Cybersecurity Specialist

About The Position

Requirements

• Assessments Execution: Experience leading end-to-end security audits, comparing current technical controls against organizational policies and industry benchmarks.
• Framework Guided Assessments: Deep understanding of organizational assessment standards, conducting comprehensive gap analyses and risk assessments against industry standards such as CIS CSC, NIST CSF, and ISO 27001.
• Vulnerability Scanning: Experience administering scanning tools (e.g., Tenable Nessus, Qualys, Rapid7) to continuously discover web application and endpoint vulnerabilities.
• Risk Analysis and Reporting: Experience quantifying technical vulnerabilities into business risk for non-technical stakeholders and C-suite executives.
• Cross-Functional Remediation: Proven track record of coaching/mentoring beneficiary technical staff to address assessment-identified gaps (recommendations), patches, and configuration changes without disrupting business continuity.
• Policy & Control Evaluation: Experience acting as the primary technical liaison during external assessments to review the effectiveness of current security controls and policies.
• Phishing Simulations: Experience designing, executing, and analyzing regular social engineering campaigns to test and improve employee resilience against malicious emails.
• Curriculum Development: Experience creating engaging, role-specific security training modules and company-wide communications using platforms like KnowBe4 or Infosec IQ.
• Culture & Metrics Tracking: Experience monitoring key performance indicators (KPIs) such as simulation click rates, reporting rates, and training completion percentages to report program developments to executive leadership.
• Very strong verbal, written, and listening communication skills (in English).
• Ability to work independently on assigned efforts.
• Strong interpersonal skills and experience developing solid professional relationship
• Ability to work under pressure and manage multiple activities.

Nice To Haves

• Existing, trust-based relationships with a wide array of stakeholders working for civil society organizations, human rights organizations, and independent media, or any relevant experience.
• Bachelor’s degree in information or computing sciences.
• Fluency in Spanish, Arabic, Russian, and/or French

Responsibilities

• Plan, manage, and conduct organizational assessments; propose recommendations for improvement; provide guidance, training, mentoring, and support to improve organizational security posture; and provide guidance, training, mentoring, and support to improve organizational security posture for project beneficiaries.
• Draft Organization Security Risk Assessment (OSRA) reports geared towards both non-technical and technical audiences.
• In collaboration with the Project Director and/or Deputy Project Director, develop organizational Action Plans (APs) based on OSRA findings and in consultation with beneficiary organization executive leadership to help improve beneficiary security postures rooted in organizational assessment findings.
• Lead design efforts with assigned beneficiaries on tailored Security Awareness Program (SAP), ensuring that beneficiaries learn, internalize, use, and spread appropriate cybersecurity awareness practices.
• Lead the design of specialized training as needed.
• Collaborate with SOC team members on services specifically designed for beneficiaries.
• Develop, draft, and update documentation, including policies, procedures, baselines, guidelines, etc., in collaboration with beneficiary organizations.
• Write technical and programmatic reports on activities and program implementation.
• With supervision, provide input to internal/external reports, presentations, and other products.
• Contribute to monitoring and evaluation activities, including data management and analysis, as assigned.
• Draft correspondence with stakeholders. Guidance and/or approval before engaging stakeholders may be required.
• Perform additional duties as assigned.