Team Leader and Security Architect, Infrastructure Support

Geneva, Switzerland
negotiable Expires in 4 weeks

JOB DETAIL

Organizational Context

 

The International Federation of Red Cross and Red Crescent Societies (IFRC) is the world’s largest humanitarian Organization, with a network of 191-member National Societies. The overall aim of the IFRC is “to inspire, encourage, facilitate, and promote at all times all forms of humanitarian activities by National Societies with a view to preventing and alleviating human suffering and thereby contributing to the maintenance and promotion of human dignity and peace in the world.” The IFRC works to meet the needs and improve the lives of vulnerable people before, during, and after disasters, health emergencies, and other crises.

The IFRC is part of the International Red Cross and Red Crescent Movement (Movement), together with its member National Societies and the International Committee of the Red Cross (ICRC). The work of the IFRC is guided by the following fundamental principles: humanity, impartiality, neutrality, independence, voluntary service, unity, and universality.

The IFRC is led by its Secretary-General and has its Headquarters in Geneva, Switzerland. The Headquarters are organized into three main Divisions: (i) National Society Development and Operations Coordination; (ii) Global Relations, Humanitarian Diplomacy and Digitalization; and (iii) Management Policy, Strategy, and Corporate Services.

The IFRC has five regional offices in Africa, Asia Pacific, Middle East, North Africa, Europe, and the Americas. The IFRC also has country cluster delegation and country delegations throughout the world. Together, the Geneva Headquarters and the field structure (regional, cluster, and country) comprise the IFRC Secretariat.

IFRC has a zero-tolerance policy on conduct that is incompatible with the aims and objectives of the Red Cross and Red Crescent Movement, including sexual exploitation and abuse, sexual harassment and other forms of harassment, abuse of authority, discrimination, and lack of integrity (including but not limited to financial misconduct). IFRC also adheres to strict child safeguarding principles.

The Digitalization and Information Technology Department (DITD) has the dual role of providing cost-effective information and communications technology (ICT) solutions to enable the geographically distributed staff of the Secretariat to function effectively, as well as advising National Societies on developing their use of ICT. The department provides all ICT services for the Secretariat with staff based in Geneva, Budapest, and at important locations worldwide.

Increasingly the IT department facilitates the development and sharing of best practices in ICT by National Societies and contributes to their ICT development, strengthening, and capacity building.

This position is based at the IFRC Global Services Centre (GSC) in Budapest. The GSC was established in July 2017 to host, as part of the Secretariat in Geneva, Global Services and provide expertise and high-level support to the Organization.

 

Job Purpose

 

The position holder specializes in leading the design, optimization, and maintenance of Information Systems infrastructures, security services, and cloud platforms for an optimal and cost-effective services and systems availability, security and scalability to support the global organization critical business functions and end-user services. This includes services in IT eecurity, networking, data centre, messaging and cloud management, and all underlying hardware for the WinTel server architecture.

The job purpose is to:

  • Lead, manage and coach the Infrastructure support and Security Operation unit.
  • Deliver high-quality IT infrastructure support and Informational Security services to the IFRC in line with Entreprise Architecture and ITD standards and policies.
  • Act as subject matter expert in the area of Information Security, Server technology, and management – using the WinTel platform, including expertise on Server Hardware, Windows Server software, Storage technologies, Networking, cloud platforms (SaaS, PaaS, IaaS), and security solutions;
  • Act as a focal point, handle and manage escalation process for issues with systems and services within the scope of IT infrastructure support and Security Operation services.
  • Guarantee data and information security, availability, and integrity through strong operational competencies using the ITIL and other applicable frameworks.
  • Support Enterprise Architecture function by participating in the design and implementation of global information security programs, developing a security maturity model, and ensuring compliance of information systems.
  • Act as an SME, and take on other supporting roles and responsibilities as required to contribute to the scoping, design, and implementation of projects affecting the Infrastructure and CyberSecurtiy domains.
  • Build up, stimulate and maintain respectful business relations with the providers and suppliers for the services in the unit’s scope.
  • Develop and implement and support IT standards, processes, and policies with global scope, training materials, and operational procedures to achieve efficiency, quality output, and uniformity of performance to the various IFRC and National Society stakeholders.
  • Work in collaboration with the Application Support team and advise as a team on critical applications (Tier 1 or 2) maintenance and overall evolution.

Job Duties and Responsibilities

Technical Lead – Infrastructure Operation and Security architect

1. Manage the Infrastructure Support and Security Operations unit (2nd/3rd level), act as a single point of contact for escalations.

2. Perform regular and appropriate assessment, planning, and monitoring of available resources in order to be able to meet the short-mid and long term demands of operational as well as project-driven activities.

3. Coordinate the team resources and focus on appropriate incident/service request allocation, timely response, prioritization, progress reports, and KPIs to meet the SLAs/OLAs the department is committed to.

4. Enhance department and organization reputation by accepting ownership and accountability for accomplishing new and different requests.

5. Act as a guardian for the appropriate execution of all ITIL-based configuration, change management, service delivery, and continuous improvement processes within the production environments. Contribute to the design, implementation, and optimization of all global infrastructure and security operational processes.

6. Conduct market assessment and research to develop proposals for new tools and methods to improve the IFRC’s overall IT operational efficiency.

 

Job Duties and Responsibilities

 

7. Act as a lead subject matter expert for all matters within the unit’s functional areas. Be accountable for, and provide technical expertise, control, and governance in the day-to-day operational maintenance and BAU support of a broad range of infrastructure and security services to all stakeholders and National Societies.

8. Monitor resource and budget provisions and consumptions (CAPEX/OPEX). Continuously look for opportunities to improve IT estate by increasing the quality and efficiency of the infrastructure and security operation service delivery while keeping the operative expenditure within the approved thresholds. Identify cost-efficient and value-added improvement points, develop solution architecture and high-level designs, steer the implementation of such workstreams to contribute to containing/ reducing the technical debt.

9. Provide expert advice and support to the IFRC’s Chief Information Security Officer and Enterprise Architect in designing, implementing, and maintaining global Information Security Programs, Security Maturity model(s), and capability maturity modeling processes. Align organizational security strategy and infrastructure with overall business and technology strategy.

10. Participate in and support audit exercises against information systems and control mechanisms. Assume accountability for developing an adequate audit-response plan to effectively mitigate findings in relation to the implementation and appropriate use of controls, governance processes, policies, and the lack of sufficient technical measures.

11. Regularly analyze existing information systems, networks, network security systems, and technical standards, compliance and approprioate use of them, identifying strengths and weaknesses. Conduct or arrange for, and lead the execution of penetration tests, risks, and vulnerability assessment activities to determine the IFRC’s overall Information Security Maturity level.

12. Establish, and be in charge of the appropriate execution of Computer Security Incident Response plans and functions (CSIRT/SecOps/Disaster Recovery) to identify, eliminate and recover from cybersecurity incidents in a timely fashion. Lead the investigation of suspicious and potentially malicious activities through the use of advanced diagnostic and threat analytics tools, forensics analysis, reverse engineering, and security information and event management systems and communicate status reports and post-incident analysis to upper management.

13. Direct contribution to the implementation, development, and up-to-dateness of Federation-wide global standards, strategies, processes, policies, guidelines, and training materials established and represented by the DITD department, mainly focusing on Infrastructure and Information-Systems security domains.

14. Create and maintain accurate technical knowledge base articles, standard operating procedures, configuration management, inventory documentation, and respective KPI reports related to systems and services in scope. Organize and deliver knowledge-sharing workshops for 1st and 2nd level IT colleagues from all regional and cluster/country-cluster offices.

PMO Support and Enterprice Architecture collaboration (Infrastructure + Security)
1. Engage in the implementation and advise of IT projects affecting the overall security and stability of IFRC’s systems and services. Work jointly with the PMO unit to define success criteria, identify risk factors, the roles and responsibility, and comprehensively document the project’s, goals, milestones, and deadlines related to Infrastructure and security.

2. Define the IT operational, (non)functional and security requirements of project and define best systems/tools/services by leading the bidding process. Ensure the implementation and system integration in collaboration with other SMEs, in time and in quality.

 

Job Duties and Responsibilities (continued)

 

3. Adhere to, and advocate the use of relevant project management methodologies and ITD policies. Support the PMO and IT Business Partner Units in applying and following the applicable project management methodologies throughout the projects’ lifecycle.

4. Identify, develop, implement, and support technological standards for the integration and interoperability capabilities of required systems/applications and services.

Business Account Management
1. Manage the vendors performance and Service Level Agreements with agreed controls, alerts, KPIs, dahsboards and reports. Ensure metrics are in line with the IFRC systems criticality – Tier1, 2 and 3 (Microsoft Enterprise Agreement, Microsoft Premier Support, Claranet – Datacenter Services, OpenSystems AG – Managed Security Service Provider, SPIE – Network infrastructure Maintenance, Swisscom – Internet Service Provider, Business Sunrise – Managed VoIP Services, Consultancy contracts..etc.)

2. Perform on-demand and specific vendor review, evaluation, and establish recommendations for improving the design, performance, costs, and reliability of provided services. Define and maintain competitive and state-of-the-art KPI.

3. Lead the procurement, delivery and invoicing of Infrastructure and Security services, including RFPs, in line with the financial and procurement guidelines. Ensure clear definition of services SLAs and costs to clarify potention invoicing disputes for the contracts in scope.

4. Plan infrastructure and Security roadmap 1-2 year ahead aiming at ensuring vendors competitiveness in the market; the best value for money is met with the IFRC standards; streamlining service delivery models and develop proposals for refactoring complex contracts and agreements to rectify inherent contextual obscurity proactively.

5. Take part in quarterly and annual budgeting exercises. Assure the required budget for operational maintenance of the infrastructure and security products, systems, and tools (licenses, warranties, repairs, service fees, utilities) is accurately accommodated in the financial predictions.

Line Manager responsibilities
1. Lead, Coach, and mentor staff and external consultants, including overseeing employee onboarding processes and providing career development planning and opportunities with trainings, conferences, and workshops.

2. Work closely with the HR department to identify, recruit, interview, hire, and retain the most qualified employees.

3. Provide oversight and clear direction to the operating unit employees in accordance with the Organization’s policies and procedures.
4. Empower employees to take responsibility for their jobs and goals. Delegate responsibility and provide regular feedback to subordinates.

5. Promote and encourage a spirit of teamwork and unity among team members that allows for disagreement over ideas, conflict and expeditious conflict resolution, appreciation of diversity and cohesiveness, support, and effective working to enable each employee and the team to succeed.

6. Develop employees using the established performance management and development process that provides a framework to encourage employee contribution. The framework consist of the following items:
a. Defining annual performance objectives for the unit members in line with the agreed activities for the department.
b. Providing regular feedback and guidance.
c. Building up development plans (training portfolio)

7. Create, maintain, and update employee work schedules, including assignments, shifts, job rotations, special leaves, and overtime scheduling.

 

Education

 

Required

  • Engineering degree in computer sciences discipline or equivalent experience
  • ITIL certification or equivalent experience and proven track record of ITIL procedures use in an enterprise environment
  • Microsoft Certified Solutions Associate or Engineer (MCSA/MCSE) – Server and Cloud Infrastructure are required.
  • Information Systems Security certificate or willingness to acquire those deemed necessary.

 

Experience

 

Required

  • Minimum 10 years of professional experience in the administration, setup, maintenance, and management of data centers
  • Minimum 10 years of professional experience in the administration, setup, maintenance, and management of Windows Servers, including failover clustering
  • Minimum 5 years of experience in the architecture and implementation of robust, highly-available, and secure information systems, tools, processes.
  • Minimum 5 years of professional experience in managing enterprise-grade firewall and/or IDS/IPS systems. Knowledge of and ability to effectively troubleshoot issues on protocol layers is a must. Experience with SD-WAN and APM is an advantage.
  • Minimum 3 years of professional experience in operational maintenance and configuration of hybrid cloud infrastructure. (O365, AzureAD, AzureAD Connect, Web Application Proxy…etc.)
  • Understanding networking concepts, topologies, subnetting, and protocols: OSI, TCP/UDP, CIDR/VLSM, NAT/PAT, L2TP/IPSEC, BGP/OSPF, VRRP is a must.
  • Experience in conducting ethical hacking activities and other simulated cyber-attacks, performing risks and vulnerability assessments.
  • Active and hands-on experience in incident hunting using Microsoft-provided on-premises and cloud-based platforms and services and/or well-known third-party applications.
  • Experience in and proven track record of business account management and procurement activities in particular to supplier selection processes (RFP/RFI), contract negotiations, service delivery supervision, invoice approval, and settlement of billing disputes.
  • Experience in the development, implementation, and operative management of CyberSecurity functions (CSIRT/SOC/SecOps/IDR/DR) and services.
  • Experience in service delivery management and reporting tools
  • Experience in managing teams in a supervisory role.

Preferred

  • Experience with the implementation, configuration, custom dashboard development, and automation of SIEM systems and alerts.

 

Knowledge, Skills and Languages

 

KNOWLEDGE AND SKILLS

Required

  • Excellent knowledge and proven experience in Windows Server 2012 or 2016, 2019 Active Directory, Active Directory Federation Services, and Active Directory Certificate Services management.
  • Excellent knowledge and proven experience with software deployment solution tools (SCCM or Intune is an advantage)
  • Good knowledge of antivirus policies and deployment (McAfee and Microsoft) applied to servers and workstations protection
  • Excellent knowledge of cloud concepts (IaaS, SaaS, PaaS), with a proven track record of the management of high-performance computing infrastructure.
  • Good knowledge of industry-standard monitoring systems (MS SCOM, Azure Monitoring, Zabbix…etc.)
  • Excellent knowledge combined with a profound technical understanding of the various protocols involved in the user/device/claim authentication-authorization, file sharing, email delivery, and cryptography operations in a Microsoft Active Directory Domain infrastructure.
  • Good knowledge of TLS/SSL protocols and certificate management is required.
  • Advanced, hands-on PowerShell skills and experience are a must.
  • Proven team player, ability to adjust to different cultures and languages
  • Adept at analysis, problem-solving, solution and end-user result-oriented
  • Affinity for teamwork, collaborative attitude, open-minded and adaptable
  • Well organized, able to work under pressure and manage emergencies
  • Good analytical skills to interpret problems identifies solutions and possible side-effects.

 

LANGUAGES

Required

  • Fluently spoken and written English

Preferred

  • Good command of another IFRC official language (French, Spanish or Arabic)

 

Competencies, Values and Comments

 

Competencies

Values: Respect for diversity; Integrity; Professionalism; Accountability

Core competencies: Communication; Collaboration and teamwork; Judgement and decision making; National society and customer relations; Creativity and innovation; Building trust

Managerial competencies: Managing staff performance; Managing staff development

Functional competencies: Strategic orientation; Building alliances; Leadership; Empowering others

 

Geneva, Switzerland

location