The specific objective of this position is to perform the work to strengthen the Secretariat’s Information Security Programme by performing the work in the areas of security architecture, drafting and reviewing policies and supporting documents, maintaining the Information Security Management System of the office, conducting security reviews of systems and applications, performing information risk assessments, and responding to security incidents.
Within limits of delegated authority, the Information Security Officer will be responsible for the following duties:
- Perform review and development of information security policies, related standards, procedures, and guidelines in support of the secretariat-wide ICT working group;
- Contribute to the consistent implementation of Secretariat-wide and local information security policies and procedures;
- Maintain the Information Security Management System within the Office of Information and Communications Technologies;
- Participate in the review of operating procedures;
- Support project owners in the definition of information security requirements;
- Provide expert advice on the security architecture and configuration of complex systems;
- Participate in quality assurance activities by validation the correct implementation of security controls before systems enter production;
- Provide information security training to end users, project owners and ICT professionals, and contribute to Secretariat-wide initiatives to raise awareness of information security issues;
- Monitor various resources for information security threats, perform analysis of threat information, and respond to detected threats;
- Analyze root causes of significant information security incidents and propose additional preventive controls and operational improvements (“lessons learned”);
- Monitor compliance with information security policies and standards;
- Perform and/or oversee regular penetration tests for systems and applications;
- Conduct information risks assessments, identify and recommend additional risk mitigation measures;
- Communicate risks to business owners and document risk acceptance;
- Coordinate audit requests and track follow up on recommendations;
- Keep abreast of developments in the field and shares security alerts with affected operational functions and partner organisations.
- PROFESSIONALISM: Knowledge in the field of information security and information risk management. Knowledge of the ISO27000 series of standards, ITIL and CobiT frameworks, the OCTAVE risk management methodology, MITRE ATT&CK framework, cloud security concepts, or the OWASP web application testing methodology; Good knowledge of organization’s information infrastructure and IT strategy as it relates to user area(s); Shows pride in work and in achievements; demonstrates professional competence and mastery of subject matter; is conscientious and efficient in meeting commitments, observing deadlines and achieving results; is motivated by professional rather than personal concerns; shows persistence when faced with difficult problems or challenges; remains calm in stressful situations. Takes responsibility for incorporating gender perspectives and ensuring the equal participation of women and men in all areas of work. Actively nurtures existing contacts by pro-actively sharing information, best practices, and respective interests and areas of expertise.
- COMMUNICATION: Speaks and writes clearly and effectively; listens to others, correctly interprets messages from others and responds appropriately; asks questions to clarify, and exhibits interest in having two-way communication; tailors language, tone, style and format to match audience; demonstrates openness in sharing information and keeping people informed.
- COMMITMENT TO CONTINUOUS LEARNING: Keeps abreast of new developments in own occupation/profession; actively seeks to develop oneself professionally and personally; contributes to the learning of colleagues and subordinates; shows willingness to learn from others; seeks feedback to learn and improve.
An advanced university degree (Master’s or Doctorate degree, or equivalent) in computer science, information systems, mathematics, statistics or related fields is required. A first-level or advanced degree (Bachelor’s or equivalent) in the specified fields of studies with two additional years of relevant work experience may be accepted in lieu of the advanced university degree. Certification and/or training in Information Security (such as GIAC’s Security Essentials, CISM, CISSP) is desirable.. ITIL Foundation v3, and PRINCE2 certificate or similar is desirable.
A minimum of five years of progressively responsible experience in planning, design, development, implementation and maintenance of computer information systems or related area is required.
Experience in one or more aspects of the implementation of an information security programme including threat and incident management is desirable.
Knowledge of and experience with the ISO27000, ITIL and CobiT, MITRE ATT&CK frameworks, cloud security, and/or the OWASP web application testing methodology is desirable.
Familiarity with the project management framework of the United Nations Secretariat or other International Organization is an advantage.
English and French are the working languages of the UN Secretariat. For the position advertised, fluency in English is required; knowledge of French is desirable. Knowledge of another UN official language is an advantage.
Evaluation of qualified candidates may include an assessment exercise which may be followed by a competency-based interview.
Appointment or assignment against this position is for an initial period of one year.
For this position, applicants from the following Member States, which are unrepresented or underrepresented in the UN Secretariat as of 30 April 2021, are strongly encouraged to apply: Afghanistan, Andorra, Angola, Antigua and Barbuda, Bahrain, Belize, Brunei Darussalam, Cabo Verde, Cambodia, China, Comoros, Cuba, Democratic People’s Republic of Korea, Djibouti, Dominica, Equatorial Guinea, Gabon, Grenada, Guinea-Bissau, Japan, Kiribati, Kuwait, Lao People’s Democratic Republic, Lesotho, Liberia, Libya, Liechtenstein, Luxembourg, Marshall Islands, Federated States of Micronesia, Monaco, Mozambique, Namibia, Nauru, Norway, Oman, Palau, Papua New Guinea, Qatar, Republic of Korea, Russian Federation, Saint Lucia, Saint Vincent and the Grenadines, San Marino, Sao Tome and Principe, Saudi Arabia, Solomon Islands, Somalia, South Sudan, Suriname, Timor-Leste, Turkey, Turkmenistan, Tuvalu, United Arab Emirates, United States of America, Vanuatu, Bolivarian Republic of Venezuela.
At the United Nations, the paramount consideration in the recruitment and employment of staff is the necessity of securing the highest standards of efficiency, competence and integrity, with due regard to geographic diversity. All employment decisions are made on the basis of qualifications and organizational needs. The United Nations is committed to creating a diverse and inclusive environment of mutual respect. The United Nations recruits and employs staff regardless of gender identity, sexual orientation, race, religious, cultural and ethnic backgrounds or disabilities. Reasonable accommodation for applicants with disabilities may be provided to support participation in the recruitment process when requested and indicated in the application.
Pursuant to section 7.11 of ST/AI/2012/2/Rev.1, candidates recruited through the young professionals programme who have not served for a minimum of two years in the position of their initial assignment are not eligible to apply to this position.
United Nations Considerations
According to article 101, paragraph 3, of the Charter of the United Nations, the paramount consideration in the employment of the staff is the necessity of securing the highest standards of efficiency, competence, and integrity. Candidates will not be considered for employment with the United Nations if they have committed violations of international human rights law, violations of international humanitarian law, sexual exploitation, sexual abuse, or sexual harassment, or if there are reasonable grounds to believe that they have been involved in the commission of any of these acts. The term “sexual exploitation” means any actual or attempted abuse of a position of vulnerability, differential power, or trust, for sexual purposes, including, but not limited to, profiting monetarily, socially or politically from the sexual exploitation of another. The term “sexual abuse” means the actual or threatened physical intrusion of a sexual nature, whether by force or under unequal or coercive conditions. The term “sexual harassment” means any unwelcome conduct of a sexual nature that might reasonably be expected or be perceived to cause offence or humiliation, when such conduct interferes with work, is made a condition of employment or creates an intimidating, hostile or offensive work environment, and when the gravity of the conduct warrants the termination of the perpetrator’s working relationship. Candidates who have committed crimes other than minor traffic offences may not be considered for employment.
Due regard will be paid to the importance of recruiting the staff on as wide a geographical basis as possible. The United Nations places no restrictions on the eligibility of men and women to participate in any capacity and under conditions of equality in its principal and subsidiary organs. The United Nations Secretariat is a non-smoking environment.
The paramount consideration in the appointment, transfer, or promotion of staff shall be the necessity of securing the highest standards of efficiency, competence, and integrity. By accepting an offer of appointment, United Nations staff members are subject to the authority of the Secretary-General and assignment by him or her to any activities or offices of the United Nations in accordance with staff regulation 1.2 (c). In this context, all internationally recruited staff members shall be required to move periodically to discharge new functions within or across duty stations under conditions established by the Secretary-General.
Applicants are urged to follow carefully all instructions available in the online recruitment platform, inspira. For more detailed guidance, applicants may refer to the Manual for the Applicant, which can be accessed by clicking on “Manuals” hyper-link on the upper right side of the inspira account-holder homepage.
The evaluation of applicants will be conducted on the basis of the information submitted in the application according to the evaluation criteria of the job opening and the applicable internal legislations of the United Nations including the Charter of the United Nations, resolutions of the General Assembly, the Staff Regulations and Rules, administrative issuances and guidelines. Applicants must provide complete and accurate information pertaining to their personal profile and qualifications according to the instructions provided in inspira to be considered for the current job opening. No amendment, addition, deletion, revision or modification shall be made to applications that have been submitted. Candidates under serious consideration for selection will be subject to reference checks to verify the information provided in the application.
Job openings advertised on the Careers Portal will be removed at 11:59 p.m. (New York time) on the deadline date.
THE UNITED NATIONS DOES NOT CHARGE A FEE AT ANY STAGE OF THE RECRUITMENT PROCESS (APPLICATION, INTERVIEW MEETING, PROCESSING, OR TRAINING). THE UNITED NATIONS DOES NOT CONCERN ITSELF WITH INFORMATION ON APPLICANTS’ BANK ACCOUNTS.
To help us with our recruitment effort, please indicate in your cover letter where (ngotenders.net) you saw this job posting.