National NIST Certification Officer

The candidates MUST have a work authorization in the US.

Core Functions / Responsibilities:

1. Examine existing information security framework in IOM Resettlement Support Centers (RSCs Examine existing information security framework in IOM Resettlement Support Centers (RSCs) against NIST 800-53 certification standards and donor requirements, identifying gaps in compliance.

2. Produce monthly gap reports for each RSC and business area.

3. Provide training to newly hired NIST focal points in each IOM RSC in how to develop and maintain NIST control documentation and follow up on risk mitigation.

4. Communicate effectively and regularly with focal points in each RSC for addressing gaps and mitigating identified risks.

5. In coordination with RSC management and technical focal points, produce NIST 800-53 control documentation covering each RSC hub and office.

6. Compile and produce quarterly reports on the status of the USRAP information security framework, including incidents, unaddressed gaps, remediation plans, new controls introduced, documentation completed and status of audits.

7. Assist the USRAP Data Integrity and Reports Officer with coordinating the implementation of USRAP information security requirements, NIST controls and external audits with IOM ICT, RSC management, department focal points in IOM and technical focal points for the donor.

8. Offer expertise, written and oral, in interpretation of security controls, risk and overall results to business units and USRAP management as needed.

9. Contribute to Authorization to Operate documentation.

10. In cooperation with the ICT security team, perform functional, operational and vulnerability testing of the USRAP information security infrastructure.

11. Maintain and ensure the confidentiality and integrity of all personnel-related information by implementing control procedures in line with IOM standards of conduct and data protection rules.

12. Perform other related functions as required.

Required Qualifications and Experience:

Education

· Bachelor’s degree in computer science, information systems, cyber security, computer engineering, or other related discipline.

· Certificates of completion of auditing courses in information security.

Experience

· A minimum of three years of relevant experience in information security, information security auditing, or security documentation.

· Experience with government or intergovernmental organizations is an advantage.

Skills

· Strong analytical and technical skills – ability to assess information security infrastructure with great attention to detail.

· Familiarity with enterprise information technology infrastructure such as Azure, Microsoft 365, cloud hosting and VPN.

· Excellent communication, interpersonal and writing skills.

· Excellent computer skills and proficiency in Microsoft Office applications.

• Relevant experience in IOM policies and procedures would be an advantage.

Languages

Fluency in English.

Required Competencies

The incumbent is expected to demonstrate the following values and competencies:

Values – all IOM staff members must abide by and demonstrate these three values:

• Inclusion and respect for diversity: respects and promotes individual and cultural differences; encourages diversity and inclusion wherever possible.
• Integrity and transparency: maintain high ethical standards and acts in a manner consistent with organizational principles/rules and standards of conduct.
• Professionalism: demonstrates ability to work in a composed, competent, and committed manner and exercises careful judgment in meeting day-to-day challenges.

Core Competencies – behavioral indicators level 2

• Teamwork: develops and promotes effective collaboration within and across units to achieve shared goals and optimize results.
• Delivering results: produces and delivers quality results in a service-oriented and timely manner; is action oriented and committed to achieving agreed outcomes.
• Managing and sharing knowledge: continuously seeks to learn, share knowledge and innovate.
• Accountability: takes ownership for achieving the Organization’s priorities and assumes responsibility for own action and delegated work.
• Communication: encourages and contributes to clear and open communication; explains complex matters in an informative, inspiring and motivational way.