Security & Handling Officer

Position: Security & Handling Officer — The Global Risks Forum (GRF) / Nexus Governance System
Type: Handling-class governance, controlled convening, and information security stewardship role (non-executive; strictly non-executing)
Board: Officers may be considered for Board/Trustee nomination after serving in good standing (where permitted by governance rules and independence constraints)
Location: International (distributed, hybrid)
Term: 3 Years
Time commitment: ~15–30 hours per month (build-year cadence; surge periods around controlled sessions, incidents, and quarterly publication cycles)
Apply here: https://therisk.global/work/job/security-handling-officer/

Context and Purpose

Whole-of-society standards and recognition work frequently touches sensitive information: vulnerabilities, critical infrastructure context, locality-specific risk exposure, disputed claims, and reputationally market-sensitive matters. The fastest way to destroy trust is a handling failure—leaks, unsafe publication, uncontrolled drafts, weak access controls, or unclear rules about what can be shared and with whom.

The Global Risks Forum (GRF) stewards the standards-and-recognition pillar of the Nexus governance system. To do that credibly, it must operate a strict handling regime: clear handling classes, least-privilege distribution, controlled sessions when required, disciplined publication posture, and repeatable security practices that allow rigorous work without creating new risks.

The Security & Handling Officer is accountable for the handling spine of GRF: defining and enforcing handling rules, access governance, controlled convening protocols, incident routing, and safe publication controls—so GRF can do high-integrity work under scrutiny without leakage or information hazards. This is governance stewardship—not execution. The role does not operate external platforms, select vendors, steer procurement, or provide security services to third parties; it sets and enforces GRF handling requirements and controls.

Key Responsibilities

• Maintain GRF handling-class framework: classification rules, labeling standards, access requirements, storage/retention posture, and distribution constraints.
• Define and enforce “public-safe vs restricted” publication boundaries, including redaction logic and “do not publish” criteria for information hazards.
• Ensure handling discipline is practical: clear instructions that participants can follow, with training and checklists.
• Operate access governance: least-privilege access, role-based permissions, need-to-know distribution, and time-bound access for sensitive dockets.
• Ensure controlled sessions are executed correctly: participant vetting, secure channels, no unauthorized recording, and disciplined minutes/outputs handling.
• Prevent informal leakage: draft control, secure collaboration rules, and distribution list hygiene.
• Coordinate incident and breach-response routing for governance materials: detection, containment, investigation support, corrective actions, and notification posture consistent with policy.
• Maintain “stop-the-line” authority where handling risks are unacceptable: pause publication, pause deliberation, or re-scope distribution until controls are adequate.
• Maintain periodic control tests and drills (tabletops) for likely failure modes: mis-sent materials, compromised accounts, unauthorized recordings, and sensitive localization leaks.
• Coordinate with Records & Register and Secretariat functions to ensure handling controls are embedded in the governance production system (calendars, pre-reads, minutes, archives, publication releases).
• Ensure dispute materials and protected participation channels are handled safely: confidentiality, anti-retaliation posture, and careful routing.
• Ensure external communications and badge/claims use do not reveal restricted information or imply access that should not exist.
• Produce quarterly handling posture reports: incidents, near misses, control gaps, training completion, and improvement actions.
• Support membership growth and seat completion by ensuring onboarding includes handling training and role-appropriate access maturity before sensitive participation.

Compensation, Remuneration, and Expenses

This role is designed to be trust-maximizing and capture-resistant.

• Governance authority is not paid. Compensation is never linked to votes, recognition outcomes, enforcement actions, dispute results, standards outcomes, market outcomes, or influence. No success fees. No pay-to-recognize.
• Operational workload may be compensated (where permitted). Handling governance can involve operational work (training, control testing, incident drills). Where compensation is provided, it must be scoped, time-bounded, deliverable-based, independently approved, and auditable—and never linked to recognition outcomes or enforcement decisions.
• Expenses may be reimbursed. Reasonable, documented, pre-approved out-of-pocket expenses required for the role may be reimbursed in accordance with policy.
• Standing and independence apply. Continued service depends on remaining in good standing, meeting disclosure obligations, and maintaining strict neutrality and handling discipline.

Opportunities for Leaders to Join

• Build the handling and controlled convening spine that makes sensitive standards-and-recognition work safe and durable.
• Prevent information hazards that can harm communities, institutions, and credibility—while enabling rigorous high-scrutiny governance.
• Create repeatable controls and training that scale across regions and participant groups without degrading safety.
• Strong performance positions leaders for senior governance stewardship roles (without implying entitlement).

Leaders Profile

We are seeking senior leaders (typically 12–20+ years) with credibility across one or more of:

• Security governance, information governance, handling/classification regimes, or controlled convening in high-trust environments.
• Operational resilience and incident management for sensitive institutional processes.
• Privacy, data governance, and safe-publication frameworks for risk-sensitive information.
• Governance of security controls in distributed organizations.

Capabilities and Mindset

• Risk-aware pragmatism: designs controls people can actually follow.
• High discretion and calm judgment: can stop publication or pause deliberation when needed.
• Strong coordination: embeds handling controls into records, secretariat, and dispute workflows.
• Training mindset: builds simple checklists, briefings, and drills that improve behavior under pressure.
• Neutral steward: avoids using security as a power lever; applies rules fairly and consistently.

Eligibility, Membership, and Independence

• Holds a primary role outside the officer seat (unless otherwise permitted) and can commit sustained time at the expected cadence.
• Willing to fully disclose relevant interests and comply with conflict-of-interest and recusal requirements.
• Not placed in a situation where service creates unmanageable conflicts or compromises neutrality.
• Accepts strict confidentiality, handling discipline, and communications integrity expectations.
• Commits to remain in good standing (participation, disclosures, and applicable contribution obligations).