Search UN Jobs and NGO Jobs

Cyber Security Compliance Officer, Nairobi

Posting Title: Cyber Security Compliance Officer, P4 Job Code Title: CYBERSECURITY COMPLIANCE OFFICER Department/ Office: Department of Management Duty Station: NAIROBI Posting Period: 31 July 2018-13 September 2018 Job Opening number: 18-IST-DM-100312-R-NAIROBI(G) Staffing Exercise ID: N/A United Nations Core Values: Integrity, Professionalism, Respect for Diversity Organizational Setting and Reporting The incumbent of this Nairobi-based position will report to the Chief, Global Security and Architecture Section, Global Services Division (GSD), Office of Information and Communications Technology (OICT), Department of Management (DM). Responsibilities Within limits of delegated authority, the Cyber Security Compliance Officer will be responsible for the following duties Governance, risk and compliance (a) participate in the review and development of information security policies, and related standards and guidelines, by representing the RTC in the secretariat-wide ICT working group; (b) oversee the implementation of secretariat-wide information security policies and procedures at the regional and local levels; (c) monitor compliance with information security policies and standards; (d) conduct regular reviews of access permission and oversee user access provisioning processes at the regional and local levels; (e) maintain the Information Security Management System for the respective Regional Technology Center within the Office; (f) participate in the review and maintenance of standard operating procedures, and draft adjustments to cater for regional and local conditions. Project and operations support: (g) support project owners in the definition of information security requirements for existing and new applications and communication systems; (h) provide expert advice on the security architecture and configuration of complex systems; (i) participate in quality assurance activities by validating, or overseeing the validation of, the correct implementation of security controls before systems enter production; (j) oversee the implementation of programmatic and operational projects to improve information security (e.g., network segmentation, continuous monitoring). Communications, training and awareness (k) provide information security training to end users, project owners and ICT professionals, and contribute to Secretariat-wide initiatives to raise awareness of information security issues; (l) keep abreast of developments in the field and shares security alerts with those responsible for affected operational functions; (m) communicate risks to business owners and document risk acceptance. Threat and vulnerability management (n) represent the RTC in the global incident response team and coordinate the response to information security incidents at the regional level; analyze root causes of significant information security incidents and propose additional preventive controls and operational improvements ('lessons learnt'); (o) perform and/or oversee regular vulnerability assessments and penetration tests for systems and applications; (p) conduct information risk assessments, identify and recommend risk mitigation measures. Competencies Professionalism: Knowledge of systems design, and development, management, implementation and maintenance of complex information systems related to information security. Expert knowledge in the area of information security, relevant frameworks and related technology platforms. Ability to develop and oversee large centralized or decentralized institutional systems; conceptual and strategic analytical capacity to understand information system and business operational issues so as to thoroughly analyze and evaluate critical systems matters. Knowledge of a range of computer languages and development paradigms, knowledge of organization's information infrastructure and IT strategy as it relates to user area(s). Shows pride in work and in achievements; demonstrates professional competence and mastery of subject matter; is conscientious and efficient in meeting commitments, observing deadlines and achieving results; is motivated by professional rather than personal concerns; shows persistence when faced with difficult problems or challenges; remains calm in stressful situations. Takes responsibility for incorporating gender perspectives and ensuring the equal participation of women and men in all areas of work. Planning and Organizing: Develops clear goals that are consistent with agreed strategies; identifies priority activities and assignments; adjusts priorities as required; allocates appropriate amount of time and resources for completing work; foresees risks and allows for contingencies when planning; monitors and adjusts plans and actions as necessary; uses time efficiently. Client Orientation: Considers all those to whom services are provided to be 'clients' and seeks to see things from clients' point of view; establishes and maintains productive partnerships with clients by gaining their trust and respect; identifies clients' needs and matches them to appropriate solutions; monitors ongoing developments inside and outside the clients' environment to keep informed and anticipate problems; keeps clients informed of progress or setbacks in projects; meets timeline for delivery of products or services to client. Education Advanced university degree (Master's degree or equivalent degree) in computer science, information systems, mathematics, statistics, or related field. A first-level university degree in combination with two additional years of qualifying experience may be accepted in lieu of the advanced university degree. Work Experience A minimum of seven years of progressively responsible experience in planning, design, development, implementation and maintenance of computer information systems or related area is required. Certification(s) as Certified Information System Security Professional (CISSP), Certified Information Security Manager (CISM), or equivalent is required. Languages English and French are the working languages of the United Nations Secretariat. For the position advertised, fluency in English is required. Knowledge of another official United Nations language is desirable. Assessment Evaluation of qualified candidates may include an assessment exercise and a competency-based interview. Special Notice Staff members are subject to the authority of the Secretary-General and to assignment by him or her. In this context, all staff are expected to move periodically to new functions in their careers in accordance with established rules and procedures. For this position, applicants from the following Member States, which are unrepresented or underrepresented in the UN Secretariat as of 31 May 2018, are strongly encouraged to apply: Afghanistan, Andorra, Angola, Antigua and Barbuda, Bahrain, Belarus, Belize, Brazil, Brunei Darussalam, Cabo Verde, Cambodia, Central African Republic, China, Comoros, Cyprus, Democratic People's Republic of Korea, Dominica, Equatorial Guinea, Gabon, Grenada, Guinea-Bissau, Indonesia, Islamic Republic of Iran, Japan, Kiribati, Kuwait, Lao People's Democratic Republic, Lesotho, Liberia, Libya, Liechtenstein, Luxembourg, Marshall Islands, Federated States of Micronesia, Monaco, Mozambique, Nauru, Norway, Oman, Palau, Papua New Guinea, Qatar, Russian Federation, Saint Lucia, Saint Vincent and the Grenadines, Samoa, Sao Tome and Principe, Saudi Arabia, Solomon Islands, South Sudan, Suriname, Syrian Arab Republic, Thailand, Timor-Leste, Turkmenistan, Tuvalu, United Arab Emirates, United States of America, Vanuatu, Bolivarian Republic of Venezuela. The United Nations Secretariat is committed to achieving 50/50 gender balance in its staff. Female candidates are strongly encouraged to apply for this position. United Nations Considerations According to article 101, paragraph 3, of the Charter of the United Nations, the paramount consideration in the employment of the staff is the necessity of securing the highest standards of efficiency, competence, and integrity. Candidates will not be considered for employment with the United Nations if they have committed violations of international human rights law, violations of international humanitarian law, sexual exploitation or sexual abuse, or crimes other than minor traffic offences, or if there are reasonable grounds to believe that they have been involved in the commission of any of these acts. The term 'sexual exploitation' means any actual or attempted abuse of a position of vulnerability, differential power, or trust, for sexual purposes, including, but not limited to, profiting monetarily, socially or politically from the sexual exploitation of another. The term 'sexual abuse' means the actual or threatened physical intrusion of a sexual nature, whether by force or under unequal or coercive conditions. Due regard will be paid to the importance of recruiting the staff on as wide a geographical basis as possible. The United Nations places no restrictions on the eligibility of men and women to participate in any capacity and under conditions of equality in its principal and subsidiary organs. The United Nations Secretariat is a non-smoking environment. Applicants are urged to follow carefully all instructions available in the online recruitment platform, inspira. For more detailed guidance, applicants may refer to the Manual for the Applicant, which can be accessed by clicking on 'Manuals' hyper-link on the upper right side of the inspira account-holder homepage. The evaluation of applicants will be conducted on the basis of the information submitted in the application according to the evaluation criteria of the job opening and the applicable internal legislations of the United Nations including the Charter of the United Nations, resolutions of the General Assembly, the Staff Regulations and Rules, administrative issuances and guidelines. Applicants must provide complete and accurate information pertaining to their personal profile and qualifications according to the instructions provided in inspira to be considered for the current job opening. No amendment, addition, deletion, revision or modification shall be made to applications that have been submitted. Candidates under serious consideration for selection will be subject to reference checks to verify the information provided in the application. Job openings advertised on the Careers Portal will be removed at 11:59 p.m. (New York time) on the deadline date. No Fee THE UNITED NATIONS DOES NOT CHARGE A FEE AT ANY STAGE OF THE RECRUITMENT PROCESS (APPLICATION, INTERVIEW MEETING, PROCESSING, OR TRAINING). THE UNITED NATIONS DOES NOT CONCERN ITSELF WITH INFORMATION ON APPLICANTS' BANK ACCOUNTS.