Norwegian Refugee Council, Oslo, Norway
What you will do
As the Information Security Specialist, you will be working in the global ICT Development Section, alongside the Information Security Risk Management Advisor, ICT operations, infrastructure and development teams to improve our digital security set-up and practices.
- Contribute to the establishment of critical elements of an Information Security Management System;
- Assist in development and implementation of CIS 20 controls across the organization;
- Develop, maintain, and present IT security education, awareness, and training for all members of the organization as appropriate;
- Work in tandem with NRC’s developer team and external developer consultants to ensure we are addressing security concerns in our architecture and development efforts.
- Provide cyber-security input, advice and reviews on any digital solution development and implementation;
- Design, implement new, and review existing, IT security measures and controls;
- Contribute to setting up and monitoring a SIEM solution on prioritised components;
- Manage periodic security audits, vulnerability and threat assessments, and direct adequate responses;
- Assess any identified information security risks, propose remedial actions and keep the track of these;
- Handle serious IT operational incidents or security breaches in accordance with ITIL process;.
- Ensure that processes are documented and communicated in language that is relevant and understandable to non-technical audiences.
What you will bring
- Knowledge of cloud security concepts, technologies, and best practices, including but not limited to, automation frameworks, securing containers and container orchestration frameworks, Active Directory, LDAP, Federated SSO, One-Time Password (OTP) technology, SSL, encryption, IDS/IPS, SIEM, malware detection, forensics in a cloud environment, network and web app firewalls.
- Skills in the use of vulnerability assessment and penetration testing tools.
- Able to write sufficient and easy-to-understand technical documentation.
- Comfortable with presenting technical information to a non-technical audience.
- Knowledge of cloud-based technologies (e.g O365, Azure, Kubernetes, Docker and OKTA Authentication tool) is considered a plus.
- Great team player to support other team members and ready to share existing workloads.
17th May, 2022
To help us track our recruitment effort, please indicate in your cover/motivation letter where (unjobvacancies.com) you saw this job posting.