Interested in this profile? Speak directly to UNOPS at our upcoming online event – Women in Tech
Please note: this is a generic job description for a vacancy regularly open during the year but not currently.
Job categories: IT
Contract type: Fixed Term
Contract level: P2
Duration: 1 Year (renewable subject to funds availability and satisfactory performance)
Background Information – Job-specific
The UN is continuously targeted by cyberattacks and understanding how cybersecurity may affect the ability to deliver on its mandate is essential to be able to mitigate associated risks. OICT/GSD/GSAS is tasked to protect the geographically highly dispersed and diverse ICT environment of the organization from cyberattacks. In addition to the vast existing traditional infrastructure the ongoing migration of service to cloud computing providers, as well as the significantly increased reliance on mobile computing platforms poses severe challenges that require additional resources, and new and innovative approaches to ensure the organization is adequately protected. This applies to areas such as threat management, incident detection and response, vulnerability management as well as organizational resilience.
The activities of OICT/GSD/GSAS focus on policy development and oversight, cyber risk management, cyber threat intelligence, global monitoring and analytics, application and infrastructure vulnerability management.
Within delegated authority, the cybersecurity officer:
- Develops and maintains a formal cyber threat intelligence programme through the collection, correlation and analysis of global log events/information from various sources including cloud service providers to identify artefacts and patterns of suspicious activities, and methods used by adversaries targeting the organization;
- Maintains the list and monitors for presence of various indicators of compromise;
- Performs security reviews and vulnerability assessments of applications, web sites and infrastructure components;
- Performs research and evaluates new security technologies particularly in the area of mobile and cloud computing for potential deployment within organization’s environment;
- Responds to information security incidents;
- Contributes to the formulation of the policy and other supporting documents including procedures and guidelines;
- Performs other duties as assigned.
Impact of Results
Increased organization’s capacity to perform internal cyber security reviews; established and maintained global cyber threat and vulnerability management intelligence programmes; as well as increased incident response capabilities.
Integrity and inclusion: Treats all individuals with respect; responds sensitively to differences and encourages others to do the same. Upholds organizational and ethical norms. Maintains high standards of trustworthiness. Role model for diversity and inclusion.
Leading Self and Others: Acts as a positive role model contributing to the team spirit. Collaborates and supports the development of others. For people managers only: Acts as positive leadership role model, motivates, directs and inspires others to succeed, utilizing appropriate leadership styles.
Partnering: Demonstrates understanding of the impact of own role on all partners and always puts the end beneficiary first. Builds and maintains strong external relationships and is a competent partner for others (if relevant to the role).
Result orientation: Efficiently establishes an appropriate course of action for self and/or others to accomplish a goal. Actions lead to total task accomplishment through concern for quality in all areas. Sees opportunities and takes the initiative to act on them. Understands that responsible use of resources maximizes our impact on our beneficiaries.
Agility: Open to change and flexible in a fast paced environment. Effectively adapts own approach to suit changing circumstances or requirements. Reflects on experiences and modifies own behavior. Performance is consistent, even under pressure. Always pursues continuous improvements.
Solution Focused: Evaluates data and courses of action to reach logical, pragmatic decisions. Takes an unbiased, rational approach with calculated risks. Applies innovation and creativity to problem-solving.
Effective Communication: Expresses ideas or facts in a clear, concise and open manner. Communication indicates a consideration for the feelings and needs of others. Actively listens and proactively shares knowledge. Handles conflict effectively, by overcoming differences of opinion and finding common ground.
- Advanced university degree (Master’s degree or equivalent) in computer science, information systems, information security or related field.
- A first-level university degree with minimum of 2 years of relevant work experience may be accepted in liue of the advanced university degree.
- Certifications in Information Security (such as CISSP, GIAC, CRISC) are an advantage.
- A minimum of two years of experience in performing security reviews and vulnerability assessments of applications, web sites and infrastructure components.
- A minimum of one year of experience in performing correlation and analysis of log information from various sources.
- A minimum of two year of experience in responding to information security incidents.
- A minimum of one year of experience in developing information security policy and other supporting documents.
- English and French are the working languages of the United Nations Secretariat. For this position, fluency in English is required; Knowledge of another official UN language is an advantage.
Contract type, level and duration
Contract type: Staff
Contract level: P2
Contract duration: One year initially, renewable subject to satisfactory performance and funding availability