on flexible working time
Interested qualified candidates are invited to send the GIZ Application Form in English, copies of relevant certificates and references, either by email (to [email protected] ) or by post (to GIZ Office Hanoi, 6th Floor Hanoi Towers, 49 Hai Ba Trung Street, Hanoi, Vietnam) before 21st November 2024.
Note:Please state “Application for the Regional Information Security Officer_GIZ CO Hanoi”in the subject line or on the envelope. The short-listed candidates will be contacted within 4 weeks after the deadline. Telephone contact is not encouraged.
Please visit our page Career Opportunities to download the GIZ Application Form and further job opportunities.
To process your application, we collect and process data from you. You may read Our Data Privacy Notice, which provides further information on the data we store, and about your rights, before you continue with your application.
GIZ – YOUR PARTNER FOR A BETTER FUTURE