IT Security Engineer (P-3)

Organizational Unit:	Security Systems Unit Infrastructure Services Section Division of Information Technology Department of Management
Duty Station:	Vienna, Austria
Issue Date:	6 February 2013
Application Deadline:	5 March 2013
Type/Duration of Appointment:	Fixed term, 3 years (subject to a probationary period of 1 year)

Organizational Setting

The Division of Information Technology is one of the six Divisions in the Department of Management. The Division of Information Technology provides support to the IAEA in the field of ICT (information and communication technology), including information systems for technical programmes and management. It is responsible for planning, developing and implementing an ICT strategy, for setting and enforcing common ICT standards throughout the Secretariat and for managing central ICT services. The IAEA's ICT infrastructure comprises state-of-the art hardware and software platforms in a partially decentralized environment. The Division has implemented an IT service management model based on ITIL (IT Infrastructure Library) and Prince2 (Projects in a Controlled Environment) best practices. The Infrastructure Services Section is responsible for administering the central IT servers and virtualization platforms, providing secured services and managing the data centre which are run in compliance with best practices defined by international standards, in particular ITIL and ISO 27001. The platforms include 250 Microsoft Windows servers, 120 Linux servers, appliances, and 1 IBM mainframe, serving about 2500 users.

Main purpose

The purpose of the post is to help the IAEA information and communication technology services define and create repeatable and consistent processes to strengthen IAEA information security. The IT Security Engineer participates in the development and delivery of a comprehensive IT security program for the IAEA. He/she also participates in implementation of IT security projects, and the administration and verification of security controls as well as in technical investigations following possible security incidents.

Role

The IT Security Engineer is (a) a technical specialist supporting the design and formulation of security measures, procedures and standards on all aspects of IT security; (b) a solution provider, coordinating service delivery; (c) a project manager/coordinator, soliciting inputs from other specialists and assisting in defining, planning and executing projects; (d) a security incident handler.

Partnerships

Under the supervision of the Unit Head and under the guidance of the Senior IT Security Engineer, the IT Security Engineer provides service and project management in the development and delivery of a comprehensive IT security program. The IT Security Engineer works closely with other members of the Open Systems and Security Unit to implement projects and resolve problems related to IT security. The incumbent also interacts with other staff in the Division, including the IT Service Desk, and technical staff from other organizational units and vendor companies to provide security solutions and incident management and to support cross-sectional projects and processes.

Functions / Key Results Expected

Contribute as a key player to ensuring the confidentiality, integrity and availability of information systems and data through end-to-end IT security measures and by implementing appropriate technology and processes. Develop, implement and maintain incident response and vulnerability management procedures, implement appropriate procedural and technical access control mechanisms, and identify and respond to IT security incidents. Develop, implement and maintain an on-going risk assessment program targeting IT security matters, perform security and risk assessments and vulnerability testing and make recommendations for corrective actions. Participate in IT projects on a daily basis to ensure they produce the required results. This includes in planning, implementing, and monitoring the projects, and creating project documentation. Produce high-quality oral and written reports, presenting complex technical matters clearly and concisely. Maintain proficiency in industry standard tools and practices and in IAEA policies and procedures.

Knowledge, Skills and Abilities

Thorough knowledge in IT security program administration, policies, compliance, incident response and information systems security principles, practices and technologies. Thorough technical knowledge in supporting security applications, security appliances and tools. Excellent problem solving skills. Good interpersonal skills to deal effectively with customers, senior management, colleagues and other technical staff in a courteous and friendly manner. Ability to work in a multicultural environment with sensitivity and respect for diversity. Knowledge of ITIL processes and Prince2 desirable.

Education, Experience and Language Skills

University degree in computer science, information management or a related field. Minimum of five years of professional experience in managing IT security programs in an IT enterprise environment. Experience of working in an IT enterprise environment including using incident management and change management processes. Hands-on experience in IT security infrastructure systems providing access control, vulnerability management, incident identification and incident response would be desirable. Experience in creating technical documentation. Internationally recognised information or IT security relevant certification, such as CISSP, CISM, CISA or GIAC would be desirable. Fluency in spoken and written English. Knowledge of other IAEA official languages (i.e. Arabic, Chinese, French, Russian, Spanish) an advantage.

Remuneration

The IAEA offers an attractive remuneration package including a tax-free annual net base salary starting at US $56 091 (subject to mandatory deductions for pension contributions and health insurance), a variable post adjustment which currently amounts to US $35 281*, dependency benefits, rental subsidy, education grant, relocation and repatriation expenses; 6 weeks' annual vacation, home leave,pension plan and health insurance. How to apply to the IAEA Complete an Online Application * Subject to change without notice

Applications from qualified women and candidates from developing countries are encouraged Applicants should be aware that IAEA staff members are international civil servants and may not accept instructions from any other authority. The IAEA is committed to applying the highest ethical standards in carrying out its mandate. As part of the United Nations common system, the IAEA subscribes to the following core ethical standards (or values): Integrity, Professionalism and Respect for diversity. Staff members may be assigned to any location. The IAEA retains the discretion not to make any appointment to this vacancy, to make an appointment at a lower grade or with a different contract type, or to make an appointment with a modified job description or for shorter duration than indicated above. Testing may be part of the recruitment process.