Contract type: Consultancy. Ongoing.
Location: Remote. Any location.
Rate: £72.50 per hour (with higher rate for experienced US-based consultants)
Background
A just and equitable world where communities and ecosystems can thrive is possible. But social injustice, democratic backsliding, and the climate crisis threaten us all. The courageous people and communities daring to speak out face attacks and reprisals from powerful vested interests. Many pay the ultimate price.
Open Briefing is a vital part of the response. We build resistance and resilience among the people and communities challenging power. And we are answering more calls for assistance across more countries than ever before. Last year, our international team provided nearly 6,000 hours of direct support to activists and advocates under threat of physical, digital, and psychological harm across 68 countries.
Alongside this local support, we provide consultancy and advisory to help nonprofits and foundations supporting and resourcing grassroots change to take the right risks. We ensure that these international partners are equipped and empowered by enhancing their security risk management, information security and data protection, and staff care and wellbeing. Our work in this area frequently involves being both a trusted ally and a critical friend.
Our team protects many high-profile activists and well-known organisations. But much of our work is behind the scenes, with ordinary people and communities who are targeted for challenging power. For 13 years, we have worked together towards a better future. And we are just getting started. We are expanding our diverse, inspired, and purpose-driven team; will you join us as one of our new digital and information security consultants?
Role description
You will provide expert and tailored digital, information security, and technology advice and training to grassroots organisations and activists and their international partners at risk. You will help disrupt attacks and reprisals from capable and motivated adversaries.
You will be directly supporting these truth-tellers, changemakers, and risk takers by helping them resist, respond to, and recover from the security threats that they face. You will provide mentoring, technical support, and capacity sharing in a scalable and bespoke manner.
It is a challenging and rewarding role. It requires consultants to work across a broad range of countries, civil society actors, and rights and justice issues. You will be supported in this by experienced and knowledgeable colleagues and leaders in the digital and information security team and wider organisation.
Depending on your skills and experience, your primary responsibilities will include:
- Working with at-risk human rights defenders to help them better understand their allies and adversaries, co-design the actions that they will take to reduce the risks to them and their colleagues, and agree what they will do should things go wrong.
- Working with the boards and leadership teams of international nonprofits and foundations to develop strategies, policies and procedures, share knowledge and build up their capacity, and lead other information risk, privacy, and cybersecurity initiatives.
- Working with teams within nonprofits to support digital safety or other digital initiatives that support their broader mission and risk management, allowing them to mature in their effective and safe use of technology and digital systems.
- Reflecting our organisation’s values and liaising in a professional and friendly manner with the clients and recipients you work with, escalating any concerns or challenges to your line manager.
- Being highly organised and taking ownership of any project management and administration duties for the projects that you are assigned to.
- Sharing learnings with the team and providing input into our processes and procedures in order to help us continuously improve our support to clients and recipients as well as our own information security risk management.
The work of our team is broad, and we are aiming to build a diverse team with a range of skills and experience. You may be a good fit for our team even if you do not have a traditional information security background – we are particularly interested in talking with you if you meet the essential criteria for the role but have a less traditional career pathway!
Depending upon your background, you may have the opportunity to bring (or develop) skills and experience in a wide range of areas:
- Technology change management and/or service management – helping our clients to mature their technology more broadly or providing direct support to implement digital safety recommendations.
- Blended, ‘holistic’ crisis response and advice – working in close collaboration with specialists in physical safety, wellbeing, and other risk management domains.
- Crisis or incident management, for instance developing or implementing incident response plans or supporting clients as a ‘breach coach’ or critical friend.
- Carrying out privacy impact assessments, data protection analysis, and/or supporting teams to incorporate data protection principles or regulations into their work, perhaps drawing from inhouse or external work in data protection.
- Delivering training or capacity sharing, for instance via security awareness work, digital security training, or other work with at-risk populations or user cohorts.
- Measuring the effectiveness of the safeguards employed by nonprofits, grassroots defenders, or others – perhaps using one or more frameworks, such as the CIS Critical Controls, Cyber Essentials, ISO27k1 Suite, or Safetag, or leveraging another approach entirely.
- Directly making technical changes with clients to implement safeguards across specific technical domains, such as endpoint management, and, the administration or implementation of cloud platforms, such as Microsoft 365 or Google Workspace.
Person specification
Essential
- You will have considerable professional experience either:
- building the capacity of international nonprofits and foundations in information security management and digital resilience, including control or capability-based assessment, security operations, relevant research, or other internal management practice; and/or
- providing digital safety advice and training to human rights defenders, grassroots organisations, and social movements.
- You will have strong, rounded knowledge of cybersecurity and information security risk management, including in contexts with determined or sophisticated threat actors, such as those targeting human rights defenders, NGOs, or journalists.
- You will be highly organised and possess strong project management skills.
- You will be sensitive to the progressive and rights-based missions and diverse profiles of our clients and other stakeholders.
- You will be a good listener and able to thoughtfully adapt your approach and style to suit different projects and stakeholders, in particular in low-resource settings and with counterparts who may not be specialists or technologists.
- You will have good written and spoken English.
Desirable
- You may have a proven track record of in one or more of:
- Change management in the nonprofit sector.
- Delivering training in-person and remotely to a diverse range of learners.
- Engaging with senior leadership and board members.
- Experience assessing and managing risk to people.
- Using frameworks, such as CIS, NIST, PCI-DSS, or Cyber Essentials.
- Working in an integrated way with other risk domains, such as physical security and wellbeing, as part of multidisciplinary teams.
- You may have broader experience in data protection, privacy, technology, or digital rights.
- You may have worked as a line manager, trainer, or mentor to grow and develop individuals, enhance their skills, and support them in identifying and achieving broader objectives.
- You may have excellent written and spoken French, Spanish, Portuguese, Arabic, or other additional languages.
Terms and remuneration
We are a remote-first organisation, and this is a home-working role with some potential for international travel. We are looking for someone who wants to become part of our close-knit team and develop a long-term working relationship with us and our clients.
You will be properly onboarded and continually supported by empowering managers and highly-experienced colleagues. Your line manager will be James Eaton-Lee, our director of digital and information security.
We welcome applications from established consultants with a range of backgrounds, experiences and profiles, from anywhere in the world. The hours can vary from month to month, depending on demand and your availability, and the role may require occasional remote meetings outside of normal office hours depending on your location. Please note that this role is not suitable for those in full-time employment or currently searching for full-time employment.
For responsive work via our fully-funded assistance programme, you will typically need to be available to take on new assignments by agreement within 72 hours. Broader, proposal-driven work with clients is typically more flexible in terms of timing.
As part of our duty of care, it is our policy to identify and communicate any risks associated with the roles that we recruit for and set out how we mitigate them. Working directly with human rights defenders and others at risk means that some people in this role might experience threats to their wellbeing, including possibly stress, compassion fatigue, secondary trauma, and challenges maintaining a proper work-life balance.
Our organisational wellbeing framework ensures that such risks are mitigated through our pyramid of wellbeing at work, starting with an inspiring vision and strategy, and moving through clear personal objectives, high-performing teams, effective line management, and fair rewards and conditions, before ending with professional support, including coaching and counselling. As part of this, your line manager will work with you to ensure that you have a wellbeing and resilience plan in place and that your workload is balanced to your needs and capacity.
You will receive £72.50 per hour (or a higher rate for experienced US-based consultants primarily doing work in the United States); ongoing mentoring, professional coaching, and training; and a package of wellbeing and mental health support, including an Employee Assistance Programme. Note, as a consultant, you will need to have or obtain your own professional indemnity insurance, including cover for work in the United States.
We provide an inspiring vision and strategy, clear personal objectives, high-performing teams, effective line management, fair rewards and conditions, and professional support, including coaching and counselling.Click To TweetDiversity, equity, and inclusion
Open Briefing values diversity. We are committed to being equitable and inclusive, and to being a place where all can be their authentic selves. We therefore encourage applications from all who may meet the person specification and particularly from candidates who are from historically-marginalised communities and are underrecognised in our digital and information security team. This currently includes Black, Indigenous, and People of Colour and women and/or non-binary people. Please read our diversity, equity, and inclusion policy for more information.
Open Briefing is neuroinclusive, positive about mental health, and a Disability Confident Employer. We welcome applications from all candidates who meet the person specification. Please let us know in your cover letter how we can be the recruiter and employer that you need us to be.
We are an accredited Living Wage employer. The pay ratio in our organisation is currently only 2.4 : 1. We follow the gender pay gap reporting guidance from the UK government. We have completed an inclusive language analysis of the text of this advert, and checked it using the Gender Decoder tool.
How to apply
To apply, please email your CV to [email protected]. Please also include a cover letter of no more than two pages including:
- What excites you about Open Briefing and the role of digital and information security consultant.
- How you meet the advertised person specification.
- Three key challenges you think our clients might face in improving or maintaining their digital and information security programme, and an example of a project in which you worked with an organisation to address one or more of these challenges.
We will conduct interviews on a rolling basis until we recruit suitable candidates. If you are interested in this role, please submit your application as early as possible.