Information Security Officer (P-3)

This fixed-term appointment is for duration of two years with a six-month probationary period, and is subject to the OPCW Staff Regulations and Interim Staff Rules, as applicable. The OPCW is a non-career organisation with limited staff tenure. The total length of service for Professional staff shall not exceed 7 years. The Director-General retains the discretion not to make any appointment to this vacancy, to make an appointment at a lower grade, or to make an appointment with a modified job description. Several vacancies may be filled.

Under the direct supervision of the Head, Confidentiality and Information Security (CIS), and in accordance with the OPCW Core Values of Integrity, Professionalism and Respect for Diversity/Gender Equality, you will be responsible for the following core areas:Develop and oversee the implementation of confidentiality-related technology, policies, procedures and working instructions affecting all staff members throughout the Secretariat.• Assist the Head of Section by being the Information Security focal point at the detailed technical level for all programmes and projects executed within OPCW.• Ensure that all technical security requirements from the Head of Branch, Section, INFOSEC Officer (Operations) and INFOSEC Officer (Data Protection) are carried forward into OPCW programmes and projects. Back-brief these colleagues on the impact of ongoing programmes and projects where relevant to their areas.• Assist the Head of Confidentiality & Information Security in developing and internally coordinating all policies and procedures intended to be applicable Secretariat-wide to facilitate the security of the work of the Organisation.• Conduct and review security audits of cloud/outsourcing service providers and their facilities in accordance with the relevant contractual agreements.• Participate in meetings and informal consultations with Member States in which Confidentiality issues are discussed. As requested by the Head of OCS or the Head of Section, brief and otherwise inform such meetings/consultations on specific confidentiality-related issues.• Co-ordinate with staff members of other branches/units to ensure that confidentiality requirements of the CWC are met during the daily operations of the Secretariat.• Monitor access to the Secretariat’s Security Critical Areas (SCAs), Security Critical Network (SCN) and the Security Non-Critical Network (SNCN) in accordance with the requirements of the OPCW Policy on Confidentiality (OPOC), MCP, Information Security Policy and other relevant procedures/working instructions.• In conjunction with the other Information Security Officers, monitor user access on the SCN and SNCN ensuring access to confidential and sensitive information is in line with that authorised.• Monitor the activities of ICT administrators and other support staff within the SCAs and SCN server room and, as necessary, coordinate and assist the work requirements of these individuals.• Regularly monitor access to confidential and sensitive information on the SCN and SNCN and follow-up access anomalies and/or questionable access to ensure (possible) breaches of confidentiality procedure or security incidents are properly documented and reported to the Head of Section.• Provide confidentiality-related advice/assistance to OPCW inspection teams as necessary during the inspection process and advise the Head of Section of recurring problem areas that may require additional guidance and/or training to be provided.As directed by the Head of Section, coordinates the aspects of the OPCW Information & Communications Technology (ICT) security programme, guiding the implementation of ICT security measures to ensure the preservation of the confidentiality, integrity and availability of OPCW’s information assets.• Help develop policies, standards and action plans relating to information technology security issues;• Guide the implementation of the ISO 27001 standard for Information Security Management where applicable;• Regularly liaise with the other Security Officers to coordinate prospective changes to the SCN, SNCN and/or other IT networks used by the Secretariat and report potentially adverse impacts of such changes to the Head of Section;• Provide technical advice relating to ensuring business continuity of critical situations/sites and functions;• Perform routine monitoring of the SCN and SNCN• As necessary, investigate and respond to security-related incidents.As directed by the Head of Section, organise and conduct security training for the Secretariat’s staff, subsidiary organs of the OPCW and National Authority personnel on the handling and protection of confidential and/.or sensitive information.• Provide the Secretariat’s staff with regular Confidentiality and Security Induction training and annual refresher courses and, where necessary, provide specialised training for distinct user groups with varying levels of access to confidential and sensitive information and security critical computing systems.• When necessary, provide briefings to cover confidentiality issues specific to particular inspection missions, and provide inspection team debriefings as necessary to discover and, if possible, immediately address specific problem areas.• When tasked by the Head of Section or Head of OCS, provide training on issues relating to confidentiality and information security to the Confidentiality Commission, Scientific Advisory Board and national/regional Member States seminars to provide participants a better understanding of confidentiality requirements, as well as the rights and obligations incurred by Member States under the Confidentiality Regime.As directed by the Head of Section, conduct of preliminary enquiries into (alleged) breaches of confidentiality and security incidents and/or violations of confidentiality procedures.• Report all violations of the Confidentiality Regime to the Head of Section and advice on the conduct of respective enquiries and investigations.• Advise/assist staff members on the proper reporting of (potential) breaches of confidentiality and/or security incidents and, as/when necessary, ensure such breaches/incidents are highlighted to the Head of Section and Head of OCS as soon as practically possible.• As directed by the Head of Section, assist in the collection of information pertaining to specific (potential) breaches of confidentiality or security incidents as part of the preliminary enquiry process.• At the request of the Head of Section or Head of OCS, assist in conducting the full investigation of confidentiality incidents and other security incidents when authorised/directed by the Director-General.Assist the Head of Section and contribute to the drafting of the Director General's “Annual Report on the Implementation of the Regime Governing Confidentiality” to the Conference of States Parties and any other report requiring input from the OCS Confidentiality & Information Security Section.Serve as Acting Head, Confidentiality & Information Security in cases of absence of the Head of Section when delegated to do so.Perform other duties as required.

Education:Essential: Advanced university degree in information or information systems with specialisation in information security or related field; a first level university degree in any of the above subjects in combination with qualifying experience (minimum 7 years) may be accepted in lieu of the advanced university degree.Required Certification: Certified Information Systems Security Professional (CISSP) or equivalent.Desirable Certification: PRINCE2 Practitioner, SANS GIAC Skills and Abilities:• Excellent analytical and conceptualisation skills and an ability to plan and organise complicated processes;• Excellent inter-personal, interview and negotiation skills; • Excellent communication skills, with a demonstrated ability to present information clearly and logically both verbally and in writing;• Demonstrated ability to draft, edit and present documents/papers in the English language;• Ability to act with discretion and tact in sensitive situations;• Ability to work well in a team with people of different national/cultural backgrounds.Other Skills: Ability to work in a non-HQ environment or in a ‘field’ environment on occasional short-term, short notice deployment and able to obtain and maintain a medical clearance for official travel.

Essential: • At least 5 years of related working experience in the security profession with significant experience supervising information security and managing all aspects of a security programme;• Experience in assisting and conduct of security risk assessments;• Experience in advising on and testing of security of ICT environments;• Experience in the supervision of operations within secure environments and information processing systems.Desirable: • Work experience in an international organisation; • Experience in assisting in the conduct of security investigations.

Fluency in English is essential and a good working knowledge of one of the other official languages (Arabic, Chinese, French, Russian, and Spanish) is desirable.

Total annual salary consists of a net annual salary (net of taxes and before medical insurance and provident fund deductions) in US$ and a post adjustment. The post adjustment (cost of living allowance) is variable and subject to change without notice in accordance with the rates as set within the UN Common System for salaries and allowances. The figure quoted on the right, is based on the March 2017 rate of 27.6%