Information Security Operations Officer

Grade: P3 

Vacancy no.: RBC/P/INFOTEC/2026/8
Publication date: 26 June 2026
Application deadline (midnight Geneva time): 29 July 2026

Job ID: 13686 
Department: INFOTEC 
Organization Unit: INFOTEC 
Location: Geneva   
Contract type: Fixed Term 

The following are eligible to apply:

  • ILO Internal candidates in accordance with paragraphs 31 and 32 of Annex I of the ILO Staff Regulations.
  • External candidates.

Applications from candidates who have already separated from ILO service upon retirement or early retirement, will not be considered.

The ILO values diversity among its staff and welcomes applications from qualified female candidates. We also encourage applicants with disabilities. If you are unable to complete our online application form due to a disability, please send an email to ilojobs@ilo.org.

The ILO welcomes applicants with experience in working within ILO constituents (governments, employers’ and business membership organizations, and workers’ organizations).

Applicants from non- or under-represented member States, or from those member States which staffing forecasts indicate will become non- or under-represented in the near future would be particularly welcome. A list of these countries can be found here: ILO Jobs: Non- and under-represented Member States

In addition to the interviews and tests that any candidate may be required to take, successful completion of the ILO Assessment Centre is required for all external candidates and any internal candidate applying to a higher category.

Notwithstanding the general considerations set out in the ILO Staff Regulations, this vacancy announcement is the only authoritative document pertaining to the qualifications required for this position. The minimum required qualifications were determined in view of the specific duties and responsibilities of this position.

The specific language requirements for this position are detailed hereunder. However, external candidates applying for the professional category vacancies and whose mother tongue is not one of the working languages of the Office (English, French and Spanish), shall be required to possess a fully satisfactory working knowledge of at least one of the ILO working languages. If appointed, they will be expected to acquire a knowledge of a second working language of the Office during their initial years of service.

Recruitment for this vacancy is subject to the availability of funding.

Introduction

The position is located in the information security operations team of the Technology Management Services (TMS) Branch within the Information and Technology Management Department (INFOTEC). INFOTEC provides modern, secure, and reliable IT infrastructure, technologies, applications and services to enable the ILO to effectively use technology to perform its mission.


The position is a key operational contributor to information security operations across the Organization, acting as a primary driver of day-to-day information security activities. This includes information security events monitoring, incident management, threat hunting, threat intelligence, forensics, and vulnerability management. Additionally, the position contributes to the design, implementation, and maintenance of the security platform and tools supporting operational activities.


The position reports to the Information Security Operations Lead, TMS. 

Specific Duties

1.    Champion information security operations, including incident assessment, categorization, triage and escalation, in line with established Incident Response playbooks and procedures and in collaboration with the SOC (Security Operations Center).
2.    Provide expertise in Information Security Incident Response. Drive detection, threat hunting and incident analysis; identify and track escalations and lateral movements; support containment, eradication and recovery stage; write post-mortem documentation and lesson learned.
3.    Monitor and assess the ILO threat landscape on a routine basis; identify and assess emerging risks, participate in mitigation activities; design and implement appropriate mitigating controls, detection analytics and alerting capabilities where applicable.
4.    Drive the hardening and baselining of assets; monitor and investigate deviations from recognised security baselines, including Centre for Internet Security (CIS) benchmarks and Security Technical Implementation Guidelines (STIG); define and implement technical measures through Group Policy, Intune, Azure or Configuration Manager; and perform post-implementation reviews and audits to identify and implement improvements to operational systems.
5.    Participate in planning and deliver simulation exercises, including tabletop and purple-team exercises, to test preparedness, validate response capabilities and strengthen organisational resilience against cyber-attacks.
6.    Contribute to data analysis and reporting capabilities to collect and analyse logs, metrics, and events from multiple sources; Proactively suggest and create alerts and reports on potential risks and compliance deviations.
7.    Conduct targeted digital forensics services to acquire images and reconstruct intrusion timelines, events, vectors, tools and techniques from compromised assets; extract artifacts and indicators of compromise.
8.    Support Threat and Vulnerability management. Ensure IT systems, platforms and web applications assets are discovered and regularly scanned. Analyse and triage scan results, based on likelihood and impact. Discuss findings and solutions with the team and provide support to the system owners, in the remediation process.
9.    Closely monitor technology developments within the domain to anticipate shifts, identify opportunities and propose tools or processes evolutions.
10.    Advocate for information security standards and best practices across the Organization; contribute to the development and continuous improvement of internal guidelines, procedures and standards in collaboration with other INFOTEC units.
11.    Perform any other relevant duties as assigned.

Required qualifications

Education

Advanced level university degree in computer science or other closely related field. 
A first-level university degree (Bachelor’s or equivalent) in computer science or other relevant field with an additional two years of relevant experience, in addition to the experience stated below, will be accepted in lieu of an advanced university degree.

One or more industry-recognized certifications covering IT security such as CISSP, BTL1/2, GCIH, TryHackMe SOC, Microsoft Certified Security Operations Analyst Associate, any relevant SANS certifications, or equivalent.

Experience

At least five years of professional experience in the cyber security field.

Languages

Excellent command of one working language (English, French, Spanish) of the Organization and a working knowledge of a second working language of the Organization.  One of these languages must be English.  

Competencies

In addition to the ILO core competencies, this position requires:


Technical competencies     
-    Expertise with Microsoft Sentinel SIEM or equivalent; Defender EDR  or equivalent; Microsoft E5 security stack. 
-    Expertise in Threat hunting, log parsing and log analysis, detection rules using query: KQL, Sigma or equivalent; and scripting languages: Python and PowerShell.
-    Knowledge of network security concepts and tools: NDR, network packet capture and analysis; micro-segmentation, firewalling.
-    Advanced knowledge of the cybersecurity kill chain, MITRE,  and Incident Response frameworks such as NIST, SANS or equivalent. 
-    Working knowledge of Forensics tools and standard procedures.
-    Understanding of Vulnerability management and OWASP Top 10, especially Web Application scanning and OS/Platform scanning, preferably with Qualys. Working knowledge of offensive techniques and tools to validate and triage findings.
-    Ability to communicate effectively with technical and non-technical people at different levels of the organization.
    


Behavioural Competencies
-    Ability to work on own initiative as well as a member of a team.  
-    Strong communication, interpersonal and presentation skills.  
-    Ability to balance and prioritize work.
-    Good analytical skills.
-    Ability to work effectively in a multicultural environment and to demonstrate gender-responsive, non-discriminatory and inclusive behaviour and attitudes. 

Conditions of employment

  • Any appointment/extension of appointment is subject to ILO Staff Regulations and other relevant internal rules. Any offer of employment with the ILO is conditional upon certification by the ILO Medical Adviser that the person concerned is medically fit to perform the specific inherent requirements of the position offered. In order to confirm an offer from the ILO the successful candidate will be required to undergo a medical examination.
  • The first contract will be issued for a twenty-four month period.
  • A successful external candidate will be on probation for the first two years of assignment.
  • Any extension of contract beyond the probation period is subject to satisfactory conduct and performance.

For more information on conditions of employment, please visit the ILO Jobs International Recruitment page.

Important Information

Any officials of the General Service category interested in applying to this position are hereby informed that, if selected, they will be offered the salary and allowances applicable to the grade of the position applied for, which may result in substantial changes in their take-home remuneration. In accordance with Article 3.4 of the Staff Regulations, the salary of an official, upon promotion, shall in no case be greater than the maximum salary of the grade to which he or she was promoted. For any questions or clarifications, please contact your HR partner at hrpartner@ilo.org

Recruitment process

Please note that all candidates must complete an on-line application form. To apply, please visit the ILO Jobs website. The system provides instructions for online application procedures.

Evaluation (which may include one or several written tests and a pre-interview competency-based assessment centre) and the interviews will tentatively take place during the 3 to 4 months following the application deadline. Candidates are requested to ensure their availability should they be short listed for further consideration.

Depending on the location and availability of candidates, assessors and interview panel members, the ILO may use communication technologies such as Video or teleconference, e-mail, etc. for the assessment and evaluation of candidates at the different stages of the recruitment process, including assessment centres, technical tests or interviews.

The ILO has zero tolerance for acts of sexual exploitation and abuse (SEA) and is determined to ensure that all staff members and all beneficiaries of ILO assistance do not suffer, directly or indirectly, from sexual exploitation and abuse. 
To ensure that individuals with a substantiated history of SEA, sexual harassment or other types of abusive conduct are not hired by the Organisation, the ILO may conduct a background verification of candidates under consideration.

Fraud warning

The ILO does not charge any fee at any stage of the recruitment process whether at the application, interview, processing or training stage. Messages originating from a non ILO e-mail account - @ilo.org - should be disregarded. In addition, the ILO does not require or need to know any information relating to the bank account details of applicants.
At Impactpool we do our best to provide you the most accurate info, but closing dates may be wrong on our site. Please check on the recruiting organization's page for the exact info. Candidates are responsible for complying with deadlines and are encouraged to submit applications well ahead.
Before applying, please make sure that you have read the requirements for the position and that you qualify. Applications from non-qualifying applicants will most likely be discarded by the recruiting manager.