Construire des solutions innovantes

Nos équipes de technologie et d’innovation cherchent à enrichir et à transformer la vie des enfants les plus vulnérables du monde en soutenant le partenariat World Vision avec des solutions intégrées d’information, de communication et de technologie dans le monde entier. Votre vision, notre vision?

IT Security Analyst II

*Position location: Manila, Philippines or El Salvador where WVI is registered to operate.

PURPOSE OF POSITION:

Individuals working as an IT Security Analyst II are responsible for working on security projects/issues for one or more functional areas (e.g., data, systems, network and/or Web) across the enterprise, develop security solutions for medium to complex assignments, work on multiple projects as a team member and lead systems-related security components. They provide expertise and assistance to all IT projects to ensure the company’s infrastructure and information assets are protected.

Individuals within the IT Security job family plan, execute, and manage multi-faceted projects related to compliance management, risk assessment and mitigation, control assurance, business continuity and disaster recovery, and user awareness. They are focused on developing and driving security strategies, policies/standards, ensuring the effectiveness of solutions, and providing security-focused consultative services to the organization.

Individuals develop, execute and manage data, system, network and internet security strategies and solutions within a business area and across the enterprise. They develop security policies and procedures such as user log-on and authentication rules, security breach escalation procedures, security auditing procedures and use of firewalls and encryption routines. To guide enforcement of security policies and procedures, they administer and monitor data security profiles on all platforms by reviewing security violation reports and investigating security exceptions. They update, maintain and document security controls and provide direct support to the business and internal IT groups. IT Security

professionals evaluate and recommend security products, services and/or procedures. They also communicate and educate IT and the business about security policies and industry standards, and provide solutions for enterprise/business security issues.

IT Security professionals require strong technical, analytical, communication and consulting skills with knowledge of IT Security and related technologies. Candidates with security certifications (such as CISA, CEH, Sec+, SANS GIAC, CISSP, CISM etc and/or other certifications) will be highly considered.

MAJOR RESPONSIBILITIES:

Policies, Procedures & Standards:

  • Maintains an up-to-date understanding of industry best practices.

  • Develops, enhances and implements enterprise-wide security policies, procedures and standards.

  • Supports service-level agreements (SLAs) to ensure that security controls are managed and maintained.

  • Monitors compliance with security policies, standards, guidelines and procedures.

  • Ensures security compliance with legal and regulatory standards.

Business Requirements:

  • Participates with the project team(s) to gather a full understanding of project scope and business requirements.

  • Works with customers to identify security requirements using methods that may include risk and business impact assessments.

  • Studies current and proposed business processes to determine impact of security measures on business goals.

  • Provides security-related guidance on business processes.

Security Solutions:

  • Participates in designing secure infrastructure solutions and applications.

Risk Assessments:

  • Works directly with the customers and other internal departments and organizations to facilitate IT risk analysis and risk management processes and to identify acceptable levels of residual risk.

  • Conducts business impact analysis to ensure resources are adequately protected with proper security measures.

  • Analyzes security analysis reports for security vulnerabilities and recommends feasible and appropriate options.

  • Creates, disseminates and updates documentation of identified IT risks and controls.

  • Reports on significant trends and vulnerabilities.

  • Develops plans to achieve security requirements and address identified risks.

  • Follows up on deficiencies identified in monitoring reviews, self-assessments, automated assessments, and internal and external audits to ensure that appropriate remediation measures have been taken.

Information Security:

  • Consults with clients on the data classification of their resources.

Security Audits:

  • Performs security audits.

  • Participates in security investigations and compliance reviews as requested by external auditors.

  • Monitors multiple logs across diverse platforms to uncover specific activities as they occur from platform to platform.

  • Creates spreadsheets and databases with information in support of security monitoring and account/data access authorizations.

  • Consults with clients on security violations.

Security Support:

  • Provides security support to ensure that security issues are addressed throughout the project life cycle.

  • Performs control and vulnerability assessments.

  • Provides responsive support for problems found during normal working hours as well as outside normal working hours.

  • Identifies and resolves root causes of security-related problems.

  • Responds to security incidents, conducts forensic investigations and targets reviews of suspect areas.

  • Works with teams to resolve issues that are uncovered by various internal and 3rd party monitoring tools.

Business Continuity/Disaster Recovery:

  • Coordinates the development of disaster recovery test plans, testing, and documentation for each application.

  • Engages application and systems management in disaster recovery testing, objectives and auditing.

  • Participates in recovery drills.

Security Performance Management:

  • Analyzes reports and makes recommendations for improvements.

Communications/Consulting:

  • Collaborates on critical IT projects to ensure that security issues are addressed throughout the project life cycle.

  • Informs stakeholders about compliance and security-related issues and activities affecting the assigned area or project.

  • Interfaces regularly with staff from various departments communicating security issues and responding to requests for assistance and information.

  • Reports to management concerning residual risk, vulnerabilities and other security exposures, including misuse of information assets and noncompliance.

Vendor Management:

  • Works with third party vendors during problem resolutions.

  • Interfaces with third party vendors to evaluate new security products or as part of a security assessment process.

Research/Evaluation:

  • Performs application security risk assessments for new or updated internal or third party applications.

  • Evaluates and recommends hardware and software systems that provide security functions.

Training:

  • Assists in the development of security awareness and compliance training programs

  • Provides communication and training as needed.

  • May guide users on the usage and administration of security tools that control and monitor information security.

Coaching/Mentoring:

  • Mentors less experienced team members.

KNOWLEDGE, SKILLS & ABILITIES:

  • Bachelor’s Degree in Computer Science, Information Systems or other related field, or equivalent work experience.

  • Work experience in designing, implementing, and supporting threat management, vulnerability management, and risk management practices.

  • Work experience in designing, implementing, and supporting emergency and data breach response practices.

  • Requires knowledge of security issues, techniques and implications across all existing computer platforms.

  • Typically has 2-3 years of combined IT and security work experience with a broad range of exposure to incident management, IT audit, cybersecurity, and data privacy.

  • Willingness and ability to travel domestically and internationally, as necessary.

  • Work experience in security incident management, security risk management, and vulnerability assessment.

  • Effective in written and verbal communication in English.

Preferred Skills, Knowledge and Experience:

  • Security Certifications and IT Certifications (such as CEH, CCNA, Sec+, CCSP etc will be considered)

  • Vendor Management experience (Optional)

  • Project Management experience (Optional)

  • Risk Management experience ( Required)

  • Incident Management experience (Required)

  • Cybersecurity experience (Required)

Work Environment/Travel:

  • The position requires ability and willingness to travel domestically and internationally up to 20% of the time.

Manager, Mobility Management

*Preferred location: Manila, Philippines. Other locations to be determined by home country of successful candidate in a jurisdiction (US state or country) where WVI is registered to operate.

PURPOSE OF POSITION:

The Manager, Mobility Management (Manager III) role is responsible for managing and maintaining global IT processes and standards relevant to their area. They manage one or more IT processes within one functional area and provide services to one or more global field office locations.

The Manager, Mobility Management will report to the Director, Mobility Device Management and will manage a team of Systems Engineers and Systems Administrators.

Provide guidance and direction into design, configuration, data management, reporting, O&M support and best practices for leveraging IBM BigFix, IBM MaaS360, QRadar and McAfee EPO in a globally federated organization.

Own the mobility service roadmap development and strategy, process development and service design.

Participate in systems engineering activities which include one or more of the following: Concept of Operations formulation, requirements definition, system analysis and design, validation and verification, system integration and, system performance analysis.

Provide operational troubleshooting support and assist with complex problems of diverse scope where analysis of situation or data requires an in-depth evaluation of various factors.

Define, develop, and implement ITIL process and governance structure across the service lifecycle including incident, problem and change management structure, processes in the delivery unit.

Establish policies, standards and plans based on industry standard methodologies viz ITIL, CMMI and ISO20000.

Prepare periodic service management reports both for SLA compliance and efficiency improvement.

Plan for installation, configuration, testing and maintenance operating systems, application software and system management tools.

Manage the development and maintenance of custom scripts (e.g., Python) to increase system efficiency and lower the human intervention time on any tasks.

Liaise with vendors and other IT personnel for problem resolution.

Individuals within the IT leadership job family have responsibility for activities that contribute to planning, creating and implementing an IT vision and strategy aligned with the company’s strategic business plan. They oversee the development of corporate standards, technology architecture, technology evaluation and transfer. They manage small to large teams of people responsible for developing and delivering IT solutions for the business and customers. Each role within this job family provides technical and business leadership to their organizations as well as to the business.

IT Leaders are also responsible for analyzing trends in technology, assessing the impact of emerging technologies on the business, providing solutions to address technology and business issues, and managing financial resources while ensuring the development of high-quality technology solutions. These solutions must be developed at the best possible cost and be aligned with customer and business needs while establishing relationships with employees and key internal and external stakeholders. They are also responsible for participating and leading the development of an IT governance framework that defines the working relationships and sharing of IT components among various IT groups within the organization.

To be successful, individuals must possess a combination of business, technical and leadership skills and competencies. This requires an understanding of client’s business needs, processes and functions. They also need a solid knowledge of IT infrastructure, architecture, applications development and support, networks, and computer operations. In addition, individuals working in this job family must have excellent communication skills and the ability to influence others.

KEY RESPONSIBILITIES:

Business and IT Strategy:

  • Implements the tactical components of the IT strategy at an Enterprise level.

  • Works with business partners to understand business needs.

  • Manages the development and implementation of IT initiatives to support business strategy.

Change Management:

  • Embraces and executes change through frequent, communication to staff and clients about the change and the impact of the change (individual and business).

  • Consistently advocates for the change.

  • Coaches staff through the change.

  • Identifies and removes obstacles to change.

Governance:

  • Provides input into demand management process and executes on plan.

Architecture:

  • Provides input to technology planning within a functional area.

  • Implements solutions consistent within current context of overall architecture.

Process Improvements:

  • Implements defined process improvements.

Finance:

  • Participates in the development of IT budgets.

  • Tracks and takes appropriate steps to stay within budget.

  • Provides high-quality services at optimal cost to customers.

  • Measures service performance and implements improvements.

IT Technology Development:

  • Develops and implements technologies to improve the performance of a business efficiency and effectiveness.

Service Level Agreements (SLAs):

  • Participates and provides input to the SLA development process.

  • Ensures internal SLAs are met.

Vendor Management:

  • Provides advice and counsel to the vendor relationship decision-making and contract development processes.

  • Reviews service provider performance.

  • Identifies and confirms performance problems and notifies contract managers.

Resource Management:

  • Meets regularly with team to gather work statuses.

  • Discusses work progress and obstacles.

  • Provides advice, guidance, encouragement and constructive feedback.

  • Ensures work, information, ideas, and technology flow freely across teams.

  • Establishes measurable individual and team objectives that are aligned with business and organizational goals.

  • Documents and presents performance assessments.

  • Recognizes and rewards associates commensurate with performance.

  • Implements organizational practices for staffing, EEO, diversity, performance management, development, reward and recognition, and retention.

Workforce Planning:

  • Identifies the roles, skills and knowledge required to achieve goals.

  • Ensures staff has the resources and skills needed to support all work initiatives within the assigned function or Center of Competency (COC).

  • Participates in IT workforce deployment activities.

KNOWLEDGE, SKILLS & ABILITIES:

  • BS/MS degree in Computer Science, Engineering or a related subject.

  • Proven working experience in service delivery of mobility products (IBM BigFix, IBM MaaS360, QRadar and McAfee EPO).

  • Solid cloud experience, preferably in AWS.

  • Experience with virtualization and containerization (e.g., VMware, Virtual Box).

  • Experience with monitoring systems.

  • Experience with automation software (e.g., Puppet, cfengine, Chef).

  • Solid scripting skills (e.g., shell scripts, Perl, Ruby, Python).

  • Typically has 7 to 10 years of relevant IT and business work experience.

  • Requires demonstrated ability to launch and deliver a single IT project on time and within budget.

  • Must have excellent oral and written communications skills, as well as excellent interpersonal skills to deal with multiple vendors and stakeholders within the organization.

  • Must have worked in large enterprise class type environments, be in line with industry best practices, think outside the box, and be able to make recommendations to improve overall governance and support continuous improvement.

Preferred Certificates:

  • IBM BigFix

  • IBM MaaS360

  • IBM QRadar

  • McAfee EPO

Work Environment/Travel:

  • The position requires ability and willingness to travel domestically and internationally.