The Rainforest Alliance is creating a more sustainable world by using social and market forces to protect nature and improve the lives of farmers and forest communities. To achieve our mission, we partner with diverse allies around the world to drive positive change across global supply chains and in many of our most critically important natural landscapes.

Our alliance spans 70 countries and includes farmers and forest communities, companies, governments, civil society, and millions of individuals. Together we work to protect forests and biodiversity, take action on climate, and promote the rights and improve the livelihoods of rural people.

As an international nonprofit organization with more than 30 years of experience in sustainability transformation, we understand that the social and economic well-being of rural communities is tightly connected to ecosystem health. This knowledge has shaped our rigorous programs to advance sustainable land-use and commodity production.

At the Rainforest Alliance we combat climate change, protect forests and biodiversity, promote human rights, and improve livelihoods. The enormity of the social and environmental challenges we are facing requires working together in a broad alliance. This is why we bring farmers, forest communities, companies, and consumers together to change the way the world produces, sources, and consumes.

Why  

To protect nature and improve lives it’s becoming increasingly urgent that we approach the way we use our land and produce food and other products in more sustainable ways. For this to succeed we need to fundamentally change the way that businesses operate and source, and the choices we all make as consumers.

How  

Our growing global alliance aims to transform our relationship with our natural resources and each other, to create a better future for people and nature together.

The Rainforest Alliance encourages diversity and inclusion across the global organization. With this commitment to diversity, we are proud to be an equal opportunity employer and do not discriminate on the basis of gender, race, color, ethnicity, religion, sexual orientation, gender identity, ages, disability and any other protected group.

Position summary:

The security specialist within RA is responsible for all things related to cyber security within the company. You are the primary contact person within RA, but also the go-to person for questions from outside of RA on that subject. You ensure security policies are being created (by you or maybe others), remain up-to-date, fully implemented, complied with throughout RA and tested if needed. This means you work with colleagues from both IT and business departments in order for RA to be compliant to the policies and acts responsibly towards all data and other resources entrusted to us by our employees, partners and clients. You will give asked and unasked advice on all matters related to cyber security and are not afraid to get your hands dirty and perform many operational and project leader like activities to move RA forward.

You will be working in a high-pressure environment within a fast growing and fast-paced global organization. And you are at the right place if you enjoy getting people to cooperate and comply without being in a hierarchical position of strength.

Responsibilities:

• Works to support Enabling Tech department in all security activities, e.g. security assessments, pen tests, due diligence questionnaires, etc and makes sure proper follow up is given to the outcomes by yourself or others.
• Drafts and implements security related policies and procedures within RA to ensure compliance with the company’s control requirements manual or related documentation and other compliance activities.
• Serves as a liaison for the Dir Tech for all security issues.
• Supports Dir Tech to oversee all systems (including Cloud) and applications to establish proper controls. Works with IT and business teams to monitor security alerts and mitigate security issues in a timely matter.
• Helps to build a Security strategy for RA and create a cyber security year plan and executes that pro-actively.
• Monitors systems usage to confirm that employees have the proper level of information access.
• Investigates improper use of data and/or devices, reports violations to the Dir Tech and ensures violations are solved.
• Conducts information systems audits to ensure system information is secure from breach and unauthorized access, and ensures follow up if needed.
• Works with IT and business teams in planning and conducting user training to provide overviews of systems security and improves security efficiency.
• Performs other related cyber security duties as needed by RA and/or assigned.