• Lead the design, development, delivery, and quality assurance of the organization’s global safety and security training framework • Establish consistent, high-quality internal training for Relief International staff and partners operating in complex and high-risk contexts • Deliver training directly and build internal capacity across all countries of operation • Ensure an inclusive approach for safety and security training across the organization • Deploy in support of country teams/incident management in a responder capacity • Develop a global organizational training strategy for safety and security training based on industry and sector best practice • Develop modular training that can be adapted on a need basis • Create training for both online/e-learning and in-person • Align training with recognized training bodies and standards for quality assurance

• Drive the implementation of technical controls and evidence gathering in collaboration with engineering for compliance standards and frameworks such as ISO 42001 and FedRAMP 20X. • Manage the daily operational reality of audits, customer questionnaires, and internal IT/Security support requests while relentlessly identifying friction and engineering automated workflows to make these tasks self-service over time. • Rapidly prototype and ship internal tools, custom Vanta integrations, and scripts using AI-assisted development to close automation gaps and eliminate manual work across Security, IT, and Engineering. • Work with application, data, infrastructure, and ML engineering teams on implementing secure design patterns and governance best-practices. You will be a trusted technical advisor and doer who speeds up production deployments rather than blocking them by automating processes like AI risk assessments and secure architecture reviews.

• The Procurement Manager – Cybersecurity is responsible for sourcing, evaluating, and managing vendors that provide cybersecurity solutions, software, and services. • Ensure that all technology acquisitions align with the organization’s security strategy, budget, and compliance requirements. • Collaborate with IT, legal, and finance teams to negotiate contracts, mitigate supply chain risks, and maintain strong vendor performance and security standards. • Develop and execute procurement strategies for cybersecurity tools, services, and infrastructure. • Identify, evaluate, and onboard cybersecurity vendors and technology providers. • Monitor vendor performance, conduct periodic audits, and ensure adherence to contractual and cybersecurity obligations.

• Collaborate with Technology and Product teams to conduct security assessments, ensuring code and infrastructure changes align with SOC 2, PCI-DSS, and internal policies. • Automate compliance and control activities such as risk assessments, vulnerability scanning, third party risk management, and control validation. • Create monitoring and detective alerts for security operations, non-compliance, and incident response. • Responsible for maintaining a healthy posture of our security tools and automations. • Provide support for third-party assessments from customers and audit evidence collection and review. • Expand beyond purely identifying gaps and risks, and own the design and implementation of monitoring and remediating them. • Span across multiple security domains, you’ll be able to flex into technical and non-technical roles to drive risk detective and mitigative projects.