Information Security Officer (ISO) Job at Deutsche Gesellschaft für Internationale Zusammenarbeit (GIZ) GmbH

Information Security Officer (ISO)

GIZ- Internal/External Vacancy Announcement ‘#127/2023’

GIZ Country Office and GIZAU Office 

The Deutsche Gesellschaft für Internationale Zusammenarbeit (GIZ) GmbH is a global service provider in the field of international cooperation for sustainable development dedicated to shaping a future worth living around the world. As a public-benefit federal enterprise, GIZ supports the German Government – in particular the Federal Ministry for Economic Cooperation and Development (BMZ) – and many public and private sector clients in achieving their objectives in international cooperation in around 120 countries.

GIZ African Union

Since 2004, GIZ has been a reliable and trusted partner of the African Union (AU) to enhance inclusive growth and sustainable development on the African continent in line with the AU’s Agenda 2063: The Africa We Want. With more than 200 staff, GIZ African Union cooperates with the AU Commission, as well as the AU’s specialised institutions and agencies, such as the Development Agency AUDA-NEPAD, at continental, regional and national level in more than 35 member states. Key areas of engagement include Peacebuilding and Conflict Prevention, Governance and Migration, Sustainable Economic Growth and Employment, as well as Health and Social Development.

The GIZ African Union Office headquartered in Addis Ababa, Ethiopia, with further staff based in South Africa, Ghana and Germany provides services and support in the areas of procurement, financial management, events and travel, human resources, internal operations, communication and portfolio management to all GIZ programmes and projects that are implemented in partnership with the African Union.

GIZ Ethiopia & Djibouti

The GIZ Ethiopia & Djibouti Office operates on behalf of the German Federal Ministry for Economic Cooperation and Development (BMZ) and other national and international partners. In line with the Ethiopian Government´s objectives, Germany´s development cooperation with Ethiopia focuses on three priority areas: economic development and vocational education and training; agriculture and food and nutrition security; conservation and sustainable use of natural resources (biodiversity).

The GIZ Country Office is based in Addis Ababa, Kazanchis and consists of approx. 100 international, regional and national colleagues and acts as a service provider for more than 80 projects which are implemented in Ethiopia and Djibouti. Overall, there are around 1.000 GIZ colleagues engaged in the implementation and administration of GIZ´s objectives. There are several project offices around Addis Ababa and throughout the regions of Ethiopia.

GIZ International Services

Various international clients and the Ethiopian Government have commissioned the company´s International Services business area to carry out projects in the country. They include a project on developing infrastructure for Ethiopian universities on behalf of the country’s Ministry of Education.

Currently GIZ International Services works with Partnerships for Forests programme, funded UK Department for International Development, to improve the consistency and traceability of the coffee, so that it meets the quality standards of discerning buyers.

GIZ International Services is also working part of the Technical Assistance Unit of the EU-funded Support to Criminal Justice Reform in Ethiopia programme.

Information Security Management System

In order to protect all valuable information processed by GIZ worldwide, it is necessary to establish an information security management system (ISMS). GIZ aims to implement such a system based on two standards, ISO/IEC  27001, and the Baseline of the German Federal Office for Information Security (BSI). The GIZ head office is focusing on building the ISMS according to the German standard, while the offices abroad are developing the ISMS according to ISO/IEC 27001. To successfully implement the ISMS in the two offices and portfolios at hand, it is necessary to employ an Information Security Officer (ISO).

Institutional set-up

There are various roles and functions to ensure information security at GIZ. Coordination at the corporate level is handled by the Chief information Security Officer (CISO) and his/her Information Security Management team (ISM-T). The local ISO works closely with other existing functions such as IT-Professionals (IT-Pro) Digitalization Partners (DIPA), Head of Units and GIZ Office Management level. Information Security Officers cannot be IT Professionals, Digitalization Partners, or Head of IT Units at the same time to avoid conflicts of interest.

The ISM-T and CISO provide technical leadership for the implementation of the global information security management system (ISMS), while disciplinary leadership is provided by the management level of the offices. The ISO’s role is to serve as the point of contact for the implementation and continuous management of the local ISMS. He/She is responsible for monitoring the security policies and controls and has expertise in information security risk assessment in the respective area.

Please note that the job title will be changed during the recruitment process.

Contract Duration:        31/07/2025

Responsibilities and Duties

The ISO, as the focal point, must establish, implement, maintain, and continually improve the information security management system. The areas of action remain in the following domains: organizational, physical, people, technological. In this position the ISO must control the necessary measurements that are in place. Furthermore, the ISO is a facilitator and advisor of the documented measures within the policies. He/She serves as focal point for the office and projects.

Tasks

• Next to the above-mentioned responsibilities the ISO has the following tasks:

• Development of an ISMS

• Implementing, coordinating, and continuously improving local information security management system (ISMS) based on the ISMS local project plans.

• Coordinate, create and revise the security policies and related sub-concepts based on the context of the specific portfolio. 

Implementation of measures

• Planning and coordinating the implementation of information security measures in close alignment with management level and key stakeholders such as e.g., ISM-T, IT Department, central Data Protection Team, and Digitalization Partner local SRMO and projects.

• Support in the implementation and coordination of security-relevant processes:

• Establishment of a reporting process for security-relevant incidents and their investigation within the portfolio and with Head Office and ISMT.

• Monitor the effectiveness of the information security program and make recommendations for improvements to the departments of the office or commissioning managers.

• Implementation of the risk analysis approach and execution of risk assessment on the basis of uniform scoring criteria given by HQ:

• Assessment of protection needs with regard to the objectives of integrity, availability, confidentiality

• GIZ-Standards for the preparation of the catalogue of target measures and derivation of risk-reducing measures

• Management and monitoring activities and their implementation

• Support and maintain incident management:

• Support establishing an incident management process

• Support in evaluating the incident and defining the next steps in the office

• Involve all needed parties and communicate the incident to the CISO/ISM-T

• Securing evidence after security incident

Advising and reporting to management

• Reporting on the local ISMS performance to office management level and CISO/ISM-T.

• Reporting of security risks and issues to local management and CISO/ISM-T.

• Advising the office management and CISO/ISM-T how audit findings should be implemented

Internal audits and support on external audits

• Develop an internal audit plan based on the audit program from ISM-T.

• Support and conduct internal audits for the implementation of applicable security control objectives.

• Prepare and support the continuous improvement through the certification and surveillance audit.

• Contact person for all internal and external non-conformities in audits.

Awareness and central contact person

• Provide guidance and support to employees on information security best practices.

• Gives introduction of the information security guideline with policies and processes

• Initiation, alignment with IT Professional and Digitalization Partner, and implementation of awareness-raising measures for information security in consultation with relevant stakeholders.

• Close interaction and communication to ISM-T and relevant stakeholders.

• Support in implementing and improving existing awareness measures and programs.

• Advisor/supporter for new and follow-up projects (Information Security checklist).

• Perform any other duties as deemed necessary by superior/s 

Job Requirements

Required qualifications, competences, and experience

Qualifications and Soft Skills

The ISO should have the following competencies and capabilities.

• Knowledge and experience in information security with methodological competences in ISO/IEC 27001 and related standards, risk management, vulnerability management and audits.

• Furthermore, basic knowledge of IT-management systems is helpful in fulfilling the role to the full extent and to provide better advice to responsible employees.

• As communication skills are a key factor in successfully cooperating within the organization, the ISO must be able to handle objections and conflict objectively and effectively as well as persuade and manage people. Being able to communicate back and forth between the director and management as well as different departments while staying impartial is key for the ISO role.

• The ISO must also possess excellent social skills such as being pro-active, having a commitment to life-long learning and staying up to date with security and threat-related trends by attending necessary further training. The ISO often serves as a facilitator, sometimes even as a mediator. Perseverance and resilience are key to successfully implement the ISMS jointly with colleagues in the office.

• To fulfill his/her role and function to the full extent he/she must be able to network effectively with all levels of expertise, extending from projects to GIZ Head Office. That requires being pro-active in all social interactions, forming networks that support and the achievement of future projects.

• Previous experience in international settings is beneficial. The portfolios of GIZ are very diverse. Good intercultural communication, especially in a position in which processes are to be changed, is crucial.

• To ensure effective collaboration with colleagues the ISO must adapt to changing frameworks, "think inside" organizational structures and processes and compile comprehensive reports.

• Since the ISO plays a significant role in safeguarding assets and people, he/she must display independence, credibility, impartiality, and unconditional discretion as essential qualities in his/her character.

Professional Experience

• 5-years work experience, ideally in an international organization with a minimum of 1000 employees, familiar with organizational structures and processes

• Experienced in conducting audits

• Good knowledge and experience in information security

• Knowledge and experience in ISO/IEC 27001

• Basic knowledge of actual Microsoft Software and Services

• Excellent communication skills

• Ability to work independently

• Proficiency in English

How to Apply 

Application Procedure:

Submit your motivation letter along with your recent CV via Email: hreth@giz.de. 

NOTE: Please make sure you mention the vacancy number and position title ‘Information Security Officer (ISO) #127/2023’ in the subject line of your email application.

Please note that the job title will be changed during the recruitment process.

Applications without vacancy numbers in subject lines might be disqualified. 

Only short-listed candidates will be contacted.

We encourage persons with disabilities to apply for the position. In case of equal qualification, persons with disabilities will be given preference.

Applications from qualified women are encouraged.

“Please refer to our brochure to learn more about GIZ’s attractive benefit package.”