Chief Information Security Officer

VN Category (INT / EXT / EOI):

Job Category:

This is an external vacancy notice open to external candidates and WTO staff. It is posted on the WTO internal as well as external career site. Eligible WTO staff on short-term, fixed-term or regular contracts and interns must apply through the Workday internal career site.

This is a Fixed-term contract funded through the regular budget. The duration will be two years with the possibility of extension, unless specified in the vacancy notice.

The recruitment policy of the WTO is to seek to attract and retain staff members offering the highest standards of competence, efficiency and integrity. As an Equal Opportunities Employer, the WTO gives full regard to merit and diversity.

.

The Secretariat of the WTO is seeking to fill a position of Chief Information Security Officer in the Information and Technology Solutions Division.

The Information Technology Solutions Division ensures the efficient operation of the WTO's information technology (IT) infrastructure as well as the development and support of the necessary systems to cover the needs of WTO members and the WTO Secretariat. In response to changing needs and fast-evolving technology, the division collaborates with all Secretariat Divisions to constantly enhance IT services and procedures, to comply with the core mandate of the Organization and to better facilitate the dissemination of information to WTO members and the public. The division also ensures the efficient operation of the IT and communication infrastructure for special events such as Ministerial Conferences. Finally, the division is also responsible for developing and implementing the information security program.

Reporting to the Director of the Division, the incumbent is responsible for the following functions:

1. Develop, implement, and monitor a comprehensive enterprise information security strategy and program. This includes drafting new internal information security policies, directing the continuous improvement of relevant standards and procedures and providing expert advice.

2. Provide expertise and advice to WTO management and Organization at large on information security matters and technologies. This includes working directly with the business units address information security requirements and facilitate risk assessment and promoting a culture of strong information security.

3.  Provide leadership to the Organization's information security function. This includes supervising the work of the WTO Information Security personnel, overseeing technical implementation of security policies, monitoring compliance, and security auditing, overseeing and addressing security monitoring, and detection of cyber-attacks, new cyber-threats and vulnerabilities, building the Organisation's incident response capacity.

4. Coordinate information systems business continuity and disaster recovery planning.

5. Assist with the overall business technology planning, providing a current knowledge and future vision of technology and systems. This includes implementing and overseeing the security advisory process, to assess security aspects of all WTO information and communication systems, making sure security requirements are integral part of all new ICT initiatives, and establishing relevant standards and best practices.

6. Liaise with host country authorities and peer International Agencies on matters of information security; represent the WTO at the relevant meetings and working groups of International Agencies; review and analyse the work of other organizations in the field of information security.

REQUIRED QUALIFICATIONS

Education:

An advanced university degree in Computer Science, Information Technology, IT Engineering or related field. Alternatively, proven professional expertise equivalent to an advanced university degree in addition to a basic university degree in Computer Science, Information Technology, IT Engineering or related field will be accepted.

Knowledge and Skills:

Technical Knowledge and Skills:

Knowledge of common information security management standards and best practices, such as ISO/IEC 27000 series, and NIST. Knowledge of legal and compliance aspects of information security, including privacy legislations as well as diplomatic privileges and immunities ensurance. Knowledge of information security risk management, and associated standards and best practices. Excellent policy-writing skills. Skills in design and implementation of information security risk mitigation measures, including business practices, in a large and complex enterprise environment. Knowledge of cyber-security aspects, including common challenges, cyber-threats, security-oriented design and best practices, and mitigation measures, of the modern enterprise ICT stack. This must include:

• Telecom LAN and WAN technologies, routing, VPN, and firewalling
• Standard authentication and authorisation protocols, encryption standards, digital certificates
• Web and database application technologies
• Cloud-specific technologies and architecture
• Mobile devices and platforms
• Server and endpoint

Knowledge of secure software development best practices. Knowledge of information security aspects of vendor and 3rd party management.

Behavioural Skills:

Communication: excellent presentation skills, ability to communicate effectively and transform technological concepts into the business language. Decision-making: ability to take decisions, and assume responsibility for those decisions. Leadership: sound experience in leading and motivating a team. Ability to influence an organization strategy and plan. Flexibility/Adaptability: ability to respond quickly and efficiently to unforeseen changes in technology or business environment. Teamwork: ability to work within cross-functional, interdisciplinary teams, taking into consideration different views, and leveraging information sharing and constructive feedback. Anticipation and initiative: ability to plan effectively, and propose innovative ideas and solutions. Problem solving and analytical thinking: ability to assess relevant facts, and make optimal judgements, based on sometimes incomplete information.

Work Experience:

At least 10 years of relevant experience in information security, preferably in an International Organization, including at least five years’ experience in managing enterprise information security programs.

Experience in information security governance, including drafting, validation, and implementation of relevant internal policies.

Experience managing a team or guiding the work of others.

Languages:

Fluent command of English (level corresponding or equivalent to a minimum of level C1 of the Common European Framework of Reference for Languages) is mandatory including the ability to draft clearly, accurately and concisely, and to communicate both orally and in written form in an articulate and persuasive manner.

Good knowledge of French sufficient to produce and analyse complex written materials and to make oral presentations is highly desirable.

The language skills of shortlisted candidates will be assessed as part of the selection process.

Additional Information:
 
Only applications from nationals of WTO Members will be accepted. 

The recruitment process will be undertaken as per Administrative Memorandum No. 976 (OFFICE(16)/15) on Staff Promotions and external recruitment through Vacancy Notices.

For non-entry level positions, the position may be offered at a lower grade if the selected candidate does not fully meet all the required qualifications. 

The initial fixed-term contract shall be two years, which shall be probationary, as per Administrative Memorandum No. 997 (OFFICE(23)/4) on Probation Policy.

The WTO may use various communication technologies such as video or teleconference for the assessment and evaluation of candidates. The recruitment process may also involve the use of various forms of testing, assessment centres, interviews and reference checks. 

Applicants may be required to sit a written examination. 

Applicants will be contacted directly if selected for an interview. 

Candidates not selected whose performance in the selection process nevertheless shows them to be suitable for a similar position may be kept on a roster for up to 24 months, and may subsequently be called upon as and when the need arises for additional resources.

All applicants are encouraged to apply online as soon as possible after the vacancy has been posted and well before the closing date – Geneva (Switzerland) time – stated in the vacancy announcement. 
PLEASE NOTE THAT APPLICATIONS RECEIVED AFTER THE CLOSING DATE WILL NOT BE ACCEPTED. 
The WTO is a non-smoking environment.