United Nations Mission in South Sudan (UNMISS)
tendersglobal.net
JOB DESCRIPTION
Org. Setting and Reporting
The United Nations Office at Nairobi (UNON) is the UN headquarters in Africa and the Director-General of UNON is the representative of the Secretary-General in Kenya. UNON supports programme implementation of the United Nations Environment Programme (UNEP), the United Nations Human Settlements Programme (UN-Habitat), and the Resident Coordination System (RCS) globally, as well as other UN offices in Kenya, by providing administrative, security, conference and information services (www.unon.org). The incumbent of this Nairobi-based position will primarily report to the Chief, Information Communications and Technology Services (ICTS), Division of Administrative Services (DAS), United Nations Office at Nairobi (UNON). Additional supervision will be provided by the New York-based Chief, Cybersecurity Service (CSS), Office of Information and Communications Technology (OICT). The Cyber Security Officer is responsible for conducting evaluations/assessments of information and communication technologies (ICT) systems and projects to determine compliance with established cyber security policies and procedures. The Cyber Security Officer recommends, reviews, and validates information security controls and manages the planning and implementation of projects and operational activities that are related to information security compliance and information risk management. The Office of Information and Communications Technology (OICT) is leading the digital transformation of the Organization to enable a better, safer, more sustainable future through secure, reliable, and innovative technology solutions.
Responsibilities
Within limits of delegated authority, the Cyber Security Officer will be responsible for the following duties: a. Design, implement, and monitor cyber security systems of controls in place to ensure that the Organization complies with applicable UN internal regulatory and compliance requirements. b. Provide guidance on designing, implementing, auditing, and conducting compliance testing activities to ensure adherence to cyber security compliance requirements. c. Provide guidance in the design and implementation of applicable cyber security frameworks, and ensure its policies, processes, procedures, and controls are appropriately mapped to relevant UN internal regulatory and compliance requirements. d. Continuously assess the efficiency and effectiveness of control systems, recommend necessary remediations and propose steps for improvements to ensure ongoing compliance. e. Develop the organisation’s vulnerability management strategy. f. Develop procedures for the organisation on patch and vulnerability management, including automated patch deployment, assessment procedures, and procedures for remediation. g. Coordinate with appropriate teams to ensure prioritization of patching and mitigations to vulnerabilities. h. Contribute to the development of the organisation’s cyber security strategy, policy, and procedures in consultation with senior management and legal team, as necessary. i. Provide guidance in the discussions regarding existing initiatives from security, compliance, and risk perspectives. j. Routinely monitor and validate information security controls to ensure compliance with mandatory requirements, identify irregularities, risks, and potential weaknesses, and use this insight to develop and implement best practices and process improvements for the organisation’s information systems. k. Develop monitoring methods to track and evaluate compliance efforts, e.g., dashboards. l. Participate in review of the cyber security programmes in collaboration with risk and governance and provide advice to ensure their alignment with organisational requirements. m. Provide security guidance and advice to users and ICT specialists to ensure the cyber security of the organisation and achieve compliance. n. Coordinate with external security auditors and penetration testers to verify security of information systems and to identify and remedy vulnerabilities. o. Act as the main focal point for the coordination of required activities to address security vulnerabilities. p. Prepare concise reports based on penetration test outcomes to communicate remediation recommendations to relevant stakeholders. q. Train staff on security processes and procedures and actively participate in the security response process. r. Monitor compliance of identity and access management (IAM) with access control policy and relevant technical procedures. s. Keep abreast of the current and emerging security issues, risks, threats, vulnerabilities, and advancements in cyber security techniques and technologies.
Competencies
PROFESSIONALISM: Knowledge in cyber security management controls including cyber security policies, standards, and processes. Knowledge of cyber security industry standards, methodologies and frameworks, and ability to adapt and integrate subsequent changes. Knowledge of current and emerging cyber security threat landscape, attack methodologies, tools, technologies, and mitigation / remediation methods. Skill in designing and implementing a cyber security strategy. Analytical thinking skills. Ability to design and implement risk management processes. Takes responsibility for incorporating gender perspectives and ensuring the equal participation of women and men in all areas of work. Shows pride in work and in achievements; Demonstrates professional competence and mastery of subject matter; Is conscientious and efficient in meeting commitments, observing deadlines, and achieving results; Is motivated by professional rather than personal concerns; Shows persistence when faced with difficult problems or challenges; Remains calm in stressful situations. PLANNING AND ORGANIZING: Develops clear goals that are consistent with agreed strategies. Identifies priority activities and assignments; Adjusts priorities as required. Allocates appropriate amount of time and resources for completing work. Foresees risks and allows for contingencies when planning. Monitors and adjusts plans and actions as necessary. Uses time efficiently. CLIENT ORIENTATION: Considers all those to whom services are provided to be “clients” and seeks to see things from clients’ point of view. Establishes and maintains productive partnerships with clients by gaining their trust and respect. Identifies clients’ needs and matches them to appropriate solutions. Monitors ongoing developments inside and outside the clients’ environment to keep informed and anticipate problems. Keeps clients informed of progress or setbacks in projects. Meets timeline for delivery of products or services to client.
Education
Advanced university degree (Master’s degree or equivalent degree) in computer science, information systems, mathematics, statistics, information security, cyber security, or a related field. A first-level university degree in combination with two additional years of qualifying experience may be accepted in lieu of the advanced university degree. Successful completion of both degree and non-degree programs in data analytics, business analytics or data science programs is desirable.
Job – Specific Qualification
An active certificate in Information Security (e.g., CISM, CISSP) or equivalent is desirable and may be accepted as substantiation of candidates’ proficiency in the requisite knowledge, skills, and abilities for this position.
Work Experience
A minimum of seven years of progressively responsible experience using knowledge and skills indicated below with the phrase is required should be evident in the employment details in the application. Use of knowledge in cyber management control including cyber security policies, standards and processes are required. Use of knowledge of cyber security industry standards, methodology and frameworks, and ability to adapt and integrate subsequent changes is required. Use of skill in designing and implementing a cyber security strategy is desirable. 1 year or more of experience in data analytics or related area is desirable.
Languages
English and French are the working languages of the United Nations Secretariat. For the position advertised, fluency in English is required. Knowledge of another official United Nations language is desirable. NOTE: “fluency equals a rating of “fluent” in all four areas (read, write, speak, understand) and ” Knowledge of” equals a rating of ” confident” in two of the four areas.
Assessment
Evaluation of qualified candidates may include an assessment exercise which may be followed by competency-based interview.
Special Notice
Appointment or assignment against this position is for an initial period of one year. At the United Nations, the paramount consideration in the recruitment and employment of staff is the necessity of securing the highest standards of efficiency, competence and integrity, with due regard to geographic diversity. All employment decisions are made on the basis of qualifications and organizational needs. The United Nations is committed to creating a diverse and inclusive environment of mutual respect. The United Nations recruits and employs staff regardless of gender identity, sexual orientation, race, religious, cultural and ethnic backgrounds or disabilities. The United Nations Secretariat is committed to achieving 50/50 gender balance and geographical diversity in its staff. Female candidates are strongly encouraged to apply for this position. OICT supports the principles of work-life balance and flexible work arrangements. Internal Applicants: When completing the form, ensure ALL fields, ALL professional experience and contact information are completed and up to date. This information is the basis for the hiring manager to assess your eligibility and suitability for the position and to contact you. ” Applicants, who successfully go through a competitive recruitment process and are recommended for selection and/or inclusion in the roster of pre-approved candidates for subsequent job openings at the same level and with similar functions, may have their application information and roster status shared with other UN Organizations. Such applicants may be contacted by other UN Organizations for similar job openings, subject to the confirmation of their interest. Placement on the roster is no guarantee of a future selection. All applicants are strongly encouraged to apply on-line as soon as possible after the job opening has been posted and well before the deadline stated in the job opening. On-line applications will be acknowledged where an email address has been provided. If you do not receive an e-mail acknowledgement within 24 hours of submission, your application may not have been received. If the problem persists, please seek technical assistance through the Inspira “Need Help?” link.
United Nations Considerations
According to article 101, paragraph 3, of the Charter of the United Nations, the paramount consideration in the employment of the staff is the necessity of securing the highest standards of efficiency, competence, and integrity. Candidates will not be considered for employment with the United Nations if they have committed violations of international human rights law, violations of international humanitarian law, sexual exploitation, sexual abuse, or sexual harassment, or if there are reasonable grounds to believe that they have been involved in the commission of any of these acts. The term “sexual exploitation” means any actual or attempted abuse of a position of vulnerability, differential power, or trust, for sexual purposes, including, but not limited to, profiting monetarily, socially or politically from the sexual exploitation of another. The term “sexual abuse” means the actual or threatened physical intrusion of a sexual nature, whether by force or under unequal or coercive conditions. The term “sexual harassment” means any unwelcome conduct of a sexual nature that might reasonably be expected or be perceived to cause offence or humiliation, when such conduct interferes with work, is made a condition of employment or creates an intimidating, hostile or offensive work environment, and when the gravity of the conduct warrants the termination of the perpetrator’s working relationship. Candidates who have committed crimes other than minor traffic offences may not be considered for employment. Due regard will be paid to the importance of recruiting the staff on as wide a geographical basis as possible. The United Nations places no restrictions on the eligibility of men and women to participate in any capacity and under conditions of equality in its principal and subsidiary organs. The United Nations Secretariat is a non-smoking environment. Reasonable accommodation may be provided to applicants with disabilities upon request, to support their participation in the recruitment process. By accepting a letter of appointment, staff members are subject to the authority of the Secretary-General, who may assign them to any of the activities or offices of the United Nations in accordance with staff regulation 1.2 (c). Further, staff members in the Professional and higher category up to and including the D-2 level and the Field Service category are normally required to move periodically to discharge functions in different duty stations under conditions established in ST/AI/2023/3 on Mobility, as may be amended or revised. This condition of service applies to all position specific job openings and does not apply to temporary positions. Applicants are urged to carefully follow all instructions available in the online recruitment platform, inspira, and to refer to the Applicant Guide by clicking on “Manuals” in the “Help” tile of the inspira account-holder homepage. The evaluation of applicants will be conducted on the basis of the information submitted in the application according to the evaluation criteria of the job opening and the applicable internal legislations of the United Nations including the Charter of the United Nations, resolutions of the General Assembly, the Staff Regulations and Rules, administrative issuances and guidelines. Applicants must provide complete and accurate information pertaining to their personal profile and qualifications according to the instructions provided in inspira to be considered for the current job opening. No amendment, addition, deletion, revision or modification shall be made to applications that have been submitted. Candidates under serious consideration for selection will be subject to reference checks to verify the information provided in the application. Job openings advertised on the Careers Portal will be removed at 11:59 p.m. (New York time) on the deadline date.
No Fee
THE UNITED NATIONS DOES NOT CHARGE A FEE AT ANY STAGE OF THE RECRUITMENT PROCESS (APPLICATION, INTERVIEW MEETING, PROCESSING, OR TRAINING). THE UNITED NATIONS DOES NOT CONCERN ITSELF WITH INFORMATION ON APPLICANTS’ BANK ACCOUNTS.
location
Apply for job
To help us track our recruitment effort, please indicate in your cover/motivation letter where (tendersglobal.net) you saw this job posting.