Director of Information Security, Data Protection and Global IT Operations

Save the Children International has an exciting opportunity for a Director of Information Security, Data Protection and Global IT Operations to join our global team

Team purpose
The Information Security, Data Protection and Global IT Operations team is at the forefront of ensuring technology is delivered across SCI in a safe, secure and effective manner. The team is responsible for the maintenance and continual improvement of SCI’s Information Security and Data Protection management programme including the delivery of key services such as cybersecurity operations, IT risk management and governance and compliance with key data protection and privacy legislation. The team is also responsible for ensuring the delivery of IT across SCI’s global country and regional offices, is maintained in line with SCI standards and is fit for purpose.

Role purpose
The primary purpose of this role is to safeguard the confidentiality, integrity and availability of all SCI’s information assets through the implementation, maintenance and enhancement of key information security and data protection controls. The role holder will ensure that information security risks across both SCI and Save the Children Association are identified and mitigated through compliance with the SCA Global Cybersecurity standard. The role will advise the SCI SLT, Member CEOs and the SCA Audit & Risk Board Committee on compliance and risk in these areas.  Responsibilities will include the design and implementation of information security and data protection strategy and annual roadmaps, reviewing and setting global standards, risk management, data protection and privacy management.

Through the Head of Global IT Operations (a direct report) and team of Regional IT Operations Leads, the role will ensure all SCI Country Offices and Field Offices deliver safe, secure and effective IT operations to support our global humanitarian programmes, driving compliance to SCI standards and ensuring IT delivery is fit for purpose.

Through leadership of the SCA Information Security and Data Protection Service, the role holder will work with Member IT and Information Security Leads to deliver a consistent approach to information security and data protection management across the movement and deliver cost-effective tools and services through the shared service catalogue.

The Director of Information Security, Data Protection and Global IT Operations will also be expected to act as SCI’s Data Protection Officer (DPO) pending a review of data protection capabilities and strategy.

The role will lead on major incidents relating to Information Security and Data Protection within SCI and will form a key member of the Crisis Management Team for SCI and Members where required.

Job Title: Director of Information Security, Data Protection and Global IT Operations

Reports To: Chief Information Officer

Work Pattern: Hybrid/Remote with flexible working options available  

Contract Length: Permanent

Grade: M5

Location: Any approved Save the Children International office location worldwide. For a full list of locations that Save the Children International can hire in, please visit: SCI Careers  

Time Zone: The role holder must be available to work within Africa, Europe, or Middle East Time Zones (UTC/GMT + / - 3 hours)

Language Requirements: English

International Travel Requirements: up to 5% international travel  

Budget Responsibility: $5m

People Management Responsibility: (direct/indirect reports)

Number of people managed in total: c. 26
Manager of a team: Yes
Team Manager (manager of multiple teams): Yes
 

Principal Accountabilities

• Lead the development and continual improvement of SCI’s information security and data protection programme to ensure adequate protection for SCI against information security and privacy risks whilst balancing the application of controls with enabling SCI business operations. 
• Identify, manage and direct remediation of IT and business risks and compliance gaps in order to maintain appropriate and adequate information security and data protection.
• Act as SCI’s Data Protection Officer (DPO) and ensure SCI maintains compliance with UK GDPR requirements, providing appropriate policy, process and standards to ensure all data handled in accordance with required practices. This role will chair the SCI Data Security and Privacy Working Group
• Direct the provision and delivery of global SCA Information Security (chairing the SCA Information Security Steering Committee) and Data Protection Service for Members ensuring that appropriate value adding services are delivered that reduces key risk and enhances security maturity across the organisation.
• Lead on crisis management response to major security and data protection incidents, leading engagement with SCI Crisis Management Team and external authorities as needed.  
• Promote a culture of cybersecurity excellence by coaching and mentoring IT members and internal stakeholders, leading by example setting standards of integrity and good practice. 
• Ensure ‘secure by design’ is embedded into all technology initiatives through the Architecture Design Board and TDIT Change Request (TDIT CR) process.
• Support SCI’s wider risk management efforts (the SCA Risk Framework or ‘SCARF’  by acting as Senior Risk Owner for Cybersecurity and Data Protection and membership of SCI’s Senior Risk Leadership Group (SRLG)
• Ensuring the Global IT Operations team hold COs to account for the delivery of safe, secure and effective IT services and that CO’s adhere to SCI standards and policies for IT delivery. Where any risk is identified, hold RDs/CDs to account for the delivery of the remediation plan to agreed timelines.
• Ensure technology suppliers and 3rd party technology services are fit for purpose with information security and are compliant with SCI information security and data protection policies, procedures and standards, and adhere to SCI Technology Minimum Requirements.

Experience and Skills
Essential

1. Information Security Expertise: Strong understanding of security frameworks such as ISO 27001, and NIST CSF. Proficient in risk assessment methodologies, security technologies, knowledge of current IT and privacy laws, specifically GDPR, and their implementation in a global context.
2. Significant Experience in Information Security Management: Leadership in designing and implementing security frameworks and governance models capable of providing effective security and risk management whilst balancing cost vs value and risk.
3. Strategic Vision and Leadership: Ability to develop and implement strategic security initiatives, with leadership skills to manage and guide cross-functional teams and capacity to influence stakeholders and drive cultural change towards cybersecurity and data protection excellence.
4. Crisis Management and Incident Response: Skills in effectively managing and responding to major high profile security incidents and able to engage with external authorities during crises. Experienced in developing and testing disaster recovery and business continuity plans.
5. Communication and Collaboration:  Excellent communication skills for articulating complex security concepts to diverse audiences. Able to build and sustain effective relationships with internal teams, external partners, and stakeholders.
6. Training and Mentorship: Proficient in developing and delivering information security training programs. Able to coach and mentor team members and stakeholders, fostering a culture of continuous learning and integrity
7. Supplier and Vendor Management: Skills in assessing and ensuring third-party compliance with security standards. Able to manage vendor relationships to ensure service delivery aligns with organisational security policies.
8. Considerable Experience with Risk and Compliance Management: Identifying and mitigating IT and business risks effectively and ensuring organisational policies comply with regulations like GDPR.
9. Experience in Crisis Management: Proven track record of leading crisis management responses to complex security incidents.
10. Substantial Experience in Cultural and Organisational Change: Promoting cybersecurity and data protection awareness across organisations.

Desirable

• Experience of ‘field operations’ and the IT Security-related issues associated with working in remote, inhospitable and insecure environments
• A second language preferably Spanish.

Education and Qualifications
Essential: 

• A degree in Computer Science, Information Technology or a related field is preferred. 
• Equivalent practical experience may be considered.
• Professional qualification in Cybersecurity (CISM, CISSP or equivalent)
• Familiarity with information security frameworks, tools and technology

Desirable:

• Data Protection or Privacy qualification (e.g. CIPP/E or C-DPO)
• Professional qualifications in service management (ITIL), risk management, project management (e.g., PMP, Scrum Master) will be beneficial.

Working at Save the Children International

Save the Children is the world's leading organisation for children, employing ~25,000 staff. We save children's lives. We fight for their rights. We help them fulfil their potential. Through our work in 116 countries, we put the most deprived and marginalised children first.

We know that great people make a great organisation, and that our employees play a crucial role in helping us achieve our ambitions for children. We value our people and offer a meaningful and rewarding career, along with a collaborative and inclusive environment where ambition, creativity, and integrity are highly valued.

The work here is challenging but is also immensely rewarding. At Save the Children, you will be in good company, working with talented, like-minded individuals who are determined to ensure that all children survive, learn, and are protected. Your contribution will help ensure children's voices are heard at the highest levels, and that we achieve our global strategy, Ambition for Children 2030, and reach every last child. 
 

Diversity, Equity and Inclusion and Equal Opportunities

DEI is core to our vision, values and global strategy. Save the Children is committed to creating a truly diverse, equitable and inclusive organisation, and one which will support us in our vision to ensure every child attains the right to survival, protection, development, and participation.

We are committed to equal employment opportunities, regardless of gender, sexual orientation, race, colour, ethnic origin, nationality, disability, marital or civil partnership status, gender reassignment, pregnancy and maternity, caring or parental responsibilities, age, or beliefs and religion. We are committed to diversifying our staff to better represent the communities we serve and actively welcome underrepresented groups to apply.

Reasonable adjustments will be made should any candidate invited to interview require this. 
 

Application Information

Please attach a copy of your CV and cover letter with your application. A full copy of the role profile can be found here via the job listing. It is recommended that you save a copy of the role profile as it will no longer be available after the advert closes. 

Applications will be reviewed on a rolling basis and the job advert may be closed earlier than advertised subject to the volume of suitable applicants. Please submit your application at your earliest convenience to avoid disappointment. 

Due to the high volume of applications we receive, only shortlisted candidates will be contacted. Candidates who are successfully shortlisted should expect to hear from us within 3 weeks of the advert deadline.

We need to keep children and adults safe, so our selection process includes rigorous background checks and reflects our commitment to the protection of children and adults from abuse. All employees are expected to carry out their duties in accordance with our Code of Conduct and all policies and procedures relating to Anti-harassment, Health and Safety, Safeguarding, and DEI and Equal Opportunities. 

Save the Children does not charge a fee at any stage of the recruitment process.