Cyber Security Officer at United Nations

Responsibilities

Within limits of delegated authority, the Cyber Security Officer will be responsible for the following duties:

• Design, implement, and monitor cyber security systems of controls in place to ensure that the Organization complies with applicable UN internal regulatory and compliance requirements.
• Provide guidance on designing, implementing, auditing, and conducting compliance testing activities to ensure adherence to cyber security compliance requirements.
• Provide guidance in the design and implementation of applicable cyber security frameworks, and ensure its policies, processes, procedures, and controls are appropriately mapped to relevant UN internal regulatory and compliance requirements.
• Continuously assess the efficiency and effectiveness of control systems, recommend necessary remediations and propose steps for improvements to ensure ongoing compliance.
• Develop the organisation's vulnerability management strategy.
• Develop procedures for the organisation on patch and vulnerability management, including automated patch deployment, assessment procedures, and procedures for remediation.
• Coordinate with appropriate teams to ensure prioritization of patching and mitigations to vulnerabilities.
• Contribute to the development of the organisation's cyber security strategy, policy, and procedures in consultation with senior management and legal team, as necessary.
• Provide guidance in the discussions regarding existing initiatives from security, compliance, and risk perspectives.
• Routinely monitor and validate information security controls to ensure compliance with mandatory requirements, identify irregularities, risks, and potential weaknesses, and use this insight to develop and implement best practices and process improvements for the organisation's information systems.
• Develop monitoring methods to track and evaluate compliance efforts, e.g., dashboards.
• Participate in review of the cyber security programmes in collaboration with risk and governance and provide advice to ensure their alignment with organisational requirements.
• Provide security guidance and advice to users and ICT specialists to ensure the cyber security of the organisation and achieve compliance.
• Coordinate with external security auditors and penetration testers to verify security of information systems and to identify and remedy vulnerabilities.
• Act as the main focal point for the coordination of required activities to address security vulnerabilities.
• Prepare concise reports based on penetration test outcomes to communicate remediation recommendations to relevant stakeholders.
• Train staff on security processes and procedures and actively participate in the security response process.
• Monitor compliance of identity and access management (IAM) with access control policy and relevant technical procedures.
• Keep abreast of the current and emerging security issues, risks, threats, vulnerabilities, and advancements in cyber security techniques and technologies.

Competencies

• PROFESSIONALISM: Knowledge in cyber security management controls including cyber security policies, standards, and processes. Knowledge of cyber security industry standards, methodologies and frameworks, and ability to adapt and integrate subsequent changes. Knowledge of current and emerging cyber security threat landscape, attack methodologies, tools, technologies, and mitigation / remediation methods. Skill in designing and implementing a cyber security strategy. Analytical thinking skills. Ability to design and implement risk management processes. Takes responsibility for incorporating gender perspectives and ensuring the equal participation of women and men in all areas of work. Shows pride in work and in achievements; Demonstrates professional competence and mastery of subject matter; Is conscientious and efficient in meeting commitments, observing deadlines, and achieving results; Is motivated by professional rather than personal concerns; Shows persistence when faced with difficult problems or challenges; Remains calm in stressful situations.
• PLANNING AND ORGANIZING: Develops clear goals that are consistent with agreed strategies. Identifies priority activities and assignments; Adjusts priorities as required. Allocates appropriate amount of time and resources for completing work. Foresees risks and allows for contingencies when planning. Monitors and adjusts plans and actions as necessary. Uses time efficiently.
• CLIENT ORIENTATION: Considers all those to whom services are provided to be "clients" and seeks to see things from clients' point of view. Establishes and maintains productive partnerships with clients by gaining their trust and respect. Identifies clients' needs and matches them to appropriate solutions. Monitors ongoing developments inside and outside the clients' environment to keep informed and anticipate problems. Keeps clients informed of progress or setbacks in projects. Meets timeline for delivery of products or services to client.

Education

• Advanced university degree (Master's degree or equivalent degree) in computer science, information systems, mathematics, statistics, information security, cyber security, or a related field. A first-level university degree in combination with two additional years of qualifying experience may be accepted in lieu of the advanced university degree. Successful completion of both degree and non-degree programs in data analytics, business analytics or data science programs is desirable.

Job - Specific Qualification

• An active certificate in Information Security (e.g., CISM, CISSP) or equivalent is desirable and may be accepted as substantiation of candidates’ proficiency in the requisite knowledge, skills, and abilities for this position.

Work Experience

• A minimum of seven years of progressively responsible experience using knowledge and skills indicated below with the phrase is required should be evident in the employment details in the application. Use of knowledge in cyber management control including cyber security policies, standards and processes are required. Use of knowledge of cyber security industry standards, methodology and frameworks, and ability to adapt and integrate subsequent changes is required. Use of skill in designing and implementing a cyber security strategy is desirable. 1 year or more of experience in data analytics or related area is desirable.

Languages

• English and French are the working languages of the United Nations Secretariat. For the position advertised, fluency in English is required. Knowledge of another official United Nations language is desirable. NOTE: "fluency equals a rating of "fluent" in all four areas (read, write, speak, understand) and " Knowledge of" equals a rating of " confident" in two of the four areas.