Information Security Officer

**Company Description**
**We are SNV**

SNV is a global development partner, deeply rooted in the countries where we operate. We are driven by a vision of a better world: A world where across every society all people live with dignity and have equitable opportunities to thrive sustainably. To make this vision a reality, we need transformations in vital agri-food, energy, and water systems. SNV contributes by strengthening capacities and catalysing partnerships in these sectors. We help strengthen institutions and governance, reduce gender inequalities and barriers to social inclusion, and enable adaptation and mitigation to the climate and biodiversity crises (SNV themes).

Building on 60 years of experience we support our partners with technical and process expertise and methodological rigour. We do this in more than 20 countries in Africa and Asia with a team of approximately 1,600 colleagues. By being adaptable and tailoring our approaches to these different contexts, we can contribute to impact at scale, resulting in more equitable lives for all.

Our core values of people-centeredness and respect, equity and equality, and diversity and inclusion are fundamental to who we are and what we do. This is reflected in our vision, mission, and strategy, which set out our aspirations and commitments as our compass towards 2030.

**Your role**
The Information Security Officer provide expertise, support and guidance to all teams at SNV on implementing, maintaining and reporting on information security posture around confidentiality, integrity and availability. The ISO will function within the context of SNV's comprehensive Information Security Governance Framework, which includes maintaining a robust Information Security Management System (ISMS) based on industry standards such as ISO/IEC 27001.

This is a new position within a newly established information security organization at SNV, reflecting the organisation's commitment to enhancing its security posture. The ISO will support the Global Information Security Officer (GISO) in executing the information security strategy and will deeply collaborate with the country teams and the various global teams to conduct risk assessments, propose and implement measures in line with the Information Security policy and support in manage information security incidents. This role is pivotal in fostering a culture of information security awareness and ensuring that SNV's information security measures are aligned with its strategic goals and regulatory requirements.

The Information Security Officer reports to the Global Head of ICT and has a functional reporting line to the Global Information Security officer (GISO). It is the intend that over time the ISO will grow into the GISO role. The GISO role is currently fulfilled on a part-time basis by an expert consultant.

**Context of the role**
SNV has set out a strategy to further mature its information security function. With increasingly digitalized management across all SNV’s operations, it becomes crucial to ensure there is full control over all our digital assets and information. This is especially relevant as SNV works and collaborates with many partner and donor organizations across all its projects which creates additional complexities in the landscape of information governance. Furthermore, SNV will likely establish a multi-year Digital Transformation roadmap focusing on increased impact and operational excellence. This will require more robust and fully embedded information security practices in the organisation.

**Key job responsibilities**
The main responsibilities of the ISO are the following:

- Support in developing, maintaining and implementing information security measures, processes and procedures
- Support in preparing and conducting Business Impact Assessments and Risk Assessments
- Support GISO in preparing and executing the annual information security plan
- Respond to and manage information security incidents and breaches, including conducting investigations and proposing and implementing corrective actions
- Support the GISO in ensuring compliance with relevant data protection laws and regulations
- Coaching and guiding of Information Security Ambassadors to ensure the ISA’s are enabled to translate the information security policy and procedures into concrete measures that need to be implemented and embedded into the work processes of their respective team as well as support the ISA’s in reporting back on information security posture of their team.
- Developing and maintaining guidance for SNV employee’s on how to put the information security policy into practice in day-to-day work.
- Be champion and go to person for information security related questions from the organization. Leverage the SNV Intranet to share guidance information.
- Expertise: Stay up to date with the latest security systems, standards, authentication protocols, and products. Build and grow expertise through formal training and certi