Cybersecurity Officer

The UN is continuously targeted by cyberattacks and understanding how cybersecurity may affect the ability to deliver on its mandate is essential to be able to mitigate associated risks. OICT/CSS is tasked to protect the geographically highly dispersed and diverse ICT environment of the organization from cyberattacks. In addition to the vast existing traditional infrastructure the ongoing migration of service to cloud computing providers, as well as the significantly increased reliance on mobile computing platforms poses severe challenges that require additional resources, and new and innovative approaches to ensure the organization is adequately protected. This applies to areas such as threat management, incident detection and response, vulnerability management as well as organizational resilience.

The activities of OICT/CSS focus on policy development and oversight, cyber risk management, cyber threat intelligence, global monitoring and analytics, application and infrastructure vulnerability management.
This is a position in UNOPS for supporting projects carried out for or in the United Nations Secretariat. The incumbent of this position will be a staff member of UNOPS under its full responsibility.

Within delegated authority, the Cybersecurity Officer with the focus on Field missions and centralized systems will:

• Maintain the work plan, coordinate, and oversee the work of the respective threat, incident, vulnerability, and operational resilience teams;

• Participate in the review of existing and development of new information security policies, and related standards, guidelines, and procedures;

• Monitor and report on compliance with information security policies and standards;

• Coordinate the consistent establishment of vulnerability, threat management, and implementation of information security monitoring and incident response procedures in Field missions;

• Participate and contribute to the global Secretariat global incident response team and contribute to the response to information security incidents, analyze root causes of significant information security incidents and propose additional preventive controls and operational improvements ("lessons learnt");

• Coordinate establishment and support of standardized information security capabilities/solutions and processes;

• Coordinate performance of regular vulnerability assessments and penetration testing of ICT systems and issuance of security advisories;

• Support project owners in the definition of information security requirements for existing and new Information Communication Technology (ICT) solutions including applications and communication systems;

• Provide expert advice on the security architecture and configuration of complex ICT solutions;

• Support quality assurance activities by validating, or overseeing the validation of, the correct implementation of security controls prior to release systems into production;

• Provide information security training to end users, project owners and ICT professionals, and contribute to Secretariat-wide initiatives to raise awareness of information security issues;

• Maintain of the ICT operational resilience programme, and related policies, procedures and supporting templates;

• Provide support to disaster recovery exercises, and coordination of the implementation of disaster recovery plans;

• Perform research of innovative and effective information security technology solutions, their configuration and integration into the organisation’s existing ICT landscape;

• Provide outreach and communications, including general and targeted awareness for information security;

• Provide support for standardization and consistent integration of information security processes across existing and new (cloud) ICT environments;

• Communicate risks to business owners and document risk acceptance.

Increased organization’s capacity to perform internal cybersecurity assessments; established and maintained global cyber threat and vulnerability management intelligence programmes; as well as increased incident response capabilities.

• Advanced university degree (Master’s degree or equivalent) in computer science, information systems, information security or related field.

• A first-level university degree with an additional 2 years of relevant work experience may be accepted in lieu of the advanced university degree.

Experience

Required:

• A minimum of seven years of progressively responsible experience in planning, design, development, implementation and maintenance of computer information systems or related area is required;

• A minimum of five years of practical experience in the field of information security or cyber security;

• A minimum of two years of practical experience in information security incident response and threat management or vulnerability management;

Desirable:

• Good experience in providing support to disaster recovery exercises, and coordination of the implementation of disaster recovery plans;

• Solid experience in providing support for standardization and consistent integration of information security processes across existing and new (cloud) ICT environments;

Certifications

• One or more of following certification(s) are required: Certified Information System Security Professional (CISSP), Certified Information Security Manager (CISM), or equivalent.
• Attach any of the above certificate (CISSP / CISM) with your application. 

• Please note that the closing date is midnight Copenhagen time
• Applications received after the closing date will not be considered.
• Only those candidates that are short-listed for interviews will be notified.
• Qualified female candidates are strongly encouraged to apply.
• UNOPS seeks to reasonably accommodate candidates with special needs, upon request.
• Work life harmonization - UNOPS values its people and recognizes the importance of balancing professional and personal demands. We have a progressive policy on work-life harmonization and offer several flexible working options. This policy applies to UNOPS personnel on all contract types
• UNOPS seeks to reasonably accommodate candidates with special needs, upon request.
• For staff positions only, UNOPS reserves the right to appoint a candidate at a lower level than the advertised level of the post
• The incumbent is responsible to abide by security policies, administrative instructions, plans and procedures of the UN Security Management System and that of UNOPS.  

It is the policy of UNOPS to conduct background checks on all potential recruits/interns. Recruitment/internship in UNOPS is contingent on the results of such checks.

UNOPS is an operational arm of the United Nations, supporting the successful implementation of its partners’ peacebuilding, humanitarian and development projects around the world. Our mission is to help people build better lives and countries achieve sustainable development.

UNOPS areas of expertise cover infrastructure, procurement, project management, financial management and human resources.

Working with us

UNOPS offers short- and long-term work opportunities in diverse and challenging environments across the globe. We are looking for creative, results-focused professionals with skills in a range of disciplines.

Diversity

With over 4,000 UNOPS personnel and approximately 7,000 personnel recruited on behalf of UNOPS partners spread across 80 countries, our workforce represents a wide range of nationalities and cultures. We promote a balanced, diverse workforce — a strength that helps us better understand and address our partners’ needs, and continually strive to improve our gender balance through initiatives and policies that encourage recruitment of qualified female candidates.

Work life harmonization

UNOPS values its people and recognizes the importance of balancing professional and personal demands.

Background Information - Sustainable Development Cluster

Based in New York, the Sustainable Development Cluster (SDC) supports diverse partners with their peacebuilding, humanitarian and development operations.

The SDC’s services include grants management, development and special initiatives support, and technology support to the UN and UN agencies.

The SDC is part of the New York Service Cluster that supports the United Nations Secretariat, as well as a broadening community of other New York-based United Nations organizations, bilateral and multilateral partners in the delivery of UNOPS mandate in project management, infrastructure management, and procurement management.