Information Security and Compliance Engineer
- Contract
- Location of Position: Malawi
Company Description
Elizabeth Glaser Pediatric AIDS Foundation (EGPAF) is on a mission to create a world where no mother, child, or family is devastated by HIV and AIDS, and we are making an impact. We are a proven leader in the global fight to end HIV and AIDS, and an advocate for every child to live a full and healthy life into adulthood. For more than 30 years, EGPAF has been a leader in meeting urgent needs in pediatric HIV and AIDS in the world’s most affected regions. We carry out our values of passion, innovation, teamwork, leadership, integrity, excellence and equity every day, while maximizing our impact in the communities we serve. EGPAF currently supports national, district, and local governments, facilities, communities, and non-governmental partners. In 2020, EGPAF’s global footprint spans 15 countries. To date, EGPAF has supported over 15,000 sites to offer HIV counselling, prevention, diagnosis, and treatment services alongside high-quality family health care. Join us on our fight for an AIDS-free generation!
EGPAF has worked in Malawi since 2001. Today, EGPAF Malawi implements evidence-based HIV prevention, care and treatment interventions in 177 health facilities in nine districts through EGPAF’s U.S. President’s Emergency Plan for AIDS Relief/U.S. Centers for Disease Control and Prevention (PEPFAR/CDC) - funded Achieving HIV Epidemic Control through Scaling Up Quality Testing, Care and Treatment in Malawi.
Job Description
EGPAF, on behalf of The Ministry of Health (MoH), is looking for a skilled Information Security and Compliance Specialist to help drive our commitment to information security and regulatory compliance. This role will focus on designing, implementing, and maintaining security controls aligned with ISO 27001 standards to support our Information Security Management System (ISMS). The role will be responsible for evaluating security risks, performing compliance assessments, and collaborating with cross-functional teams to ensure the effectiveness of our information security framework. The ideal candidate will have a strong background in information security, risk management, and familiarity with ISO 27001 controls.
Key Responsibilities
- ISMS Implementation & Maintenance
- Develop, implement, and maintain the ISMS in alignment with ISO 27001 standards.
- Assist in establishing, documenting, and maintaining security policies, procedures, and standards for MoH.
- Conduct regular ISMS reviews to ensure alignment with MoH needs and regulatory requirements.
- Facilitate the ongoing ISO 27001 certification process, including preparation for internal and external audits.
- Risk Assessment & Management
- Identify, assess, and prioritize information security risks, recommending controls to mitigate them in line with ISO 27001.
- Perform periodic risk assessments and work closely with business units to remediate identified risks.
- Support risk treatment processes and track the status of remediation efforts.
- Compliance and Audit Management
- Collaborate with various stakeholders to ensure compliance with regulatory requirements (e.g., Data Protection Act, ISO 27001).
- Coordinate internal audits and collaborate with external auditors to support ISO 27001 certification and compliance efforts.
- Maintain a clear record of audit findings, corrective actions, and risk treatment plans.
- Security Awareness and Training
- Develop and deliver security awareness training programs to build an information security culture.
- Provide guidance and training to employees on security policies, procedures, and compliance responsibilities.
- Incident Response & Management
- Support the incident response process by identifying, reporting, and remediating security incidents as part of the ISMS.
- Conduct post-incident reviews and support continuous improvement efforts within the incident management process.
- Documentation and Reporting
- Maintain accurate documentation of security policies, standards, and ISMS processes to meet ISO 27001 requirements.
- Generate periodic reports on ISMS performance, risk status, and compliance to inform leadership and support decision-making.
- Continuous Improvement
- Apply the Plan-Do-Check-Act (PDCA) cycle to improve the effectiveness of the ISMS.
- Stay updated on emerging technologies and security trends, recommending enhancements to improve organizational security posture.
Qualifications
- Education: Bachelor’s degree in Computer Science, Information Security, or a related field. Master’s degree preferred.
- Experience: 3+ years of experience in information security, compliance, or risk management, preferably with experience in ISO 27001.
- Certifications: ISO 27001 Lead Implementer or Lead Auditor, CISSP, CISM, or equivalent is highly desirable.
- Strong understanding of ISO 27001, including the ISMS framework and certification process.
- Knowledge of risk management and compliance frameworks (e.g., NIST CSF, PCI DSS, GDPR).
- Experience with security tools such as SIEM, vulnerability management, identity and access management.
Additional Information
Skills and Competencies
Analytical & Problem-Solving Skills:
- Ability to assess complex security risks and design effective solutions.
- Strong attention to detail and an analytical approach to identifying potential compliance gaps and risk areas.
- Communication Skills:
- Excellent written and verbal communication skills, with the ability to clearly articulate security concepts and compliance requirements to stakeholders.
- Project Management:
- Experience in managing projects or working within project frameworks (e.g., PRINCE2, Agile) is an advantage.
As a global, multinational, and multicultural organization, EGPAF believes that diversity in the workplace enriches our work and enhances our impact and effectiveness. We believe that employees have the right to work in a climate of mutual respect and integrity that promotes dignity and respect for all, and that enables them to reach their full potential. EGPAF is an equal opportunity employer and affords equal opportunity to all employees and applicants for employment regardless of race/ethnicity, color, religion, sex (including pregnancy, gender identity, gender expression, and sexual orientation), national origin, age, disability or genetics. In addition to country law requirements, EGPAF complies with US laws governing nondiscrimination in employment in every location in which the Foundation has facilities.
The Foundation does not charge any fees at any stage of the recruitment process. If you are asked to pay a fee, please contact our hotline by phone (US: dial toll free 888-225-1429; all other countries: collect 770-776-5674), or online (www.reportlineweb.com/pedaids).