Back Senior Manager, IT Security - COVAX (Temporary)

Position title: Senior Manager, IT Security - COVAX (Temporary)

Location: Geneva

Purpose of the position: Developing and implementing information security controls and incident response plans

Department: Public Engagement & Information Services

Team: Knowledge Management & Technology Systems

Reports to: Chief Information Security Officer

N° of positions supervised (if applicable): External Consultants and Services

Career step level: 4

Duration: ASAP until December 2022

Gavi, the Vaccine Alliance is a public-private partnership committed to saving children’s lives and protecting people’s health by increasing equitable use of vaccines in lower-income countries. The Vaccine Alliance brings together implementing country and donor governments, the World Health Organisation, UNICEF, the World Bank, the vaccine industry, technical agencies, civil society, the Bill & Melinda Gates Foundation and other private sector partners. Gavi uses innovative finance mechanisms, including co-financing by recipient countries, to secure sustainable funding and adequate supply of quality vaccines. Since 2000, Gavi has contributed to the immunisation of more than 888 million children and the prevention of more than 15 million future deaths.

The COVAX Facility (“COVAX”) provides a global solution to the equitable distribution of vaccines to the 190 participating countries and economies. The COVAX Advance Market Commitment (AMC) is an innovative financing instrument that supports the participation of the 92 low and lower-middle income economies in COVAX. Self-financing participants (SFPs) have entered COVAX either as Optional (having the possibility to opt-out of a particular vaccine) or Committed Purchasers. Guided by the WHO fair allocation framework, COVAX will equitably distribute doses to help protect the most at-risk groups. Gavi is working with Alliance partners UNICEF and WHO to ensure that the infrastructure is in place, and the technical support available, for COVID-19 vaccines to be safely delivered to all those who need them.

THE ROLE

You will be a critical member of the Gavi IT Security team reporting to the Chief Information Security Officer and focusing on securing the applications and data related to the COVAX Facilities. You must be able to use Gavi’s security standards, implement them in the areas related to the COVAX facilities and monitor them for effectiveness and efficiency. You must also be able to analyse the risk landscape, translate the IT-risk requirements and constraints of the business into technical control requirements and specifications, as well as develop metrics for ongoing performance measurement and reporting.

KEY FUNCTIONS AND DELIVERABLES

You will be responsible for developing and implementing information security controls and disaster recovery plans, which include procedures and controls designed to protect IT systems/platforms, enterprise communications, and assets from both internal and external threats, with excellent focus on process, control efficiency and risk management. This role will act as the subject matter expert on security and risk within the COVAX Facilities and must be able to translate risk mitigation and business continuity requirements into controls and develop metrics for ongoing security performance measurement and reporting. This role is also responsible for coordinating incident responses and IT audits remediation related to the COVAX Facilities and ensure risk mitigation is in place and reported on.

MAIN DUTIES/RESPONSIBILITIES

• Carry out a risk assessment and implement mitigation actions;
• Implement, monitor, and adjust security controls across systems and services;
• Ensure security is factored in the evaluation, selection, installation and configuration of hardware, applications and software;
• Deliver and assist in the testing of the incident response and disaster recovery plans and maintain as needed;
• Deliver security related Standard Operating Procedures;
• Liaise with the Security Operations Center to remediate security incidents;
• Fix security related production issues and incidents;
• Assess current user permissions and realign according to user roles;
• Monitor and report on compliance with security policies;
• Provide weekly security dashboards;
• Create security awareness among Gavi users through different means and ensure full participation of users in security trainings.

Note: The essential functions listed in this section are not exhaustive of the job responsibilities; other duties may be assigned consistently with the department needs.

QUALIFICATIONS

ACADEMIC

• Bachelor’s degree in computer science or related field; advanced degree preferred;
• Certification in information security and audit; CISM/CISA;
• Expertise in business continuity ISO22301 is a plus.

WORK EXPERIENCE

• A minimum of 8 years of IT experience managing infrastructure systems is necessary;
• 5 years in an information security role, managing and implementing security controls is a must;
• Demonstrated experience in responding to audits is key;
• Demonstrated experience in implementing and using different security standards and frameworks is ideal; NIST, ISO27001;
• Demonstrated experience in implementing security controls for cloud applications is necessary;
• Demonstrated experience in investigating security incidents is necessary.

SKILLS/COMPETENCIES

• Communication:

– Ability to explain complex technology concepts;

– Treating all individuals with fairness and respect;

– Demonstrating sensitivity for diversity and cultural differences;

– Showing great drive and commitment to the organisation mission;

– Maintaining high standards of personal integrity.

• Client Orientation:

– Understands clients’ needs and concerns;

– Responds promptly and effectively to client needs.

• Drive for Results:

– Makes things happen;

– Execution and delivery-oriented; meets deadlines;

– Commits to organisational goals.

• Teamwork

LANGUAGES

• Fluent in English;
• Other languages desirable, particularly French.

CONTACTS

• Gavi Secretariat;
• Gavi Audit and Risk teams;
• KMTS Service Providers;
• Gavi partners.

If you wish to apply, please provide a cover letter and resume through our Careers webpage and apply by clicking on “Senior Manager, IT Security - COVAX (Temporary)”. Deadline for applications is 4 November 2021.

Become part of our community and join us on Facebook and Twitter for updates about our mission to save children’s lives! You can also follow our hashtag #vaccineswork.

Gavi brings together the public and private sectors to save lives and protect people’s health by increasing equitable and sustainable use of vaccines against 18 infectious diseases. You will be joining an organisation at the centre of the international COVID-19 response, at the most critical time in global health in a lifetime. You will work in a culturally diverse environment with over 70 nationalities. You will collaborate with partners such as WHO, UNICEF, the Bill & Melinda Gates Foundation, the World Bank – and from business, civil society and government.

And you will work in the first global health organisation to receive equal gender salary certification. Your unique experience, skills and talents can help us achieve our vision of leaving no one behind without the life-saving power of vaccines.

In support of Gavi’s commitment to diversity, equality and inclusion, we hire globally and welcome applications regardless of age, disability, ethnicity, national origin, family status, sex, gender identity or expression, physical characteristics, race, religion, spirituality or sexual orientation.