UN WOMEN: INFORMATION SECURITY SPECIALIST

The UN Women, grounded in the vision of equality enshrined in the Charter of the United Nations, works for the elimination of discrimination against women and girls; the empowerment of women; and the achievement of equality between women and men as partners and beneficiaries of development, human rights, humanitarian action and peace and security. Placing women's rights at the centre of all its efforts, the UN Women will lead and coordinate United Nations system efforts to ensure that commitments on gender equality and gender mainstreaming translate into action throughout the world. It will provide strong and coherent leadership in support of Member States' priorities and efforts, building effective partnerships with civil society and other relevant actors. The Management and Administration Division is responsible for the planning, allocation and management of financial, human and administrative resources including information systems and telecommunications, the effective and efficient delivery of essential operations services in UN Women, continuous development and improvement in operations, policies, and methods to align with UN Women and stakeholders' evolving business needs and advisory support to the Executive Director in the formulation and implementation of the UN Women overall mission, strategy and plans of actions. The Information Systems and Telecommunication (IST) Office located in the Division of Management and Administration, is responsible for the strategic planning and development of information and telecommunication systems and services, ICT solutions, sourcing of information systems and equipment to support business needs and for the maintenance, availability, reliability and quality of performance of information and telecommunications systems and services globally in all UN Women offices. The IST office works closely and collaboratively with UNDP, its principal ICT partner to achieve synergy, avoid duplication and to take advantage of potentials for partnerships in information and telecommunications systems and services development and implementation.
Duties and Responsibilities
Under the direct supervision of Chief of Information Systems and Telecommunications, the Information Security Specialist is responsible for developing and assuring information security across all ICT services within UN Women. This is an entirely new function in UN Women and the Information Security Specialist will be responsible for establishing the information security function from scratch, including policies, standards, operating procedures, selection of tools etc. The assignment is planned for six months. The responsibilities includes the following: Information Security policies and standards: Define the information security strategy and information security risk management framework; Plan, coordinate and execute information security risk assessments to identify vulnerabilities and compliance gaps; Determine risk profiles and identify appropriate security controls to reduce and maintain risks at acceptable levels; Develop and maintain of information security policies, procedures, standards and guidelines as well as information security awareness programme; Liaising with HR/Learning to formulate and implement communications strategies to ensure staff security awareness. Vulnerability identification and penetration testing: Recommending contingency measures to deal with any ICT security issues to Chief of Information Systems and Telecommunications; Establish capability for penetration testing and identification of vulnerabilities Conduct vulnerability scans and penetration testing of critical infrastructure ele;ments and of new applications; Highlight vulnerabilities in ICT systems including the need for software updates, fixes, patches and other security related changes; Determine risk profiles and identify appropriate security controls to reduce and maintain risks at acceptable levels. Incident response: Establish incident response capability; Conduct and coordinate incident response activities; Proactively appraise management of the impact and risk exposure of major problems and keep them informed of the progress towards resolution; Liaise with other IST personnel and vendors to track, manage and escalate, where necessary, the resolution of ICT security problems. Information security programme: Collect and consolidate security metrics, prepare performance and information security status reports; Ensure that all existing and new ICT solutions are assessed from an information security perspective and that risk mitigation plans are established; Liaise with other UN agencies and partner organizations on information security related issues; Understanding latest ICT security threats and issues, and countermeasures available to mitigate security risks; Advising on functionality and technology available to deploy cost effective ICT security management for UN Women. Perform other duties as required. Impact of Results: The results of the functions performed directly impact the efficiency of the several key IT systems used to support the UN Women business, covering around 1500 staff in HQ and field. The effective implementation of IT systems directly impacts the organization's capacity and credibility in providing timely and quality information to achieve organizational goals and it also impacts overall knowledge building and sharing in the organization. The results of these functions indirectly impact: the ability of UN Women staff to provide timely and quality services to its key clients; the production and distribution of management information to Senior Management; and the preparation of results reports.
Competencies
Core Values / Guiding Principles: Integrity: Demonstrating consistency in upholding and promoting the values of UN Women in actions and decisions, in line with the UN Code of Conduct; Cultural Sensitivity/Valuing diversity: Demonstrating an appreciation of the multicultural nature of the organization and the diversity of its staff. Demonstrating an international outlook, appreciating differences in values and learning from cultural diversity. Functional Competencies: Job Knowledge/Technical Expertise Demonstrated proficiency to have analytical ability and thorough understanding of information security, including information security programmes, penetration testing and incident response; Knowledge of information technology platforms; Actively seeks to apply current expertise and new ideas on how to improve information security posture. Client Orientation Able to identify and analyze clients' needs and develop appropriate technology solutions to meet business requirements; desire to organize and improve processes; Planning and Organization; Ability to establish priorities and to plan, coordinate and monitor own work plan; Proven ability to work under pressure and produce output that is accurate, timely and of high quality; Ability to manage conflicting priorities. Communications Able to speak and write clearly and effectively, including to: advise and train users on the use of complex systems/applications and related matters; Prepare specifications and other written reports/documentation in a clear and concise style. Teamwork Good interpersonal skills; ability to establish and maintain effective partnerships and working relations with people in a multi-cultural, multi-ethnic environment with sensitivity and respect for diversity.
Required Skills and Experience
Education: Master`s degree or equivalent in information technology, computer science, business administration or other related discipline. A first level university degree with a relevant combination of academic qualifications and experience may be accepted in lieu of the advanced university degree; Certification in security field, such as CISSP, CISM, SSCP, CSSLP or GIAC is desirable. Experience: 5 years of experience in information and communication technology. Preferrable with 2 years of demonstrated cumulative experience in performing risk assessments, coordinating incident responses and defining information security framework; Experience of implementing and managing a corporate ICT Security Policy and Standards and up to date knowledge of technical infrastructure and corporate applications security issues, threats and risks to the business. Demonstrated hands-on experience with security testing methodologies and tools, for example Metasploit. Language Requirements: Fluency in English is required. Proficiency in another UN working language is desirable. Note: In July 2010, the United Nations General Assembly created UN Women, the United Nations Entity for Gender Equality and the Empowerment of Women. The creation of UN Women came about as part of the UN reform agenda, bringing together resources and mandates for greater impact. It merges and builds on the important work of four previously distinct parts of the UN system (DAW, OSAGI, INSTRAW and UNIFEM), which focused exclusively on gender equality and women's empowerment. All applications must include (as an attachment) the completed UN Women Personal History form (P-11) which can be downloaded from http://www.unwomen.org/about-us/employment Kindly note that the system will only allow one attachment. Applications without the completed UN Women P-11 form will be treated as incomplete and will not be considered for further assessment.
Click here for important information for US Permanent Residents ('Green Card' holders).
UNDP is committed to achieving workforce diversity in terms of gender, nationality and culture. Individuals from minority groups, indigenous groups and persons with disabilities are equally encouraged to apply. All applications will be treated with the strictest confidence.