Cybersecurity Lead

CVT is excited to announce our search for a Cybersecurity Lead to join our global staff. 

This is CVT’s first-ever position dedicated to information security, and the person filling this role will have the full support of the organization as they lead holistic efforts to improve cybersecurity at CVT, and to nurture a culture of cybersecurity among staff. 

This position will play a critical role in support of survivors of torture and war trauma, human rights defenders, activists, and other at-risk individuals and organizations around the world.  The ideal candidate for this position will be someone who is enthusiastic about continuously developing their skills and expertise across a number of information security domains as they work creatively and collaboratively to find solutions to combat the complex threats faced by our organization, our partners, and the people we help.

The Cybersecurity Lead will work closely and collaboratively with a wide range of staff and partners based in the United States, Middle East, and Africa, to evaluate and improve our management of cybersecurity risks.  They will partner with staff in the development and maintenance of cybersecurity controls, policies, procedures, processes, workflows, and guidance which will govern technology tools and systems.  They will work to build staffs’ awareness of information security, and will coordinate efforts to educate, train, and evaluate staffs’ understanding of information security.

In addition, the Cybersecurity Lead will monitor systems, identify risks, analyze threats, remediate vulnerabilities, and perform incident response.  They will administer systems which protect CVT technology, and configure the security-related aspects of various technology tools across the organization.

Job Responsibilities:

25%

Monitor systems, analyze threats, and perform incident response. 

Use modern systems and techniques to detect, analyze, and respond to vulnerabilities, suspicious patterns, malicious activity, intrusions, accidental data leaks, etc.   Automate notifications for unusual or high-risk activity.  Perform timely remediation of published vulnerabilities.  Coordinate regular vulnerability scanning and penetration testing.

25%

Develop and maintain cybersecurity controls, policies, procedures, processes, workflows, and guidance.  Collaborate with CVT departments and programs to understand threat models, conduct risk analyses, and help decision makers achieve effective management of risks while allowing business objectives to be met.  Use relevant cybersecurity  frameworks to develop practical, well-informed cybersecurity policies, procedures, processes, workflows, and guidance for on-prem, SaaS, PaaS technology systems.  Continuously evaluate cybersecurity of existing technology and new technology proposed and make recommendations for improvement.

20%

Design and administer cybersecurity systems.  Develop and apply secure configurations.  Install, configure, and maintain cybersecurity systems for managing endpoints, log collection and analysis, network monitoring, email and content filtering, and related activities.  Perform and document hardening of devices and systems.  Automate cybersecurity-related maintenance tasks.

20%

Promote a culture of cybersecurity awareness.  Communicate digital-hygiene best-practices to staff.  Coordinate staff cybersecurity training and evaluation.  Convene and facilitate a community of individuals who serve as cybersecurity focal points representing a cross-section of the organization.  Participate in development of the IT strategic plan.  Partner with other departments and programs throughout CVT to aid in their ability to integrate cybersecurity best-practices into their plans and budgets.  Collaborate with ISACs and other peers to keep current on the state of cybersecurity. 

10%

Other Duties: Participate in other department and organization-wide activities, meetings and trainings. Complete administrative responsibilities. Perform other duties as assigned.

Qualifications:

Required education, experience, certificates, licenses or registrations

• 4-6+ years of relevant cybersecurity experience
• Prior experience in partnering with cross-functional teams to make risk-informed decisions
• Experience analyzing and responding to cybersecurity events
• Prior experience with threat modeling and risk analyses
• Prior experience with system administration, including cybersecurity systems such as endpoint security, Intrusion Detection Systems (IDS), identity management, vulnerability management, incident response, and threat intelligence
• Experience auditing, designing and developing secure IT systems and secure configurations of various platforms

Preferred education, experience, certificates, licenses or registrations

• Prior experience working with or at organizations that face significant security threats
• Experience working in environments with significant regulatory compliance obligations
• CISA, CISSP, CISM certifications

Competencies (knowledge, skills and abilities)

• Up-to-date knowledge of cybersecurity risks and mitigation techniques
• Familiarity with several cybersecurity technologies including data loss prevention, encryption, identity and access management, multi-factor authentication, zero-trust architecture, endpoint protection, SIEM and perimeter defenses
• Familiarity with common information security management frameworks and SaaS cybersecurity benchmarks and certifications such as SOC 2, GDPR, HITRUST, ISO/IEC 27001, ITIL, COBIT, NIST, etc
• Ability to manage multiple projects with team members from various business units/functions and countries
• Ability to maintain up-to-date knowledge of cybersecurity threats, tools, and industry trends
• Ability to develop and maintain professional, collaborative relationships, including the ability to work cross-culturally
• Ability to communicate effectively in writing and verbally along with the ability to write documentation and communicate to non-technical colleagues
• Commitment to engaging in human rights work, and diversity, equity and inclusion efforts within the organization
• Excellent skills in organization, attention to detail and time management (including the ability to meet deadlines)

Supervisory Responsibilities: None

Work Environment:

• Typical office environment
• Time spent on the computer is approximately 95%
• Time spent in virtual meetings is approximately 20%

Physical Demands: While performing the duties of this job, the employee is regularly required to talk and hear. This position requires the ability to occasionally lift office products and supplies, of up to 5 pounds.

Travel: Some travel is required, up to 15%

Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions and physical demands    

Responsibilities described above are not a comprehensive list and additional tasks may be assigned to the employee from time to time as necessitated by organization needs