Digital and information security consultant

You will be directly supporting these truth-tellers, changemakers, and risk takers by helping them resist, respond to, and recover from the security threats that they face. You will provide mentoring, technical support, and capacity sharing in a scalable and bespoke manner.
It is a challenging and rewarding role. It requires consultants to work across a broad range of countries, civil society actors, and rights and justice issues. You will be supported in this by experienced and knowledgeable colleagues and leaders in the digital and information security team and wider organisation.

Depending on your skills and experience, your primary responsibilities will include:

• Working with at-risk human rights defenders to help them better understand their allies and adversaries, co-design the actions that they will take to reduce the risks to them and their colleagues, and agree what they will do should things go wrong.

• Working with the boards and leadership teams of international nonprofits and foundations to develop strategies, policies and procedures, share knowledge and build up their capacity, and lead other information risk, privacy, and cybersecurity initiatives.

• Working with teams within nonprofits to support digital safety or other digital initiatives that support their broader mission and risk management, allowing them to mature in their effective and safe use of technology and digital systems.

• Reflecting our organisation’s values and liaising in a professional and friendly manner with the clients and recipients you work with, escalating any concerns or challenges to your line manager.

• Being highly organised and taking ownership of any project management and administration duties for the projects that you are assigned to.

• Sharing learnings with the team and providing input into our processes and procedures in order to help us continuously improve our support to clients and recipients as well as our own information security risk management.

The work of our team is broad, and we are aiming to build a diverse team with a range of skills and experience. You may be a good fit for our team even if you do not have a traditional information security background – we are particularly interested in talking with you if you meet the essential criteria for the role but have a less traditional career pathway!

Depending upon your background, you may have the opportunity to bring (or develop) skills and experience in a wide range of areas:

1. Technology change management and/or service management – helping our clients to mature their technology more broadly or providing direct support to implement digital safety recommendations.

2. Blended, ‘holistic’ crisis response and advice – working in close collaboration with specialists in physical safety, wellbeing, and other risk management domains.

3. Crisis or incident management, for instance developing or implementing incident response plans or supporting clients as a ‘breach coach’ or critical friend.

4. Carrying out privacy impact assessments, data protection analysis, and/or supporting teams to incorporate data protection principles or regulations into their work, perhaps drawing from inhouse or external work in data protection.

5. Delivering training or capacity sharing, for instance via security awareness work, digital security training, or other work with at-risk populations or user cohorts.

6. Measuring the effectiveness of the safeguards employed by nonprofits, grassroots defenders, or others – perhaps using one or more frameworks, such as the CIS Critical Controls, Cyber Essentials, ISO27k1 Suite, or SAFETAG, or leveraging another approach entirely.

7. Directly making technical changes with clients to implement safeguards across specific technical domains, such as endpoint management, and the administration or implementation of cloud platforms, such as Microsoft 365 or Google Workspace.

Person specification

• You will have considerable professional experience either:

• building the capacity of international nonprofits and foundations in information security management and digital resilience, including control or capability-based assessment, security operations, relevant research, or other internal management practice; and/or

• providing digital safety advice and training to human rights defenders, grassroots organisations, and social movements.

• You will have strong, rounded knowledge of cybersecurity and information security risk management, including in contexts with determined or sophisticated threat actors.

• You will have experience working with both: 

• US-based civil society and/or at-risk groups; and

• Mexico-based civil society and/or at-risk groups. 

We are looking for candidates with a strong understanding of both the US and the Mexican contexts based on professional and/or lived experience, but will consider candidates with experience in only one of these target countries. 

• You will be highly organised and possess strong project management skills.

• You will be sensitive to the progressive and rights-based missions and diverse profiles of our clients and other stakeholders.

• You will be a good listener and able to thoughtfully adapt your approach and style to suit different projects and stakeholders, in particular in low-resource settings and with counterparts who may not be specialists or technologists.

• You will possess native or strong/fluent Spanish language skills (written and spoken).

• You will possess native or strong/fluent English language skills (written and spoken).

• You will be based in a time zone that is UTC +/- 3 hours.

• You may have a proven track record of in one or more of:

• Change management in the nonprofit sector.

• Delivering training in-person and remotely to a diverse range of learners.

• Engaging with senior leadership and board members.

• Experience assessing and managing risk to people.

• Using frameworks, such as CIS, NIST, PCI-DSS, or Cyber Essentials.

• Working in an integrated way with other risk domains, such as physical security and wellbeing, as part of multidisciplinary teams.

• You may have broader experience in data protection, privacy, technology, or digital rights.

• You may have excellent written and spoken French, Portuguese, Arabic, or other additional languages.

Terms and remuneration

We are a global, remote-first, and digital nomad-friendly organisation. This is a home-working role with some potential for international travel.  

We are looking for someone who wants to become part of our close-knit team and develop a long-term working relationship with us and our clients. You will be properly onboarded and continually supported by empowering managers and highly-experienced colleagues. Your line manager will be Ashley Fowler, our director of digital and information security.

We welcome applications from established consultants with a range of backgrounds, experiences, and profiles, and from anywhere in the world. The hours can vary from month to month, depending on demand and your availability, and the role may require occasional remote meetings outside of normal office hours depending on your location. Please note that this role is not suitable for those in full-time employment or currently searching for full-time employment. 

For responsive work via our fully-funded assistance programme, you will typically need to be available to take on new assignments by agreement within 72 hours. Broader, proposal-driven work with clients is typically more flexible in terms of timing.

You will receive £73.50 per hour, ongoing mentoring and training, and a package of wellbeing and mental health support, including an Employee Assistance Programme.

As a consultant, you will need to have or obtain your own professional indemnity insurance, including cover for remote work worldwide, including the United States.

Diversity, equity, and inclusion

Open Briefing values diversity. We are committed to being equitable and inclusive, and to being a place where all can be their authentic selves. We therefore encourage applications from all who may meet the person specification and particularly from candidates who are from racialised communities and others who are underrecognised in our team, including Black, Indigenous, and People of Colour. Please read our diversity, equity, and inclusion policy for more information. 

Open Briefing is neuroinclusive, positive about mental health, and a Disability Confident Employer. We welcome applications from all candidates who meet the person specification. We will share the interview questions with you in advance and make closed captions available during interviews. Beyond that, please let us know in your cover letter how we can be the recruiter and employer that you need us to be.

We follow the gender pay gap reporting guidance from the UK government. We have checked the text of this advert using the Gender Decoder tool. 

Safeguarding

Open Briefing is dedicated to upholding the highest safeguarding standards, ensuring a culture of respect and protection for both our internal and external stakeholders. Our approach encompasses preventative measures and a strong response mechanism to any safeguarding concerns, guided by a survivor/victim-centred ethos. We enforce a strict zero-tolerance policy towards any violations of safeguarding policies, ensuring that all concerns are addressed promptly and appropriately. Our safeguarding policy is available here. 

As part of our duty of care, it is our policy to identify and communicate any risks associated with specific roles and set out how we mitigate them. Working directly with human rights defenders and others at risk means that some people in this role might experience threats to their wellbeing, including possibly stress, compassion fatigue, secondary trauma, and challenges maintaining a proper work-life balance. Our wellbeing policy and procedure set out the mechanisms and‬ resources we have put in place to mitigate and address these risks.

How to apply

To apply, please submit your application using the form here. 

We will conduct interviews on a rolling basis until we recruit a suitable candidate. If you are interested in this role, please submit your application as early as possible. The successful applicant will need to complete a reasonable vetting process before engagement.

NA