Pracovní nabídka
In 2019 Médecins Sans Frontières (MSF) opened a Shared IT Services center (SITS) in Prague, with the aim to streamline the delivery of information technology (IT) services on a global scale through increasing efficiency, reducing duplicated efforts, and improving the quality of shared technology support services.
SITS is a key partner in IT projects across MSF, with the capabilities and resources to provide end-to-end solutions for sections with minimal internal IT resources, including all associated aspects from design, build and implementation to change and communication management. For larger sections and global strategic projects, SITS provides services which improve quality, efficiency and overall success of technology innovation.
SITS offers a range of cybersecurity services to all MSF entities, which are critical for the continuity of its daily operations on a global level. As a digital services provider headquartered in Prague, Czech Republic, SITS must comply with NIS2 and the Czech Cybersecurity Act, passed in 2025.
Mission:
The Head of Security leads the development and delivery of cybersecurity services within MSF’s Shared IT Services (SITS) center in Prague, ensuring that MSF entities worldwide have access to reliable, effective, and context‑appropriate security capabilities.
The role is responsible for transforming information security from a primarily control‑ and compliance‑driven function into a mature, service‑oriented cybersecurity capability, with particular focus on compliance with the EU NIS2 Directive (Czech Cybsecurity Act) and the creation of an integrated, organization‑wide Security Operations Capability (SOC). The Head of Security ensures that cybersecurity services protect sensitive data, support operational continuity, and enable MSF to work safely in complex and high‑risk environments. The role promotes cybersecurity as an enabling capability that supports reliable technology delivery, operational continuity, safe adoption of new platforms, and responsible innovation across MSF.
This position reports to the General Manager and is a member of the Extended Management Team.
Responsibilities:
Cybersecurity Service Strategy & Portfolio Development
- Define and own the cybersecurity services portfolio for SITS, covering prevention, detection, response, and recovery capabilities
- Design services as reusable, scalable offerings (e.g. SOC services, incident response, vulnerability management, security monitoring) consumable by MSF entities
- Establish clear service definitions, service levels, operating models, and service roadmaps aligned with MSF priorities and risks
- Align the cybersecurity roadmap with the broader SITS technology roadmap, ensuring that security initiatives are realistic, sequenced, funded and integrated with platform and service evolution
- Continuously assess service effectiveness, coverage, and maturity, and drive improvements based on threat evolution and organizational needs
- Contribute to annual budgeting, cost planning, and financial monitoring for cybersecurity services, including external providers and tools
- Ensure vendor selection, contract management, and service performance are aligned with organizational procurement and compliance requirements
Strategic Leadership & Governance
- Set the overall direction for information security and cybersecurity services, ensuring alignment with MSF’s mission, values, and decentralized operating model
- Lead and develop multidisciplinary cybersecurity teams, including SOC, engineering, governance, risk, and advisory functions
- Act as a senior partner to MSF entities, enabling informed decisions about cybersecurity service adoption and prioritization
- Embed security‑by‑design and service thinking into Shared IT Services planning and delivery processes
- Define and maintain a cybersecurity KPI framework to measure service performance, risk reduction, regulatory compliance, incident response effectiveness, and continuous improvement across SITS security service
NIS2 Compliance as an Enabler of Services
- Lead the implementation of NIS2 requirements in a way that strengthens and structures cybersecurity services rather than creating parallel compliance processes
- Ensure Management sign-off for security-related policies
- Translate regulatory obligations into concrete, operational services such as incident handling, monitoring, risk management, and reporting
- Define clear shared responsibilities between cybersecurity, technology teams, service owners and MSF entities for risk ownership, control implementation, monitoring and incident response
- Provide authority for incident escalation and act as liaison with regulatory authorities as needed
- Ensure cybersecurity services support NIS2 expectations around resilience, detection, response, and supply‑chain security
- Provide guidance and support to Operations team for security-related aspects of facilities management under NIS2
- Work closely with the Head of Technology and technology service owners to ensure cybersecurity requirements are embedded into platform, infrastructure, cloud, application, workplace and data services from design through operation
- Coordinate audits, assessments, and regulatory interactions while minimizing operational burden on MSF entities
Integrated SOC Design & Service Delivery
- Design, build, and operate an integrated Security Operations Capability (SOC) as a shared service for MSF globally
- Define the SOC service catalogue, including monitoring, alerting, incident response coordination, threat intelligence, and reporting
- Select and integrate tools, platforms, and data sources to provide effective, centralized visibility while supporting distributed operations
- Establish clear onboarding models for MSF entities to consume SOC services, including roles, responsibilities, and escalation paths
- Ensure the SOC delivers actionable, context‑aware security outcomes, particularly for field operations and high‑risk environments
Incident Response & Operational Support Services
- Ensure the availability of structured, well‑practiced incident response services, including coordination during major cyber incidents
- Lead the development of playbooks, runbooks, and crisis communication processes tailored to MSF’s operational context
- Support MSF entities before, during, and after security incidents, including post‑incident analysis and service improvement
- Align incident response services with business continuity and crisis management frameworks
Risk Management, Engineering & Resilience Services
- Develop and deliver security services to MSF entities as agreed with the SITS Management Team and Board
- Ensure cybersecurity requirements are integrated into system design, cloud services, endpoint management, and third‑party services
- Strengthen resilience services such as backup, recovery, and cyber‑crisis preparedness in collaboration with IT and operational teams
- Oversee security architecture and engineering initiatives that enable scalable, service‑based security controls
Collaboration, Adoption & Capacity Building
- Drive adoption of cybersecurity services by working closely with MSF entities, explaining value, limitations, and responsibilities
- Ensure services are adaptable to diverse operational contexts, including low‑connectivity and high‑risk environments
- Promote security awareness and training as part of the overall cybersecurity service offering
- Build strong internal and external partnerships to extend service capabilities where appropriate
Requirements:
Professional requirements
Essential
- Extensive experience in information security or cybersecurity, including senior leadership responsibility
- Proven experience designing, delivering, and maturing cybersecurity services in a complex or distributed organization
- Strong understanding of security operations and incident response, with hands‑on experience establishing or leading a SOC or equivalent capability
- Solid knowledge of cybersecurity risk management and common frameworks (specifically ISO 27001 and NIST CSF), applied pragmatically
- Experience translating regulatory or compliance requirements (e.g. NIS2 or similar) into operational security capabilities
- Demonstrated ability to lead multidisciplinary teams and work effectively in a federated or shared‑services environment
- Excellent communication skills, able to engage senior management and non‑technical stakeholders
- Fluency in English
- Ability to operate in sensitive, high‑risk contexts
Desirable
- Direct experience with the EU NIS2 Directive or other cybersecurity regulatory regimes
- Experience in international, non‑profit, humanitarian, or public‑sector organizations
- Experience managing external security service providers or outsourced SOC services
- Familiarity with cloud‑based and hybrid IT environments at scale
Personal requirements
- Strong alignment with MSF’s humanitarian values and sensitivity to ethical, operational, and contextual considerations
- Pragmatic, solutions‑oriented approach, with the ability to operate effectively under uncertainty and resource constraints
- High level of integrity, discretion, and accountability in handling sensitive information
- Resilience and calm decision‑making in high‑pressure or crisis situations
Adherence to MSF principles
Adherance to MSF Behavioural Commitments
What we can offer you:
- Interesting professional and personal challenge
- Rewarding and meaningful work in a young, dynamic, and rapidly growing truly international humanitarian organization
- Full flexibility and ownership/accountability
- 25 days of holiday per year; 6 sick days per year
- Flexible working hours, working from home
- Possibility to receive the 13th salary (after probation period)
- Meal vouchers
- Cafeteria / Pension scheme
- MultiSport card
- Language courses
- Transportation allowance: 10 CZK/calendar day
- Relocation package for former MSF field employees who change their regular domicile location in order to work in MSF SITS Prague office
- Possibility to go for a "sabbatical leave“ / mission, once per 3 years
- Free refreshment at the workplace
- Dog friendly office, etc.
- Team buildings / family days
Who we are:
Médecins Sans Frontières (MSF) / Doctors Without Borders is an international, independent, medical humanitarian organisation that delivers emergency aid to people affected by armed conflict, epidemics, natural disasters, and healthcare exclusion. MSF offers assistance to people in need and irrespective of race, religion, gender, or political affiliation. MSF’s actions are guided by medical ethics and the principles of impartiality, independence, and neutrality. Over 90% of the organization’s funding comes from individual private donors giving small amounts.
The organisation was founded in 1971 in France by a group of doctors and journalists in the wake of war and famine in Biafra, Nigeria. Their aim was to establish an independent organization that focuses on delivering emergency medicine aid quickly, effectively and impartially. Three hundred volunteers made up the organization when it was founded: doctors, nurses and other staff, including the 13 founding doctors and journalists.
Today, MSF is a worldwide movement of more than 65,000 people working in 21 sections, 12 branch offices, 5 Operational Centres and three supply centres worldwide. There are as many IT departments as sections, and together they support more than 32,000 system users spread over MSF offices and missions across the globe. To gain in efficiency and improve end-user experience, MSF has built its own Shared IT Services (SITS) Centre in Prague.