Cybersecurity Operations Monitoring Team Lead

17 March, 2026

  • Share via email

    • Position Summary

    Position Description

    The UNICC workforce consists of many diverse nationalities, cultures, languages, and opinions. UNICC seeks to sustain and strengthen this diversity by ensuring equal opportunity and an inclusive working environment for its entire workforce. Applications are encouraged from all qualified candidates without distinction on grounds of race, ethnicity, sex, national origin, age, religion, disability, sexual orientation and gender identity.

    Purpose of the Position:

    Within the Cyber Security Operations team, the incumbent will provide support and guidance to the Cyber security operations centre (SOC).

    Objectives of the Programme:

    UNICC provides the digital foundations that support the digital transformation and future of the UN system and other international organizations.

    Main duties and responsibilities:

    The incumbent will work under the direct supervision and guidance of the Chief, Cyber Security Operations Section (CSO) and in close collaboration with other Cybersecurity (CS) teams. The incumbent could be requested to do any other tasks of similar level in related fields.

    • Collaborate in the implementation and execution of the annual work plan for the Cybersecurity Operations Monitoring teamby monitoring or coordinating assigned activities and tracking progress against planned objectives in order to ensure timely delivery of priorities and alignment with the organization’s cybersecurity strategy
    • Provide oversight and operational guidance of the 24×7 Security Operations Center (SOC) analysts, ensuring continuous monitoring, effective incident detection and response, adherence to defined procedures, and consistent service quality across all shifts
    • Support the onboarding of new agencies to Security Operations Center (SOC) capabilities, ensuring effective integration of services, operational processes, and security monitoring capabilites
    • In collaboration with other Cybersecurity Operations teams (CSIRT, CTI), implement tools, procedures, and processes to enhance prevention, detection, and respond to cybersecurity threats
    • Execute and report on continuous improvement initiatives to assess and enhance Cybersecurity Operations monitoring capabilities
    • Define, implement, and report on key performance indicators (KPIs) to ensure monitoring services are effective and delivered at the expected quality level
    • Implement security monitoring capabilities and use cases derived from security incidents, risk assessments, audit activities, and strategic roadmap initiatives, to mitigate identified risks and strengthen the organization’s overall security posture
    • Contribute to the organization and delivery of the annual Common Secure Conferenceby supporting planning, coordination and execution activities in order to promote cybersecurity awareness, knowledge sharing and stakeholder engagement
  • Collaborate in the implementation and execution of the annual work plan for the Cybersecurity Operations Monitoring teamby monitoring or coordinating assigned activities and tracking progress against planned objectives in order to ensure timely delivery of priorities and alignment with the organization’s cybersecurity strategy
  • Provide oversight and operational guidance of the 24×7 Security Operations Center (SOC) analysts, ensuring continuous monitoring, effective incident detection and response, adherence to defined procedures, and consistent service quality across all shifts
  • Support the onboarding of new agencies to Security Operations Center (SOC) capabilities, ensuring effective integration of services, operational processes, and security monitoring capabilites
  • In collaboration with other Cybersecurity Operations teams (CSIRT, CTI), implement tools, procedures, and processes to enhance prevention, detection, and respond to cybersecurity threats
  • Execute and report on continuous improvement initiatives to assess and enhance Cybersecurity Operations monitoring capabilities
  • Define, implement, and report on key performance indicators (KPIs) to ensure monitoring services are effective and delivered at the expected quality level
  • Implement security monitoring capabilities and use cases derived from security incidents, risk assessments, audit activities, and strategic roadmap initiatives, to mitigate identified risks and strengthen the organization’s overall security posture
  • Contribute to the organization and delivery of the annual Common Secure Conferenceby supporting planning, coordination and execution activities in order to promote cybersecurity awareness, knowledge sharing and stakeholder engagement

    • Other:

    • Provide other ad hoc support either within the team or in other teams as required – this includes the participation in special projects or support to service delivery for short period of time on a part-time or full-time basis upon request from the senior management
    • The incumbent could be required to support on-call rotation
  • Provide other ad hoc support either within the team or in other teams as required – this includes the participation in special projects or support to service delivery for short period of time on a part-time or full-time basis upon request from the senior management
  • The incumbent could be required to support on-call rotation

    • Recruitment Profile

    Experience and Skills required:

    Essential:

    • Proven experience of minimum five (5) years in working within a Cybersecurity Operations Centre including three or more of the following requirements:
      • Having supported the establishment of cybersecurity Operations centres for International Organizations
      • Having managed and mentored SOC analysts across Tier 1, Tier 2, and Tier 3 functions
      • Having led SOC operations on a 24/7 basis, ensuring effective monitoring, detection, and response to security incidents
      • Having monitored SOC KPIs and SLAs, producing management and executive-level security reports
    • Contributing to the establishment or enhancement of cybersecurity operations centres within international or large organizations
    • Providing technical guidance and mentoring to SOC analysts across Tier 1, Tier 2 and Tier 3 functions
    • Coordinating or supporting 24/7 SOC operations to ensure effective monitoring, detection and response to security incidents
    • Monitoring SOC KPIs and SLAs and preparing operational and management-level security reports
  • Proven experience of minimum five (5) years in working within a Cybersecurity Operations Centre including three or more of the following requirements:
    • Having supported the establishment of cybersecurity Operations centres for International Organizations
    • Having managed and mentored SOC analysts across Tier 1, Tier 2, and Tier 3 functions
    • Having led SOC operations on a 24/7 basis, ensuring effective monitoring, detection, and response to security incidents
    • Having monitored SOC KPIs and SLAs, producing management and executive-level security reports
    • Having supported the establishment of cybersecurity Operations centres for International Organizations
    • Having managed and mentored SOC analysts across Tier 1, Tier 2, and Tier 3 functions
    • Having led SOC operations on a 24/7 basis, ensuring effective monitoring, detection, and response to security incidents
    • Having monitored SOC KPIs and SLAs, producing management and executive-level security reports
  • Having supported the establishment of cybersecurity Operations centres for International Organizations
  • Having managed and mentored SOC analysts across Tier 1, Tier 2, and Tier 3 functions
  • Having led SOC operations on a 24/7 basis, ensuring effective monitoring, detection, and response to security incidents
  • Having monitored SOC KPIs and SLAs, producing management and executive-level security reports
  • Contributing to the establishment or enhancement of cybersecurity operations centres within international or large organizations
  • Providing technical guidance and mentoring to SOC analysts across Tier 1, Tier 2 and Tier 3 functions
  • Coordinating or supporting 24/7 SOC operations to ensure effective monitoring, detection and response to security incidents
  • Monitoring SOC KPIs and SLAs and preparing operational and management-level security reports

    • Desirable:

    • Strong understanding of network and security
    • Exposure to cloud security monitoring (e.g., AWS, Azure, GCP) and hybrid environments
    • Exposure with SOAR platforms and automation use cases to improve SOC efficiency
    • Previous experience with international or large organizations
  • Strong understanding of network and security
  • Exposure to cloud security monitoring (e.g., AWS, Azure, GCP) and hybrid environments
  • Exposure with SOAR platforms and automation use cases to improve SOC efficiency
  • Previous experience with international or large organizations

    • *Education:

    Essential:

    • First university degree in Information Technology or related field
  • First university degree in Information Technology or related field

    •  Desirable:

    • One of the following technical certifications: OSWP, OSCP, GCIH, or other GIAC/similar certifications
  • One of the following technical certifications: OSWP, OSCP, GCIH, or other GIAC/similar certifications

    • Languages:

    • English: Expert knowledge is required
    • Knowledge of another UN official language will be considered an advantage
  • English: Expert knowledge is required
  • Knowledge of another UN official language will be considered an advantage

    • UNICC Global Competencies:

    • Teamwork: Develops and promotes effective relationships with colleagues and team members. Deals constructively with conflicts.
    • Communicating: Expresses oneself clearly in conversations and interactions with others; listens actively. Produces effective written communications. Ensures that information is shared.
    • Respecting and promoting individual and cultural differences: Demonstrates the ability to work constructively with people of all backgrounds and orientations. Respects differences and ensures that all can contribute.
    • Knowing and managing yourself: Manages ambiguity and pressure in a self-reflective way. Uses criticism as a development opportunity. Seeks opportunities for continuous learning and professional growth.
    • Producing results: Produces and delivers quality results. Is action oriented and committed to achieving outcomes.
    • Moving forward in a changing environment: Is open to and proposes new approaches and ideas. Adapts and responds positively to change.
  • Teamwork: Develops and promotes effective relationships with colleagues and team members. Deals constructively with conflicts.
  • Communicating: Expresses oneself clearly in conversations and interactions with others; listens actively. Produces effective written communications. Ensures that information is shared.
  • Respecting and promoting individual and cultural differences: Demonstrates the ability to work constructively with people of all backgrounds and orientations. Respects differences and ensures that all can contribute.
  • Knowing and managing yourself: Manages ambiguity and pressure in a self-reflective way. Uses criticism as a development opportunity. Seeks opportunities for continuous learning and professional growth.
  • Producing results: Produces and delivers quality results. Is action oriented and committed to achieving outcomes.
  • Moving forward in a changing environment: Is open to and proposes new approaches and ideas. Adapts and responds positively to change.

    • Please find below a link to the UNICC Privacy Notice for Applicants.

    Other Information

    Compensation:

    Annual Salary Estimation (net of tax at single rate):

    • Valencia (Spain), including post adjustment (30,5% on March 2026): US$ 93,092.
    • Brindisi (Italy), including post adjustment (22,3% on March 2026): US$ 87,242.
    • Rome (Italy), including post adjustment (28,1% on March 2026): US$ 91,380.
  • Valencia (Spain), including post adjustment (30,5% on March 2026): US$ 93,092.
  • Brindisi (Italy), including post adjustment (22,3% on March 2026): US$ 87,242.
  • Rome (Italy), including post adjustment (28,1% on March 2026): US$ 91,380.

    • UNICC also offers generous leave and absence allowances, flexible working hours, overtime compensation, teleworking, access to training, and depending on eligibility other benefits such as relocation grant, dependency allowance, language allowance, or education grant.

    Closing date for applications:

    Applications will be accepted until midnight (Geneva Time) on 7 April 2026.

    Notes:

    • Technical and/or personality tests may be carried out as part of the selection process
    • Only short-listed candidates will be contacted
    • Though you may not be selected for this advertised position, the UNICC will keep your application in a roster if your profile is deemed to be of potential interest for the Centre. You may thus be solicited by our HR department to participate in an interview for another position
  • Technical and/or personality tests may be carried out as part of the selection process
  • Only short-listed candidates will be contacted
  • Though you may not be selected for this advertised position, the UNICC will keep your application in a roster if your profile is deemed to be of potential interest for the Centre. You may thus be solicited by our HR department to participate in an interview for another position

    • * For UNICC staff members who do not meet the minimum educational qualifications, please refer to the applicable WHO e-Manual Annex 6 – Guidelines on Standard Minimum Experience Exposure and Education Requirements

    Please inform us should you require any specific accommodation to facilitate your application

    The UNICC workforce consists of many diverse nationalities, cultures, languages, and opinions. UNICC seeks to sustain and strengthen this diversity by ensuring equal opportunity and an inclusive working environment for its entire workforce. Applications are encouraged from all qualified candidates without distinction on grounds of race, ethnicity, sex, national origin, age, religion, disability, sexual orientation and gender identity.

    For applications to be valid, they must contain a motivation letter and the filled Personal History Form.

    Apply For This Job

    At Impactpool we do our best to provide you the most accurate info, but closing dates may be wrong on our site. Please check on the recruiting organization's page for the exact info. Candidates are responsible for complying with deadlines and are encouraged to submit applications well ahead.
    Before applying, please make sure that you have read the requirements for the position and that you qualify. Applications from non-qualifying applicants will most likely be discarded by the recruiting manager.