ICC/23/MUL/38 - Cybersecurity Officer (Security Governance)
The UNICC workforce consists of many diverse nationalities, cultures, languages, and opinions. UNICC seeks to sustain and strengthen this diversity by ensuring equal opportunity and an inclusive working environment for its entire workforce. Applications are encouraged from all qualified candidates without distinction on grounds of race, ethnicity, sex, national origin, age, religion, disability, sexual orientation, and gender identity.
Purpose of the Position:
The Cybersecurity Officer will assist and support client organizations in establishing, implementing, maintaining, and continually improving information security controls to ensure that information assets are adequately protected. The Officer will also be responsible for providing active support with Cybersecurity Governance practice at UNICC.
The Cybersecurity Officer will provide services to client organizations independently or under light supervision.
Objectives of the Programme:
The objective of the Centre is to provide trusted ICT services and digital business solutions to its Clients and Partner Organizations.
Main duties and responsibilities
The incumbent will work under the direct supervision and guidance of the of Head, Cybersecurity Assurance Unit (CSGA) within the Cybersecurity Division (CS) and in close collaboration with other team members among the Division. The incumbent could be requested to do any others tasks of similar level in related fields. The incumbent will be required to:
- Develop and enhance an information security management framework based on the ISO 27000 standards
- Develop, maintain and publish up-to-date information security policies, standards and guidelines
- Oversee the approval, training, and dissemination of security policies and practices
- Create, communicate and implement the process for risk management, including the assessment and treatment of identified risks. Work directly with business units and stakeholders throughout the organization on identifying acceptable levels of residual risk. Report and oversee treatment efforts
- Build regular reporting/dashboards on the current status of the cybersecurity programme to senior management and business units as part of a strategic enterprise risk management programme
- Help raise cybersecurity and risk management awareness for all employees, contractors and approved system users
- Provide active support during security incidents and events that affect organizational assets, including intellectual property, sensitive data and the organization’s reputation
- Provide direction, support and in-house consulting in effective disaster recovery policies and standards. Coordinate the development of implementation plans and procedures to ensure that business-critical services are recovered in case of a security event
- Provide strategic risk guidance for IT projects, including the evaluation and recommendation of technical controls
- Ensure that security programs are in compliance with relevant rules, regulations, policies and standards to minimize or eliminate risks and audit findings
- Monitor the external threat environment for emerging threats, and advise relevant stakeholders on the appropriate courses of action
- Perform technical security assessments and develop strategies for remediating vulnerabilities and risks identified
- Work closely with other members of UNICC’s cybersecurity team to develop and deliver new and existing cybersecurity services
Other: Provide other ad hoc support either within the team or in other teams as required – this includes the participation in special projects or support to service delivery for short period of time on a part-time or full time basis upon request from the senior management
Experience and Skills required:
- At least five (5) years of experience in the cybersecurity area
- Ability to understand technical and business aspects of IT risk, and to communicate those risks to business and technical units so that the organization can make informed decisions regarding appropriate levels of information security control
- Strong analytical and problem-solving skills
- Ability to act calmly and competently in high-pressure, high-stress situations
- Excellent written and verbal communication skills, interpersonal and collaborative skills
- High level of personal integrity, as well as the ability to professionally handle confidential matters, and show an appropriate level of judgment and maturity
- High degree of initiative, dependability and ability to work with little supervision
- Experience in achieving and maintaining ISO 27001 certification
- Project management skills and ability to manage multiple projects under strict timelines
First university degree in computer science, information systems, mathematics, statistics or related field
Professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Cloud Security Professional (CCSP), ISO 27001 lead implementer/auditor, or other similar credentials
Master’s degree or equivalent experience in computer science, information systems, mathematics, statistics, or related field
- English: Expert knowledge is required
- Knowledge of another official United Nations language is an advantage
UNICC Global Competencies:
- Teamwork: Develops and promotes effective relationships with colleagues and team members. Deals constructively with conflicts.
- Communicating: Expresses oneself clearly in conversations and interactions with others; listens actively. Produces effective written communications. Ensures that information is shared.
- Respecting and promoting individual and cultural differences: Demonstrates the ability to work constructively with people of all backgrounds and orientations. Respects differences and ensures that all can contribute.
- Knowing and managing yourself: Manages ambiguity and pressure in a self-reflective way. Uses criticism as a development opportunity. Seeks opportunities for continuous learning and professional growth.
- Producing results: Produces and delivers quality results. Is action oriented and committed to achieving outcomes.
- Setting an example: Acts within UNICC’s / WHO’s professional, ethical and legal boundaries and encourages others to adhere to these. Behaves consistently in accordance with clear personal ethics and values
Annual Salary Estimation (net of tax at single rate):
- Brindisi (Italy), including post adjustment (26,0% on March 2023): US$ 78,991.
- Rome (Italy), including post adjustment (32,0% on March 2023): US$ 82,753.
- Valencia (Spain), including post adjustment (30,0% on March 2023): US$ 81,499.
UNICC also offers generous leave and absence allowances, flexible working hours, overtime compensation, teleworking, access to training, and depending on eligibility other benefits such as relocation grants, dependency allowances, language allowance, or education grants.
Closing date for applications:
Applications will be accepted until midnight (Geneva Time) on 14 April 2023.
- Technical and/or personality tests may be carried out as part of the selection process
- Only short-listed candidates will be contacted
- Though you may not be selected for this advertised position, the UNICC will keep your application in a roster if your profile is deemed to be of potential interest for the Centre. You may thus be solicited by our HR department to participate in an interview for another position
* For UNICC staff members who do not meet the minimum educational qualifications, please refer to the applicable WHO e-Manual Annex 6 – Guidelines on Standard Minimum Experience Exposure and Education Requirements
UNICC is an international organisation with a strong global impact. They have developed many actions such as applications to help refugees get money when they arrive in a new country. This humanitarian aspect is very important not only from a commercial perspective, but from a human-centered organisation perspective that also focuses on building projects to benefit our society, a significant consideration in a world where everything is profit-oriented. In terms of management, the organisation has a high gender score, and a low turnover rate, which means that people want to stay in this company. And for women, the company also offers a supportive workplace, with a strong commitment to women's well-being and a fair career path.
– Caroline & the 50inTech team