Information Security Officer (ISO) 3A

Reports to: Head of Finance and Administration (LFA) / CISO / ISM-T (for technical subjects)

Duration: 2 Year Contract

Duty Station: Hatfield, Pretoria

Salary Band 4A

Background

The Deutsche Gesellschaft für Internationale Zusammenarbeit GmbH (GIZ) is a public-benefit federal enterprise working in more than 100 countries worldwide. We work on behalf of the German Government and support public and private sector clients in a wide variety of areas, including economic development and employment, energy and environment, and peace and security. GIZ works project based and has decentralized activities in South Africa, Lesotho and eSwatini. The Country Office (CO) is the governance and service structure of GIZ South Africa, Lesotho and Eswatini, together with the recently commissioned started WE4D (Promoting female employment for Africa’s green transformation).

In order to protect all valuable information processed by GIZ worldwide, it is necessary to establish an information security management system (ISMS). GIZ aims to implement such a system based on two standards, ISO/IEC 27001, and the BSI Baseline. The head office is focusing on building the ISMS according to the German standard, while the country -and project offices are developing the ISMS according to ISO/IEC 27001. To successfully implement the ISMS in the country offices, it is necessary to have a person who takes care of the function as Information Security Officer (ISO).

There are various roles and functions to ensure information security at GIZ. Coordination at the corporate level is handled by the Chief information Security Officer (CISO) and his/her ISM-T team. However, for the local implementation and operation of information security, there is a need for a new function called the local ISO, which is filled by a full-time person. The local ISO works closely with other existing functions such as IT-Professionals (IT-Pro) Digitalization Partners (DIPA), Head of Units and Country Office Management level. It is important to note that Information Security Officers cannot be IT Professionals, Digitalization Partners, or Head of IT Units at the same time to avoid conflicts of interest.

The ISM-T and CISO provide technical leadership for the implementation of the global information security management system (ISMS) [1], while disciplinary leadership is provided by the management level of the country office. The Information Security Officer’s role is to serve as the point of contact for the implementation and continuous management of the local ISMS. They are responsible for monitoring the security policies and controls and has expertise in information security risk assessment in the respective area.

[1] During the beginning of the implementation of the global information security management (ISMS) the LSS-ISMS team is responsible for provision of technical support and leadership.

Responsibilities (See full job description download below)

The Information Security Officer (ISO) is responsible for establishing, implementing, and maintaining an information security management system at GIZ South Africa, Lesotho and eSwatini, in collaboration with the ISM team at Headquarters of GIZ in Germany. Based on the already introduced SOPs and measures. The ISO is advising and supporting all units of the Pretoria County Office (CO) and the various projects of GIZ South Africa, Lesotho and eSwatini.

The ISO, as the focal point, must establish, implement, maintain, and continually improve the information security management system.

The areas of action remain in the following domains: organizational, physical, people, technological. In this position the ISO must control the necessary measurements that are in place.

The ISO is a facilitator and advisor of the documented measures within the policies.

ADDITIONAL INFORMATION

• This position is based in the GIZ South Africa / Lesotho / eSwatini Country Office currently based in Hatfield, Pretoria
• At GIZ, you will be offered a global network and an atmosphere that is characterised by diversity, respect, and genuine equal opportunities. Gender equality promotion is a matter of course for us.
• GIZ is a signatory of the Diversity Charter. Recognition, appreciation, and inclusion of diversity in the company are important to us. All employees shall be valued - regardless of gender and gender identity, nationality, ethnic origin, religion or belief, disability, social background, age, or sexual orientation.
• GIZ would like to increase the proportion of employees with disability. Applications from persons with disabilities are most welcome.
• The contract period for this position is twenty-four (24) months.

APPLICATION PROCESS

Suitable candidates should apply by submitting:

• A motivation letter (max. 1 page) stating why they should be the preferred candidate, the value added they will bring to this role and their desired salary range.
• A detailed CV.
• Proof of eligibility to work in South Africa (copy of SA ID)

Applications should be submitted to: recruit-pretoria@giz.de, with the email subject line:

“Application for Information Security Officer” for the attention of Head of Human Resource.

Closing date for applications: 18 August 2023.

Please note that only shortlisted candidates will be contacted!

Applications without a motivation letter will not be considered!