The Senior Information Security Officer operates with a high level of autonomy and authority, provides technical leadership and heads a core team to shape security strategy and capability development. They manage the OECD’s information security operations and compliance monitoring. Working in partnership, they report to the Head of the Digital Security Office and serve as their deputy.
Main Responsibilities:
Digital Security:
Contribute to the development and implementation of the Organisation’s digital security programme, identifying, evaluating and shaping the response to information security risks.
Provide technical security leadership for the Organisation, exercising an advice and control function to ensure that OECD IT products and services comply with corporate security policies.
Provide smooth and effective information security operations and compliance monitoring, ensuring the timely evolution of capability and adopting industry best practices; provide regular reporting to the Head of the Digital Security Office.
Manage strategic relationships with institutional and commercial partners to maintain currency on threats and technology developments and shape the OECD’s security capability.
Conduct regular security audits and risk assessments, propose and implement appropriate remediation measures to safeguard the information security posture of the Organisation.
Keep abreast of and evaluate information security innovation, solutions, trends and best practices to respond to the continually evolving need to protect the digital assets of the Organisation.
Manage the core team of information security specialists to protect the Organisation from sophisticated cyber threats.
Support the drafting and implementation of digital security policies aligned to the risk tolerance of the Organisation, propose and organise effective user awareness campaigns.
Management:
Assist in the management of the Digital Security Office and the preparation and delivery of the Programme of Work and Budget.
Manage the core technical team to deliver the Programme of Work and ensure staff development.
Manage the work programme, plan and report to the Head of the Digital Security Office on budget and project status define and provide related Key Performance Indicators.
Manage the operational budget related to solutions maintenance and investments.
Build effective working relationships with other teams to ensure an integrated cross-practice comprehension of corporate security policies, technical compliance frameworks and adopted methodologies. Participate in post-deployment reviews.
Advise on digital security related matters as necessary.
Ideal Candidate Profile:
Academic Background:
An advanced university degree in information security, information technology or a related field, is preferred.
Professional Background:
Solid relevant professional experience and proven capacity in the successful management of information security programmes. Proven industry expertise with strong business acumen. Industry certification would be preferred.
Extensive experience guiding, managing and developing diverse staff and their career objectives.
Thorough knowledge of IT project management methodologies and industry frameworks.
Substantial experience advising on digital strategy and IT trends, and drafting related recommendations or policies.
Broad knowledge of current and emerging technologies, industry trends and best practices together with demonstrated experience evaluating their strategic value.
Experience in cloud security risk management
Experience advising on cyber security strategy and trends, and drafting related recommendations of policies
Experience in an international cross-cultural setting would be useful, but not mandatory.
Languages:
Fluency in one of the two OECD official languages (English and French) and a knowledge of, or a willingness to learn, the other.
