OVERVIEW OF THE FUNCTIONS OF THE POST

This post is located within the Bureau of Digital Business Solution (DBS), under the direct supervision of the Head of Digital Security, Archives and Digital Assets Section. The overall objective of the role is to ensure the smooth ongoing operation of cybersecurity activities within UNESCO’s Digital Security team.

The Associate Digital Security Officer will significantly engage and interact with internal and external IT technical teams and cybersecurity specialists. He/she works with the Digital Security Team and provides relevant and contextualized technical information to efficiently respond to incident, enhance organizational’ s resilience, and improve the cybersecurity posture of the Organization overall. The Associate Digital Security Officer will be a key part of a dynamic team kickstarting a major overhaul of IT infrastructure to support UNESCO’s accelerating digital transformation and move to the cloud.

The work involves a range of assignments related to the development and maintenance a secure IT infrastructure and digital solutions, with the objective of ensuring reliability, resilience and compliance to protect UNESCO against external and internal cybersecurity threats.

The main responsibilities of the role are as follows:

• Manage Security Operations: Provide smooth and effective information security operations, ensuring the timely evolution of capability and adopting industry best practices; provide regular reporting to the Chief Information Security Officer. Maintain an up-to-date cartography of all resources, equipment and software ensuring optimum protection and detection against the main threats. Contribute to evaluating new security software, products, and services.
• Supervise security monitoring and manage incident response: Manage the relationship and act as the main contact with the managed security service provider (SOC), ensuring compliance with the contract, and the relevance and responsiveness of the actions performed. In collaboration with the provider, manage information security incident response, investigate, take appropriate corrective actions to prevent future similar security breaches and provide thorough post-event analyses.
• Monitor security policy compliance: Exercise an advice and control function to ensure that UNESCO IT products and services comply with corporate security policies. Conduct regular security audits and risk assessments including developing scripts and solutions to review the security configuration of digital assets, propose and implement appropriate remediation measures to safeguard the information security posture of the Organization. Ensure that all products are configured according to vendors recommendations and best practices from an information security point of view. Monitor patch management frequency and scheduling, advise operational teams.
• Other activites, for example: Keep abreast of and evaluate information security innovation, solutions, trends and Best Practices to respond to the continually evolving need to protect the digital assets of the Organization.
  Support the drafting and implementation of digital security policies aligned to the risk tolerance of the Organization. Advise on digital security related matters as necessary.

COMPETENCIES (Core / Managerial)

–

REQUIRED QUALIFICATIONS

Education

• An advanced university degree (master’s or equivalent) in computer sciences, information security, information technology or a related field.

Work Experience

• At least two (2) years of relevant professional experience and proven capacity in threat analysis and security incident response, of which preferably 1 year acquired at international level.

Skills and Competencies

• In-depth knowledge and understanding of application security, cloud security (particularly Microsoft Azure), and systems security, as well as security solutions.
• Good knowledge of operating systems, Windows and Linux, as well as networking protocols.
• Broad knowledge of current and emerging technologies, industry trends and best practices together with demonstrated experience evaluating their strategic value.
• Analytical skills and the ability to effectively troubleshoot and prioritize needs, requirements and other issues.
• Good communication skills.

Languages

• Excellent knowledge (written and spoken) of English or French and good knowledge of the other language.

DESIRABLE QUALIFICATIONS

Education

• Professional Certifications in Comptia Sec+, Network+, CEH or Azure Security Engineer would be an asset.

Work experience

• Experience in an international and cross-cultural setting would be preferable.

Languages

• Knowledge of another official language of UNESCO (Arabic, Chinese, Russian or Spanish).