United Nations Development Programme (UNDP)
FHI 360 staff working in the United States are required to be fully vaccinated for COVID-19, regardless of the type of project or client they serve, or of their employment status (full/part-time, remote, telework, or in-office), unless an accommodation applies. FHI 360 complies with federal, state, and local laws with regard to accommodations related to this policy. Full vaccination is currently defined as two weeks after the second dose in a two-dose series, such as the Pfizer-BioNTech or Moderna vaccine, or two weeks after a single-dose vaccine, such as Johnson & Johnson’s Janssen vaccine. Booster doses are not required at this time.
Collaborate cross-functionally throughout the organization to execute processes to safeguard sensitive information and serve as a senior resource for InfoSec program activities which include engaging business and information technology leadership. Performs information security incident management, risk assessments and cyber security audits. Develops information system security plans, documentation, and able to perform project management functions.
- Perform information security incident management, respond to breaches, identify intrusions, and apply counter measures to remediate a cyber security issue.
- Research information security issues, including review of system logs, and proposes solutions to address vulnerabilities.
- Perform requirements gathering and technical reviews for information security-related projects.
- Participates in processes involved in design of work / technology to ensure information security aspects are considered.
- Develops and documents processes and procedures.
- Collaborate cross-functionally throughout the organization to execute processes to safeguard sensitive information and serve as a senior resource for InfoSec program activities which include engaging business and information technology leadership.
- Conducts periodic reviews of Information Technology General Controls (ITGC) compliance.
- Participates in vulnerability assessments of systems and applications.
- Owns all aspects of the assignments, including internal and external relationships, licensing, budgeting, etc.
- Performs other duties assigned.
Applied Knowledge & Skills:
- Is curious and have a ‘detective’ mindset.
- Thorough understanding of information security and assurance concepts, including information security standards such as NIST 800-53 and ISO 2700x.
- Must have experience with project management and can see a multi-faceted global project through to completion.
- Working knowledge networks, servers, firewalls, websites, in context of troubleshooting.
- Must be able to communicate, in writing and verbally, with people who have varying degrees of technical expertise.
- Can develop appropriate information security controls and countermeasures to intercept and prevent internal or external attempts or attacks to compromise company’s computing environment.
- Expert level understanding of auditing for appropriateness of information security controls.
- Thorough understanding of penetration testing and vulnerability assessments of applications, operating systems and/or networks.
- Able to independently research and evaluate cybersecurity threats and performs root cause analysis.
- Must have organizational skills and capable of prioritization of work as assigned.
Problem Solving & Impact:
- Passionate about information security and sharing related knowledge.
- Has a “detective” mindset and works on complex problems requiring analysis and review of factors.
- Exercises judgment within defined procedures and practices to obtain results.
- Expected to mentor and supervise junior staff and/interns.
- Bachelor’s Degree or its International Equivalent • Computer Science, Information Technology Disciplines or Related Field.
- Certified Information Systems Security Professional (CISSP) and/or Certified Information Systems Auditor (CISA) highly desirable.
- Typically requires 8+ years of experience with security and compliance communication technologies.
- Must be able to read, write and speak fluent English; fluent in host country language as required.
- Prior work experience in information security organizations is a plus.
Typical Physical Demands:
- Remote office environment.
- Ability to sit/stand for extended periods of time.
- Ability to lift 5-50 lbs.
Technology to be Used:
- Personal Computer, Microsoft Office (i.e. Word, Excel, PowerPoint, etc.), e-mail, telephone, printer, calculator, copier, cell phones, PDAs and other hand held devices.
- Less than 10%
This job posting summarizes the main duties of the job. It neither prescribes nor restricts the exact tasks that may be assigned to carry out these duties. This document should not be construed in any way to represent a contract of employment. Management reserves the right to review and revise this document at any time.
FHI 360 is an equal opportunity and affirmative action employer whereby we do not engage in practices that discriminate against any person employed or seeking employment based on race, color, religion, sex, sexual orientation, gender identity, national or ethnic origin, age, marital status, physical or mental disability, protected Veteran status, or any other characteristic protected under applicable law.
FHI 360 will consider for employment all qualified applicants, including those with criminal histories, in a manner consistent with the requirements of applicable state and local laws.
FHI 360 fosters the strength and health of its workforce through a competitive benefits package, professional development and policies and programs that support a healthy work/life balance. Join our global workforce to make a positive difference for others — and yourself.
Apply for job
To help us track our recruitment effort, please indicate in your cover/motivation letter where (tendersglobal.net) you saw this internship posting.