Program Cybersecurity Analyst – CONSULTANT

The Center for Victims of Torture (CVT) is a global non-governmental organization. CVT works in partnership with civil society activists, rehabilitation experts, and researchers to heal the wounds of human rights atrocities on individuals, their families and their communities.

CVT is seeking a Program Cybersecurity Analyst – CONSULTANT build, manage, and ensure safe operations of online systems and collaboration tools.The analyst will have specific expertise in digital security risks associated with various forms of human rights action in the Middle East and North Africa (MENA) region, and will be familiar with the nuanced intersections between digital, psychosocial, and physical dangers. These include both internal vulnerabilities as well as external threats facing civil society organizations (CSOs) and human rights defenders (HRDs) specifically.

The analyst will work closely with project management and the IT teams to design, implement, and administer technology systems which will support the project team and recipients. This will include setting up a secure online collaboration workspace, and manage its digital security controls. The design of policies, controls, and systems will account for each CSO/HRDs’ needs and contexts, keeping in mind the unique risks the project and its beneficiaries face. The analyst will ensure that project files are secured, shared safely, as well as be available to address incidents, liaise with users, and offer user support. The analyst will also support in updating documentation and proposing new standards as risks evolve.

Scope of Work

The Program Cybersecurity Analyst – Consultant is expected to work with the project team for a minimum of 11 months for an average of 4 hours a month, with 8 to 12 hours in the first month, with the possibility for extension and/or amendment to complete the following tasks:

• Guide the procurement of a Google Workspace license based on features and services required by the project.
• Onboard users and ensure necessary security settings are in place within brand new Google Workspace tenant.
• Maintain consistent primary account naming format as well as a directory of account aliases.
• Optimize and maintain security controls within Google Workspace to ensure data confidentiality, integrity, and availability.
• Participate in change management process (onboarding & offboarding) as needed.
• Ensure accounts only have access to files/folders necessary for their job function (least privilege)
• Configure default-secure settings across Google Workspace.
• Develop threat models relevant to project activities.
• Use threat models developed as a guide to design technology policies, controls, and systems for use by project team and recipients.
• Regularly reassess project activities as they change and continuously adapt technology policies, controls, and systems to account for project changes.
• Limit third party apps from accessing our cloud tenant unless app is reviewed and approved.
• Create designated shared drives, folders, and permissions within Google Workspace to organize the project team and collaboration efforts.
• Assist to project team members with the transfer of existing files and data from previous (unmanaged) accounts or storage to managed Google Workspace.
• Provide training to the Program Manager, Program Officer, and other staff on how to maintain the integrity of cybersecurity policies, controls, and systems.
• Monitor risky activity, initiate password resets, and initiate onboard/offboard processes.
• Identify, verify, and integrate software/apps used by the project into Google Workspace.
• Develop file storage and sharing policies, and assist with implementation of this policy.
• Participate in risk management and incident response activities, including planning.
• Ensure that security settings are updated in response to current and evolving threats.
• Remain current on Google Workspace roadmap, Google security advisories, and CVEs related to Google Workspace or GCP.

Qualifications:

Required education, experience, certificates, licenses, or registrations:

• 3 to 5 years of demonstrable IT experience in an operations or administrator role.
• Experience administering Google Workspace (formerly G Suite) for teams

Preferred education, experience, certificates, licenses, or registrations:

• Professional Google Workspace Administrator Certification
• Experience working in an NGO or nonprofit environment
• Experience in collaborative development of online trainings
• Certifications related to digital security and enterprise development or any relevant field
• Understanding and experience with digital security will be a significant asset

Competencies (Knowledge, Skills and Abilities):

• Strong coordination and problem-solving skills.
• Experience in working with large teams and collaboration across different technical domains
• Excellent written, verbal and interpersonal communications skills, including the ability to communicate and train cross-culturally
• Excellent skills in organization, attention to detail and time management (including the ability to meet deadlines)
• Awareness and sensitivity to cultural, political, social and economic contextual factors
• Strong working knowledge of Microsoft Office suite (Outlook, Word, and Excel)
• Commitment to the ethical and sensitive implementation of project activities, including a commitment to confidentiality, diversity, equity, and inclusion, quality service provision, and the prevention of sexual exploitation, abuse, and harassment (including online)

DEI (Diversity, Equity and Inclusion)

At CVT, Diversity, Equity & Inclusion are part of the excellence that we strive for in providing holistic healing approaches to victims of torture. We believe that an inclusive working environment, free of discrimination, enhances the empathy and professionalism that we bring to bear on our daily work and interactions with all of our stakeholders.