Cybersecurity Officer (Security Governance) At International Computing Centre

The UNICC workforce consists of many diverse nationalities, cultures, languages, and opinions. UNICC seeks to sustain and strengthen this diversity by ensuring equal opportunity and an inclusive working environment for its entire workforce. Applications are encouraged from all qualified candidates without distinction on grounds of race, ethnicity, sex, national origin, age, religion, disability, sexual orientation and gender identity.

Purpose of the Position:

The Cybersecurity Officer will assist and support client organizations in establishing, implementing, maintaining and continually improving information security controls to ensure that information assets are adequately protected. The Officer will also be responsible for providing active support with Cybersecurity Governance practice at UNICC.

The Cybersecurity Officer will provide services to client organizations independently or under light supervision.

Objectives of the Programme:

The objective of the Centre is to provide trusted ICT services and digital business solutions to its Clients and Partner Organizations.

Main duties and responsibilities

The incumbent will work under the direct supervision and guidance of the of Head, Cybersecurity Assurance Unit (CSGA) within the Cybersecurity Division (CS) and in close collaboration with other team members among the Division. The incumbent could be requested to do any others tasks of similar level in related fields. The incumbent will be required to:

Develop and enhance an information security management framework based on the ISO 27000 standards
Develop, maintain and publish up-to-date information security policies, standards and guidelines
Oversee the approval, training, and dissemination of security policies and practices
Create, communicate and implement the process for risk management, including the assessment and treatment of identified risks. Work directly with business units and stakeholders throughout the organization on identifying acceptable levels of residual risk. Report and oversee treatment efforts
Build regular reporting/dashboards on the current status of the cybersecurity programme to senior management and business units as part of a strategic enterprise risk management programme
Help raise cybersecurity and risk management awareness for all employees, contractors and approved system users
Provide active support during security incidents and events that affect organizational assets, including intellectual property, sensitive data and the organization’s reputation
Provide direction, support and in-house consulting in effective disaster recovery policies and standards. Coordinate the development of implementation plans and procedures to ensure that business-critical services are recovered in case of a security event
Provide strategic risk guidance for IT projects, including the evaluation and recommendation of technical controls
Ensure that security programs are in compliance with relevant rules, regulations, policies and standards to minimize or eliminate risks and audit findings
Monitor the external threat environment for emerging threats, and advise relevant stakeholders on the appropriate courses of action
Perform technical security assessments and develop strategies for remediating vulnerabilities and risks identified
Work closely with other members of UNICC’s cybersecurity team to develop and deliver new and existing cybersecurity services

Other: Provide other ad hoc support either within the team or in other teams as required – this includes the participation in special projects or support to service delivery for short period of time on a part-time or full time basis upon request from the senior management

Recruitment Profile

Experience and Skills required:

Essential:

At least five (5) years of experience in the cybersecurity area
Ability to understand technical and business aspects of IT risk, and to communicate those risks to business and technical units so that the organization can make informed decisions regarding appropriate levels of information security control
Strong analytical and problem-solving skills
Ability to act calmly and competently in high-pressure, high-stress situations
Excellent written and verbal communication skills, interpersonal and collaborative skills
High level of personal integrity, as well as the ability to professionally handle confidential matters, and show an appropriate level of judgment and maturity
High degree of initiative, dependability and ability to work with little supervision

Desirable:

Experience in achieving and maintaining ISO 27001 certification
Project management skills and ability to manage multiple projects under strict timelines

Education:

Essential:

First university degree in computer science, information systems, mathematics, statistics or related field
Professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Cloud Security Professional (CCSP), ISO 27001 lead implementer/auditor, or other similar credentials

Desirable:

Master’s degree or equivalent experience in computer science, information systems, mathematics, statistics or related field

Languages:

English: Expert knowledge is required
Knowledge of another official United Nations language is an advantage

UNICC Global Competencies:

Teamwork: Develops and promotes effective relationships with colleagues and team members. Deals constructively with conflicts.
Communicating: Expresses oneself clearly in conversations and interactions with others; listens actively. Produces effective written communications. Ensures that information is shared.
Respecting and promoting individual and cultural differences: Demonstrates the ability to work constructively with people of all backgrounds and orientations. Respects differences and ensures that all can contribute.
Knowing and managing yourself: Manages ambiguity and pressure in a self-reflective way. Uses criticism as a development opportunity. Seeks opportunities for continuous learning and professional growth.
Producing results: Produces and delivers quality results. Is action oriented and committed to achieving outcomes.
Setting an example: Acts within UNICC’s / WHO’s professional, ethical and legal boundaries and encourages others to adhere to these. Behaves consistently in accordance with clear personal ethics and values

Other Information

Compensation:

Annual Salary Estimation (net of tax at single rate):

Brindisi (Italy), including post adjustment (26,0% on March 2023): US$ 78,991.
Rome (Italy), including post adjustment (32,0% on March 2023): US$ 82,753.
Valencia (Spain), including post adjustment (30,0% on March 2023): US$ 81,499.

UNICC also offers generous leave and absence allowances, flexible working hours, overtime compensation, teleworking, access to training, and depending on eligibility other benefits such as relocation grant, dependency allowance, language allowance, or education grant.

Closing date for applications:

Applications will be accepted until midnight (Geneva Time) on 14 April 2023.

Notes:

Technical and/or personality tests may be carried out as part of the selection process
Only short-listed candidates will be contacted
Though you may not be selected for this advertised position, the UNICC will keep your application in a roster if your profile is deemed to be of potential interest for the Centre. You may thus be solicited by our HR department to participate in an interview for another position

* For UNICC staff members who do not meet the minimum educational qualifications, please refer to the applicable WHO e-Manual Annex 6 – Guidelines on Standard Minimum Experience Exposure and Education Requirements

For applications to be valid, they must contain a motivation letter and the filled Personal History Form.