Technical Advisor, Information Security - GIZ Ghana

GIZ is a public-benefit federal enterprise. We work on behalf of the German Government and support many public and private sector clients in a wide variety of areas, including economic development and employment, energy and the environment, and peace and security. Our activities cover three priority areas: Energy and Climate, which deals with renewable energy and energy efficiency; Training and Sustainable Growth for Decent Jobs; and Peaceful and Inclusive Societies, which focuses on good governance.

Scope of the Role:

The Technical Advisor (Information Security) is responsible for establishing and maintaining an information security management system at GIZ Ghana, guided and supported by the company-wide Chief Information Security Officer and the ISM team at headquarters in Germany. The Information Security Officer works closely together with all units, and above all with the IT professional.

Your Tasks

• Implement and later manage the security incident process.

• Support and accompany the audit management process (including the local coordination of “penetration testing”)
• Ensure that a functioning vulnerability management is in place.
• Act as Single Point of Contact (SPoC) for information security at GIZ Ghana, being guided by and reporting to the Chief
• Information Security Officer at Headquarters in Germany.
• Ensure through a structural analysis (asset recording) an up-to date and complete asset inventory (in cooperation with asset owners).
• Establish the local Information Security Risk Management (IRM) and accompanying risk register which is implemented through identification of risks with asset owners, risk assessment with risk owner involvement, risk treatment management and further connected tasks.
• Responsible for reviewing and updating the local security concept, the coordination and implementation of measures and the communication and implementation of guidelines/concepts.

Qualification Required & Experience

• University degree in an area that is related to the project objectives, equivalent to BA or MBA.
• Five (5) years’ work experience in an international organization with a minimum of 1000 employees, familiar with organizational structures and processes
• Three (3) years’ work experience in corporate risk management
• Experience in vulnerability management
• Experience in conducting audits.
• Knowledge and experience in information security
• Knowledge and experience in ISO/IEC 27001:2013
• Basic knowledge of Microsoft systems (Windows Server, Windows 365, SharePoint)
• Excellent communication skills
• Ability to work independently

Location: Accra