Job Opportunity for Lead, Information Security at Room to Read in Global Office Asia – Main – New Delhi

**Job Title:** Lead, Information Security

**Job Location:** Global Office Asia – Main – New Delhi

**About Room to Read:**

Founded in 2000, Room to Read is a non-profit organization dedicated to creating a world free from illiteracy and gender inequality through education.  They work in historically low-income communities to develop literacy skills and support girls’ education, collaborating with governments and partner organizations to achieve large-scale positive outcomes for children.  Room to Read has impacted over 45 million children across 24 countries.

**Job Overview:**

This role focuses on security compliance management within Room to Read.  The Lead, Information Security will act as an individual contributor, identifying security gaps, developing mitigation strategies, and implementing processes to monitor and audit information.  This includes drafting and articulating information security policies, assessing personnel security information, leading employee awareness training, conducting assurance tests, and supporting internal and external audits.  Collaboration with cross-functional stakeholders is crucial to balance compliance with delivering optimal security solutions within contractual, regulatory, and RtR standard frameworks. This position reports to the Senior Director, Global Technology.

**Duties & Responsibilities:**

* Functional experience in IT security Governance, Risk, and Compliance Management (GRC).

* Identify security gaps across various technology sub-domains (applications, cloud, IT services, helpdesk) and collaborate with country officers on detailed assessments.

* Draft and articulate Information and Cyber Security Policies, advising management and information users on implementation.

* Work with the IT function to identify, develop, implement, and maintain enterprise-wide processes (cloud, network, on-prem infrastructure) to reduce information and IT risks.

* Implement and maintain standards such as ISO 27001, BCMS, NIST, and PCI DSS.

* Demonstrate a solid understanding of IT control frameworks and GRC, particularly regarding SOC2 Type I and Type II.

* Possess working knowledge of the overall risk management process, including conducting/participating in internal/external risk assessments and remediation.

* Experience across multiple Information Security domains: IT Regulatory/policy Compliance, IS Governance, Risk Management, and IT Infrastructure Security.

* Experience in end-to-end risk remediation planning, resolution, and monitoring, including Technology Continuity Management planning and testing.

* Collaborate with senior business and IT Services leaders to resolve complex risk issues.

* Identify and correct end-to-end IT security risks associated with vendors, donors, and external stakeholders.

* Identify, evaluate, and manage application security risks.

**Qualifications and Desired Skills:**

* 5 to 7 years of relevant experience in IT Security & GRC in multiple capacities.

* Bachelor’s degree in IT, Computer Science, Cyber Security, or equivalent experience.

* Certifications such as ISO 27001, CISA, CRISC, CISM are advantageous.

* Understanding of cloud security standards (e.g., Azure/AWS/GCP).

* Excellent written and spoken English.

* Detail-oriented with excellent research, analytical, and critical thinking skills.

* Strong documentation, oral and written communication, and interpersonal skills.

* Ability to work independently and as part of a team.