ISO / ISMS - Information Security Management System Intern

GIZ has been in operation in Kenya since 1975 as commissioned by the Kenyan government. The current thematic areas for the ministry for economic cooperation and development are in the areas of agriculture, food security and Sustainable Economic Development. In addition to the already mentioned focus areas, there are also projects in the sectors of good governance, energy and migration. Other activities GIZ also engages in are in the sectors of economy and sport for development. Furthermore, GIZ using the Civil Peace Service, supports dialogue and peaceful conflict resolution of societal conflicts in Kenya.

To enable the worldwide protection of all critical information assets processed by the GIZ, the
establishment of an Information Security Management System (ISMS) and therefore Information Security Officers and associated support staff in the field structure
are indispensable. Through the company-wide I international standard ISO/IEC 27001certification of information security management (ISO27001), the GIZ
targets a wide variety of permanent restructuring-processes, all of them requiring experts to coordinate and maintain these changes.

While the company-wide coordination lies with the Chief Information Security Officer (CISO) and his/her Information Security Management Team (ISMT) located at the headquarters, the extensive local establishment and continuous operation of information security needs the support of a new local role, which works closely together with already existing local roles such as IT-Professionals and DIPAs. Thus, the Information Security Specialist Intern for ISMS is to support various processes under ISO 27001 implementation. Information Security specialist
Intern will be required to coordinate with a diverse local and regional team in the realization of a successful ISO/ISMS implementation.

GIZ has been in operation in Kenya since 1975 as commissioned by the Kenyan government. The current thematic areas for the ministry for economic cooperation and development are in the areas of agriculture, food security and Sustainable Economic Development. In addition to the already mentioned focus areas, there are also projects in the sectors of good governance, energy and migration. Other activities GIZ also engages in are in the sectors of economy and sport for development. Furthermore, GIZ using the Civil Peace Service, supports dialogue and peaceful conflict resolution of societal conflicts in Kenya.

To enable the worldwide protection of all critical information assets processed by the GIZ, the
establishment of an Information Security Management System (ISMS) and therefore Information Security Officers and associated support staff in the field structure
are indispensable. Through the company-wide I international standard ISO/IEC 27001certification of information security management (ISO27001), the GIZ
targets a wide variety of permanent restructuring-processes, all of them requiring experts to coordinate and maintain these changes.

While the company-wide coordination lies with the Chief Information Security Officer (CISO) and his/her Information Security Management Team (ISMT) located at the headquarters, the extensive local establishment and continuous operation of information security needs the support of a new local role, which works closely together with already existing local roles such as IT-Professionals and DIPAs. Thus, the Information Security Specialist Intern for ISMS is to support various processes under ISO 27001 implementation. Information Security specialist
Intern will be required to coordinate with a diverse local and regional team in the realization of a successful ISO/ISMS implementation.

A.
Responsibilities

The Information Security Specialist Intern will provide general technical support in the following areas:

• Supports Information asset recording and updating the same to all the sites (Projects and Country office)

• Support the coordination of Information assets classification and labelling

• Support in documentation and update of Information Risk register that include identification of risks with asset owners, risk assessment with risk owner involvement, risk treatment management and further connected tasks.

• Support the documentation of information security incident process

• Supports internal Audit Management process (including the local coordination of “penetration testing”)

The Information Security Specialist Intern will perform the following tasks:

Tasks

1. Administrative support

The Information Security Specialist Intern shall:

• Support in Developing security policies and procedures based on industry
  standards, government regulations, and best practices
• Provide Support in Monitoring security systems to ensure that they are functioning
  properly
• Support in risk identification and categorization by assessing vulnerability of
  systems to cyber-attacks or other security breaches
• Developing security awareness training programs for employees on topics such as social engineering, phishing scams, malware infections, and data loss prevention methods
• Support in the security assessments on hardware and software applications to
  identify any vulnerabilities that could be exploited by hackers or malicious insiders

2. Clerical support

The Information Security Specialist Intern shall:

• Support in the Coordination of ISMS /ISO events
  
• Support in the update and filing of information security documentation
• Communicate the Iso/ISMS events as per schedule and guided by the GIZ communication rules
• Works with colleagues to ensure consistency of documentation practices of the ISO processes according to the company regulations
• Ensuring confidentiality and the integrity of documentation
  

3. Other duties/additional tasks

The Information Security SpecialistIntern shall

• perform other duties and tasks at the request the Information Security Officer

C. Required qualifications, competences and experience

Qualifications

• Degree in Bachelors degree in any of the following ; Computer Science, IT, BBIT, BICT or related disciplines from a recognised university.

Professional experience

• At least 6 months – 1 years’ professional experience in a comparable position in a commercial environment or an international organization.
• Proficiency in digitization and digital processes
• Must have graduated within a period of NOT exceeding 12 Months

Other knowledge, additional competences

• Knowledge and experience in information security with focus in vulnerability management
• Introductory certifications information security such as cyber security, Comptia Security+, CCNA is an added advantage
• Knowledge and experience in ISO/IEC 27001:2022 is an added advantage
• Basic knowledge of Microsoft systems (Windows Server, office 365, SharePoint)
• Excellent communication skills
  
• Ability to work with teams and learn on the job
  

Assignment period:

Until 31.12.2023

Duty Station: Nairobi

Vacancy Reference Number: GIZ/CO/09/05/2023

GIZ is an equal opportunity employer. All interested Candidates are required to indicate their salary expectations in the motivational letter.