Digital and Information Security Consultant

Background

People and communities around the world have the solutions to social injustice, authoritarianism, and the climate crisis. But repressive governments, corrupt corporations, and armed groups use violence and oppression to try and silence them.

By building resistance and resilience among those challenging unaccountable power, Open Voices supports a shared vision for a world where communities and ecosystems can thrive.

As a mission-driven nonprofit, we join forces with grassroots activists, community groups, and social movements at risk. Working together, we strengthen their physical safety, digital resilience, and collective wellbeing. As a social impact consultancy, we help high-profile nonprofits and foundations manage risk and care for their teams and partners.

This dual approach allows us to work at every level of civil society, from the grassroots to the global.

We have scaled to meet a 66% surge in demand for our support over the past two years, with our international team now responding to 11 new cases every week. Last year, we:

Answered 575 calls for assistance across 100 countries.
Delivered over 6,000 hours of mentoring and accompaniment.
Trained over 1,000 activists in 112 holistic security workshops.
Whoever we partner with, we start with questions, not answers. Listening before speaking, understanding before acting. Together, we defend those who speak out.

We are expanding our diverse, inspired, and purpose-driven team. Will you join us as our new digital and information security consultant?

Role description

You will provide expert and tailored digital, information security, and technology advice and training to grassroots organisations and activists and their international partners at risk. You will help disrupt attacks and reprisals from capable and motivated adversaries.

You will be directly supporting these truth-tellers, changemakers, and risk takers by helping them resist, respond to, and recover from the security threats that they face. You will provide mentoring, technical support, and capacity sharing in a scalable and bespoke manner.

It is a challenging and rewarding role. It requires consultants to work across a broad range of countries, civil society actors, and rights and justice issues. You will be supported in this by experienced and knowledgeable colleagues and leaders in the digital and information security team and wider organisation.

Depending on your skills and experience, your primary responsibilities will include:

Working with at-risk human rights defenders to help them better understand their allies and adversaries, co-design the actions that they will take to reduce the risks to them and their colleagues, and agree what they will do should things go wrong.
Working with the boards and leadership teams of international nonprofits and foundations to develop strategies, policies and procedures, share knowledge and build up their capacity, and lead other information risk, privacy, and cybersecurity initiatives.
Working with teams within nonprofits to support digital safety or other digital initiatives that support their broader mission and risk management, allowing them to mature in their effective and safe use of technology and digital systems.
Reflecting our organisation’s values and liaising in a professional and friendly manner with the clients and recipients you work with, escalating any concerns or challenges to your line manager.
Being highly organised and taking ownership of any project management and administration duties for the projects that you are assigned to.
Sharing learnings with the team and providing input into our processes and procedures in order to help us continuously improve our support to clients and recipients as well as our own information security risk management.
The work of our team is broad, and we are aiming to build a diverse team with a range of skills and experience. You may be a good fit for our team even if you do not have a traditional information security background – we are particularly interested in talking with you if you meet the essential criteria for the role but have a less traditional career pathway!

Depending upon your background, you may have the opportunity to bring (or develop) skills and experience in a wide range of areas:

Technology change management and/or service management – helping our clients to mature their technology more broadly or providing direct support to implement digital safety recommendations.
Blended, ‘holistic’ crisis response and advice – working in close collaboration with specialists in physical safety, wellbeing, and other risk management domains.
Crisis or incident management, for instance developing or implementing incident response plans or supporting clients as a ‘breach coach’ or critical friend.
Carrying out privacy impact assessments, data protection analysis, and/or supporting teams to incorporate data protection principles or regulations into their work, perhaps drawing from inhouse or external work in data protection.
Delivering training or capacity sharing, for instance via security awareness work, digital security training, or other work with at-risk populations or user cohorts.
Measuring the effectiveness of the safeguards employed by nonprofits, grassroots defenders, or others – perhaps using one or more frameworks, such as the CIS Critical Controls, Cyber Essentials, ISO27k1 Suite, or Safetag, or leveraging another approach entirely.
Directly making technical changes with clients to implement safeguards across specific technical domains, such as endpoint management, and, the administration or implementation of cloud platforms, such as Microsoft 365 or Google Workspace.

Person specification

Essential
You will have experience in one or more of our in-demand skill and experience areas:
Experience working with or consulting for medium-sized or larger organisations with more complex governance, risk management, and technology challenges.
Native or strong/fluent French language skill, particularly if you have experience working with Francophone civil society or NGOs.
US-based and/or with demonstrable experience working with US-based civil society, particularly where at-risk.
Based in or have experience working in Eastern Partnership countries or responding to threat actors active in post-Soviet countries.
You will have considerable professional experience either:
building the capacity of international nonprofits and foundations in information security management and digital resilience, including control or capability-based assessment, security operations, relevant research, or other internal management practice; and/or
providing digital safety advice and training to human rights defenders, grassroots organisations, and social movements.
You will have strong, rounded knowledge of cybersecurity and information security risk management, including in contexts with determined or sophisticated threat actors.
You will be highly organised and possess strong project management skills.
You will be sensitive to the progressive and rights-based missions and diverse profiles of our clients and other stakeholders.
You will be a good listener and able to thoughtfully adapt your approach and style to suit different projects and stakeholders, in particular in low-resource settings and with counterparts who may not be specialists or technologists.
You will have good written and spoken English.

Desirable
You may have a proven track record of in one or more of:
Change management in the nonprofit sector.
Delivering training in-person and remotely to a diverse range of learners.
Engaging with senior leadership and board members.
Experience assessing and managing risk to people.
Using frameworks, such as CIS, NIST, PCI-DSS, or Cyber Essentials.
Working in an integrated way with other risk domains, such as physical security and wellbeing, as part of multidisciplinary teams.
You may have broader experience in data protection, privacy, technology, or digital rights.
You may have excellent written and spoken French, Spanish, Portuguese, Arabic, or other additional languages.
Terms and remuneration
We are a remote-first organisation, and this is a home-working role with some potential for international travel. We are looking for someone who wants to become part of our close-knit team and develop a long-term working relationship with us and our clients.

You will be properly onboarded and continually supported by empowering managers and highly-experienced colleagues. Your line manager will be James Eaton-Lee, our director of digital and information security.

We welcome applications from established consultants with a range of backgrounds, experiences and profiles, from anywhere in the world. The hours can vary from month to month, depending on demand and your availability, and the role may require occasional remote meetings outside of normal office hours depending on your location. Please note that this role is not suitable for those in full-time employment or currently searching for full-time employment.

For responsive work via our fully-funded assistance programme, you will typically need to be available to take on new assignments by agreement within 72 hours. Broader, proposal-driven work with clients is typically more flexible in terms of timing.

You will receive £73.50 per hour; ongoing mentoring, professional coaching, and training; and a package of wellbeing and mental health support, including an Employee Assistance Programme. Note, as a consultant, you will need to have or obtain your own professional indemnity insurance, including cover for work in the United States.

Diversity, equity, and inclusion

Open Briefing values diversity. We are committed to being equitable and inclusive, and to being a place where all can be their authentic selves. We therefore encourage applications from all who may meet the person specification and particularly from candidates who are from historically-marginalised communities and are underrecognised in our digital and information security team. This currently includes Black, Indigenous, and People of Colour and women and/or non-binary people. Please read our diversity, equity, and inclusion policy for more information.

Open Briefing is neuroinclusive, positive about mental health, and a Disability Confident Employer. We welcome applications from all candidates who meet the person specification. Please let us know in your cover letter how we can be the recruiter and employer that you need us to be.

We follow the gender pay gap reporting guidance from the UK government. We have completed an inclusive language analysis of the text of this advert, and checked it using the Gender Decoder tool.

Safeguarding

Open Briefing is dedicated to upholding the highest safeguarding standards, ensuring a culture of respect and protection for both our internal and external stakeholders. Our approach encompasses preventative measures and a strong response mechanism to any safeguarding concerns, guided by a survivor/victim-centred ethos. We enforce a strict no-tolerance policy towards any violations of safeguarding policies, ensuring that all concerns are addressed promptly and appropriately.

As part of our duty of care, it is our policy to identify and communicate any risks associated with the roles that we recruit for and set out how we mitigate them. Working directly with human rights defenders and others at risk means that some people in this role might experience threats to their wellbeing, including possibly stress, compassion fatigue, secondary trauma, and challenges maintaining a proper work-life balance. Our wellbeing policy and procedure set out the mechanisms and‬ resources we have put in place to mitigate and address these risks.

How to apply
To apply, please submit your application using our form here.

We will conduct interviews on a rolling basis until we recruit suitable candidates. If you are interested in this role, please submit your application as early as possible.