Terms of Reference: Data Security Consultant for CIVICUS

Posted by
Johannesburg, GP, South Africa


Published 9 days ago

April 1, 2021
March 10, 2021

Introduction to CIVICUS 

CIVICUS exists to defend people power. As a growing global alliance of more than 10,000 members in 175 countries, we work together to monitor violations of basic civic freedoms, call out the perpetrators of violations and strengthen the power of people to organise by supporting a more accountable, effective and innovative civil society. We strive to promote excluded voices, especially from the Global South.  Our staff is based in more than 20 countries across 5 continents, with offices in Johannesburg (headquarters), New York and Geneva. 


CIVICUS seeks a Data Security Consultant who will support the development and implementation of CIVICUS’ data protection strategy, as well as its compliance with data security regulations, such as the General Data Protection Regulation. The consultancy will run over a 6-month period and the consultant will be responsible for identifying vulnerabilities and working with our IT department to resolve them, ensuring that our network and data remains secure. 

Scope and Deliverables: 

Service Required 


Data management  

·        Create an inventory of all data processing activities conducted by the organisation.  

·        Propose an internal security policy in consultation with the CIVICUS Data and Digital Security Group.   

·        Create a list of cybersecurity measures we have in place, as well as potential gaps. 

·        Advise on data migrations and data deletions. 

·        Identify areas of non-compliance with GDPR, POPI and other data security requirements.  

·        Help to assess damage and determine responses to documented data security breaches. 

Capacity development  

·        Support skills-sharing and training with CIVICUS employees on important data compliance practices.  

·        Assess department and staff adoption of mandated data policies and practices. 

·        Support the creation of a programme for onboarding new employees with CIVICUS data and digital security practices and policies. 

·        Attend bi-weekly data and digital security calls with the CIVICUS Data and Digital Security Group. 

Reporting protocols 

·        Create a protocol for how to report data breaches to data regulatory authorities. 

·        Create a protocol for how to report a data breach to our members and other contacts for whom we store data. 

·        Produce a protocol for how to action data requests from our contacts who might want to change or erase their data.  

IT operations 

·        Collaborate with IT cluster to update IT policy as it relates to data security. 

·        Provide advice on good practice in IT infrastructure management (Microsoft ecosystem, Website Content Management Systems, Content Relationship Management systems, Sage Finance Software) 

·        Identify potential areas of IT integration and create roadmap for implementation. 

·        Review the security settings for all IT platforms that process and store personal data and make recommendations on how to enhance security. 

·        Support implementation of organisational wide password manager 


Person Specification 

Education, Language & Qualifications 

·        Law degree or Degree in Computer Science or a technology related field, or equivalent experience 

·        Hold at least one Data Protection and or Privacy Certification 

Essential Knowledge, skills and Experience 

·        Expert knowledge of data protection law and practices 

·        Expert knowledge of IT and data management systems (including the configuration of firewalls, network load balancers, network routers and switches and other major components of IT systems 

·        Experience in developing compliance training 

Desirable Knowledge, skills and Experience 

·        Excellent problem solving and analytical skills 

·        Ability to educate non-technical staff about security measures 

·        Effective verbal and written communication skills 

·        Programming skills in C/C+ and Python 

Terms and conditions  

The CIVICUS Code of Conduct (CoC) sets out the standards which all staff members must adhere to. The consultant will be expected to adhere to the CoC. Additional terms and conditions of service shall be spelt out in the contract.  

Introduction to CIVICUS 

CIVICUS exists to defend people power. As a growing global alliance of more than 10,000 members in 175 countries, we work together to monitor violations of basic civic freedoms, call out the perpetrators of…

Details at a glance

  • Full Time Schedule
  • Contract
  • 4-Year Degree Required
  • Managerial


Work may be performed anywhere in South Africa
Associated Location
24 Pim Street, Newtown 2001, Johannesburg, GP, ZA

Join This Job


Mode of application 

Applications should be submitted to on or before 10 March 2021.   

If you have questions, please contact by 5 March 2021 to ensure a response before the deadline for applications.  

All applications should include the following:  

  • Company credentials and/or Curriculum Vitae (CVs) and three recent references 
  • Short description of proposed technical approach with an illustrative work plan 
  • Financial proposal 
  • Profile and/or portfolio of previous work 
  • Certificates of data security training 

All fields are required
Resume must be uploaded in PDF format
Drag file here or browse
No file chosen
By using the Idealist Application system, you consent to sharing your resume and other personal data with potential employers in accordance with Idealist’s Privacy Policy and Terms of Service.

Join Idealist

Sign up today to save your favorite jobs and get email alerts when new ones are posted.