ICT Off (Serv Deliv Security)

ICT Officer (Service Delivery - Security)  

ORGANIZATIONAL CONTEXT
The post is located within the Security Section of the ICT Operations Service and reports directly to the Chief of the Security Section, and assists in the service delivery of UNCHR Security Services.

While not a leadership role, the incumbent oversees the work of UNHCR services delivery personnel and is responsible for ensuring the various managed service providers' delivery of efficient and effective UNHCR's ICT Security services.

Within DIST, regular interaction with ICT Officer (GRC) for developing and compliance of security policies, mitigating and addressing security risks; works closely with the Service Development and Support section to ensure compliance with all security policies; Solution Architects to ensure that security is built into the application and underlying ICT infrastructure and systems; and ICT Operations to ensure that security is maintained on all ICT services.

Collaborates with key business leaders on security requirements and standards.

FUNCTIONAL STATEMENT
Accountability
- ICT security risks are treated.
- Security service, incidents, change requests, and problems are addressed and resolved promptly within agreed service levels.
- Service level agreements (SLAs) with service providers are managed and monitored.
- Change and release processes are managed and coordinated.
- Service provider invoices are reviewed and verified.

Responsibility
- Coordinate day-to-day operational decisions within area of responsibility.
- Oversee security managed service providers, including monitoring and ensuring issues are resolved according to SLAs.
- Act as an escalation point for end-user issues and work to resolve problems quickly.
- Lead the ¿Major Incident Management¿ process for services and facilities within the area of responsibility.
- Work with managed service partners to ensure problem management and root cause analysis is undertaken routinely leading to service improvement for security matters.
- Maintain appropriate communication channels with service providers and other relevant DIST staff.
- Measure and follow-up of SLAs and validation of intermediate and final results.
- Audit quality deliverables, process follow-up and reporting.
- Track and verify invoices from service providers and suppliers.
- Monitor, identify and resolve ICT security issues/incidents.
- Execute ICT security architecture/design reviews.
- Execute security assessments (including penetration testing).
- Manage threat and vulnerabilities including forensics, patch management, and take remedial actions.
- Liaise with Platform, End User Device and Network Team in testing and monitoring disaster recovery plans.
- Adopt security best practices from industry, including ISO 27001 and share solutions for cost-effective security service delivery.
- Provide updates (i.e. hourly, daily and/or weekly) when acting as Incident Manager.
- Undertake other tasks or assignments within area of competence as required.

Authority
- Allocate resources for tasks, problems, change, security incident resolution and service requests.
- Audit and verify compliance to security policies.
- Decide on appropriate resolution of security incidents / problems.
- Escalate issues to supervisor if incidents / problems cannot be resolved within area of responsibility.
- Take day-to-day operational decisions within area of responsibility.

ESSENTIAL MINIMUM QUALIFICATIONS AND PROFESSIONAL EXPERIENCE REQUIRED
- University degree in ICT or relevant subject.
- At least 8 years (6 years with advanced university degree) of experience in information technology of which 4 should be in managing service delivery of Security Services to support decentralized IT operations in developing countries.
- Experience with service delivery of Security services in a 24/7, enterprise grade environment.
- Experience with outsourced managed security services including IDS, IPS, SIEM, Threat Intelligence and related services.
- Experience with Microsoft, desktop, platform and application technologies and cloud computing.
- Experience in federated identity management and single sign on  services.
- Experience working with outsourced providers in delivering services based on service level agreements.
- Proven track record implementing and managing ITIL processes.
- Proven track record in implementation of ISO 27001 standards.
- Fluent in written and spoken English.

DESIRABLE QUALIFICATIONS & COMPETENCIES.
- Knowledge of systems and processes within the United Nations.
- Experience in providing Security Services to deep field locations.
- Advanced university degree in ICT or engineering.
- Certification in CISSP or CISA will be an asset.
- Working knowledge of any other UN language.

C001L3 - Accountability Level 3
C002L3 - Teamwork & Collaboration Level 3
C003L3 - Communication Level 3
C004L3 - Commitment to Continuous Learning Level 3
C005L3 - Client & Result Orientation Level 3
C006L3 - Organizational Awareness Level 3
M001L3 - Empowering and Building Trust Level 3
M003L3 - Judgement and Decision Making Level 3
M006L3 - Managing Resources Level 3
X001L3 - Analytical Thinking Level 3
X004L3 - Negotiation and Conflict Resolution Level 3
X005L3 - Planning and Organizing Level 3

Please note that the closing date for all vacancies in the March 2016 Compendium is Monday 25 April 2016 (midnight Geneva time).