Information Security Officer

The Partnership for Supply Chain Management Job Description

 

TITLE:                                Information Security Officer (ISO)

REPORTS TO:                    IT Director

LOCATION:                        Project Management Office, Woerden, NL (PMO-NL)

STATUS:                            Full-time

 

Organization description

The Partnership for Supply Chain Management (PFSCM) focuses on strengthening and managing secure, reliable, cost-effective, and sustainable global supply chains to enhance health and well-being in low- and middle-income countries by increasing access to quality and affordable health products. We assist governments, non-profit organizations, and humanitarian agencies in achieving their public health objectives through cost-saving procurement, efficient logistics, pharma-grade storage, last-mile delivery solutions, and real-time data tracking. PFSCM is dedicated to customer satisfaction and service excellence, which is reflected in our adherence to an ISO 9001:2015 certified Quality Management System and alignment with ISO 20400 for Sustainable Procurement, which underpins all our processes and services.

As an affiliate of JSI Research & Training Institute, Inc. (JSI), a leading international public health and education consultant company in the U.S., PFSCM operates from its project management headquarters in Washington D.C., and has an operational facility in Woerden, Netherlands. Additionally, we leverage the extensive network of 50 JSI offices around the world, allowing us to access their technical and operational expertise.

PFSCM's global team includes a diverse array of professionals from various countries who contribute to the effectiveness of our services. This diversity enriches our ability to connect with clients and collaborate internally. We believe our mission can be achieved by fostering a purpose- and results-driven culture. We strive to create an environment where our values of collaboration, learning, proactivity, problem-solving, and outcome orientation are reflected in our daily work.

 

Overall responsibilities

The Information Security Officer (ISO) is responsible for developing, implementing, and maintaining the organization’s information security program and reporting to the IT Director. The ISO ensures the confidentiality, integrity, and availability of PFSCM’s data, systems, and IT assets, and ensures compliance with relevant security standards and regulations. The ISO works closely with IT leadership, business units, and external partners to manage risks, respond to incidents, and promote a culture of security awareness across the organization.

 

Specific responsibilities

• Develop, implement, and maintain information security policies, procedures, and standards in alignment with organizational objectives and regulatory requirements (e.g., GDPR, ISO 27001).
• Conduct regular risk assessments, vulnerability scans, and security audits to identify and address potential threats to information assets.
• Lead incident response planning and execution, including investigation, containment, remediation, and reporting of security incidents.
• Oversee identity and access management, ensuring appropriate controls for user authentication and authorization.
• Collaborate with IT teams (Cloud & Infrastructure, Data Engineering & Applications) to ensure security best practices are integrated into all technology initiatives and operations.
• Monitor security trends, emerging threats, and regulatory changes, and recommend appropriate risk mitigation strategies.
• Manage PFSCM’s security awareness training program for staff, contractors, and partners to foster a security-conscious culture.
• Ensure compliance with contractual, legal, and regulatory requirements related to information security and data privacy.
• Prepare and present regular reports on security posture, risks, and incidents to the IT Director and executive leadership.
• Manage relationships with external security vendors, auditors, and regulatory bodies as needed.

Qualifications

Professional and Technical Knowledge

• Bachelor’s or master’s degree in information security, Computer Science, Information Technology, or a related field.
• 7+ years of experience in information security, risk management, or related IT roles.
• Professional security certifications preferred (e.g., CISSP, CISM, CISA, ISO 27001 Lead Implementer).
• Strong knowledge of security frameworks, standards, and regulations (e.g., ISO 27001, NIST, GDPR).

• Ability to work comfortably with Microsoft Office software, specifically Word, Excel, and PowerPoint. Preferably advanced user level of Excel.
• Willingness and availability to travel, and perform other duties as needed.
• Must be eligible to work in the Netherlands.

Interpersonal skills/Communication

• Active listener: Listens carefully to different stakeholders (IT, business, vendors, leadership), checks understanding, and adjusts messages accordingly.
• Clear and structured communicator: Explains complex security topics in simple, structured language for non‑technical audiences and adapts depth for technical teams.
• Stakeholder & relationship builder: Builds trust quickly, manages expectations, and maintains constructive relationships with internal and external partners.
• Culturally sensitive collaborator: Works effectively with people from diverse backgrounds; is aware of cultural differences and tailors style and approach.

Continuous improvement/Innovative

• Learning‑oriented: Curious about new threats, technologies, and regulations; actively seeks new knowledge and applies it.
• Improvement mindset: Regularly challenges “how we do things” and looks for safer, more efficient ways of working, not just maintaining the status quo.
• Change champion: Can influence others to adopt new security practices and handles resistance constructively.

 

Priority Setting, Problem Solving, & Detail Orientation 

• Analytical mindset: Breaks down complex situations (risks, incidents, audit findings) into clear components and sees patterns in data.
• Pragmatic problem solver: Quickly identifies root causes, weighs options, and chooses realistic, risk‑based solutions under time pressure.
• Strong sense of priorities: Distinguishes between critical and non‑critical issues and focuses attention and resources where risk is highest.
• High attention to detail: Works accurately with configurations, access rights, policies, and documentation; spots inconsistencies and gaps.

 

 Leadership/Strategic Thinking

• Strategic thinker: Sees the bigger picture and links security decisions to organizational goals, risk appetite, and long‑term impact.
• Decisive under pressure: Takes ownership and makes clear decisions in incidents and crises, even with incomplete information.
• Influential leader: Shapes direction, secures buy‑in, and aligns IT, business units, and leadership around security priorities.
• Accountability & ownership: Feels personally responsible for the organization’s security posture and follows through on commitments.

Disclaimer:

PFSCM is committed to providing equal employment opportunities for all qualified applicants and employees and to fostering a workplace free from discrimination. We believe in upholding the values of individual merit, hard work, and excellence, and we actively oppose any practices that promote illegal preferences or actions in hiring, contracting, or other employment decisions or practices. We strive to create an environment where every individual is treated with dignity and respect, and we are dedicated to promoting a culture that recognizes and rewards individual initiative and achievements.

If you are an individual with a disability or a disabled veteran and unable to apply online for an available position, you may submit your request for reasonable accommodation by calling Human Resources at 617-482-9485.