Identity and Access Management Specialist

 

 

IMPORTANT NOTICE REGARDING APPLICATION DEADLINE\:  please note that the deadline for applications is indicated in local date and time.

 

 

 

The post is located in the Systems Management and Integration Section, IT Technical Division, ICT Department.

 

The primary responsibility of the Section is to provide efficient and cost-effective ICT platforms for the hosting of business systems that fulfill the business and technical requirements. This entails the provision of system resilience and availability, ongoing system consolidation, the use of standardized solutions and a progressive move towards integrated ICT architectures for sustainability to accommodate WIPO’s fee-generating services that almost exclusively rely on such systems to receive and process information online. The Section ensures that business systems can be used as integrated services and meet the business requirements as a whole, regardless of the intricacies and interdependencies of the underlying technical systems.

 

The incumbent is responsible for planning, deploying and ensuring efficient operations of an enterprise-wide Identity and Access Management (IAM) platform with the goal of progressively integrating applications with enterprise IAM capabilities with focus on convergence and reuse of capabilities. The incumbent will be the focal point for all IAM operations at WIPO.

 

The incumbent reports to the officer in charge of the Systems Management and Integration Section.

 

 

 

The incumbent performs the following main duties\:

 

Develop and implement a strategic IAM roadmap in collaboration with the Security and Information Assurance Division (SIAD) and the Enterprise Architecture Division (EAD), with input from business application managers.

 

Design and oversee the development, implementation and alignment of WIPO’s current IAM solutions with agreed standard reference architectures including strong and risk-based authentication, access governance, role-based authorization and access management, user lifecycle management from provisioning to de-provisioning, and directory synchronization and consolidation.

 

Carry out the technical development, implementation, and operations of a highly available and robust enterprise IAM platform supporting WIPO’s Internet facing business applications. Ensure deployment and continued enforcement of IAM policies, assist in integrating business applications and resolve integration and system issues.

 

Design, propose and establish standard IAM solutions to application developers and business architects. Advise developers on the integration of Internet facing and internal business applications into the standard IAM stacks to meet current and future requirements of the business for User Authentication and Access Control.

 

Develop and implement processes for reporting on user access management for recertification and verification of continued access. Manage the implementation of processes for access enforcement and access governance across the enterprise. Perform security administration on various IAM platforms and systems, ensuring access is granted in accordance with the information security policies, established standards and procedures. Develop and implement IAM related auditing, logging and reporting on access rights.

 

Maintain an enterprise data dictionary of directory attributes, usage requirements, owners and synchronization processes.  Ensure coherent use of LDAP groups and dynamic groups. Take the lead in consolidating current solutions.

 

Analyze business requirements for security and ease of use and identify candidates for federation allowing for seamless experience by internal and external users, including access to the cloud and mobile apps.

 

Develop and maintain ICT Service Continuity measures for IAM services and propose improvements in accordance with business continuity requirements. Collaborate with the Security and Information Assurance Division during the design, development and implementation of enterprise IAM capabilities in order to gain reasonable assurance of operational processes and controls in compliance with information security policies and standards.  Propose solutions to enhance operational security.

 

Manage supplier contracts related to the IAM platforms and systems in order to maintain reliable and efficient delivery of IAM services.

 

Perform other duties as required.

 

 

 

Education

 

Essential

Advanced university degree, preferably in Computer Science, Engineering or related discipline. A first-level university degree plus two years of relevant experience in addition to the experience requested below may be acceptable in lieu of the advanced university degree.

Desirable

Specialized training or certification in one or more leading IAM product suites.

Security certifications such as CISSP, CCSP, SABSA etc.

 

Experience

 

Essential

At least nine years of professional work experience in the design, deployment and operations related to large scale, enterprise-level IAM platforms, and in the integration of business applications with IAM systems for authentication and access control.

Proven track record in implementing highly secure IAM solutions.

Experience with using directory services, LDAP, Federation and in particular the Microsoft Active Directory environment.

Hands on technical experience in supporting enterprise level IAM Platforms like Forgerock OpenAM.

 

Desirable

Experience with multiple SSL gateways and reverse proxy services, VPN, OpenCMS, CAS, Websense, Cloud Access Security Brokers, Encryption gateways, Apache/Tomcat basic authentication and experience with other IAM Platforms such as NetIQ, Sailpoint, or CA Technologies.

 

Languages

Essential

Excellent knowledge of written and spoken English.

Desirable

Knowledge of French.

 

Job-related competencies

       Essential

Excellent technical knowledge of application integration with IAM systems; Hands-on programming experience in at least one application development platform (Java/Linux and/or .NET/Windows).

Expert knowledge of at least three of the following technologies\: Authentication/Authorization (Multifactor, AD, Kerberos, LDAP, fine and coarse-grained authorization); Access Provisioning; Access Management (RBAC, Cloud SSO, Federation); Web technologies (SSL, reverse proxies, Web SSO, web security-SAML, WS-federation, REST, SOA); Public Key Infrastructure (PKI).

Excellent analytical skills and the ability to document IAM platforms and processes, as well as related operating and risk management procedures.

Ability to clearly explain complex issues, and communicate with technical actors, and business area representatives.

Proven ability to work as part of diverse technical teams in a cross cultural environment.

Understanding of internet security technology and concepts.

Service orientation and attention to quality.

Ability to work under pressure and successfully prioritize tasks in order to manage multiple commitments and deadlines.

Excellent communication and interpersonal skills, with the ability to influence others without always relying on the line-of-command.

 

Desirable

Knowledge of PRINCE 2 project management methodology.

Knowledge of Enterprise Architecture concepts.

Knowledge of ITIL Service Management methodology.

Knowledge of managing and configuring web and application servers – Apache, Tomcat, Jboss and others.

Knowledge and/or experience in security architecture principles and models like SABSA.

Knowledge of Networking and Information Security concepts.

 

 

 

1.  Communicating effectively.

2.  Respecting individual and cultural differences.

3.  Showing team spirit.

4.  Managing yourself.

5.  Producing results.

6.  Embracing change.

7.  Respecting ethics and values

 

 

 

Mobility\:  Candidates appointed to an international position with WIPO are subject to mobility and may be assigned to any activity or duty station of the Organization throughout the world.

 

Annual salary\:

Total annual salary consists of a net annual salary (net of taxes and before medical insurance and pension fund deductions) in US dollars and a post adjustment.  The post adjustment (cost of living allowance) is variable and subject to change without notice in accordance with the rates as set within the UN Common System for salaries and allowances.  The figures quoted below are based on the May 2017 rate of 67.1%

 

 

P4
Annual salary	$70,647
Post adjustment	$47,404
Total Salary	$118,051
Currency USD

 

 

Salaries and allowances are paid in Swiss francs at the official rate of exchange of the United Nations.

 

Please refer to WIPO’s Staff Regulation and Rules for detailed information concerning salaries, benefits and allowances.

 

Additional Information

 

Initial period of two years, renewable, subject to satisfactory performance.  No fixed-term appointment or any extension hereof shall carry with it any expectancy of, nor imply any right to, (further) extensions or conversion to a permanent appointment.

 

This vacancy announcement may be used to fill other posts at the same grade with similar functions in accordance with Staff Rule 4.9.5.

 

Applications from qualified women as well as from qualified nationals of unrepresented Member States of WIPO and underrepresented geographical regions are encouraged. Please click on the following links for the list of unrepresented Member States and the list of underrepresented regions and the WIPO Member States in these regions.

 

The Organization reserves the right to make an appointment at a grade lower than that advertised.

 

___________________________________________________________________

 

By completing an application, candidates understand that any willful misrepresentation made on this web site, or on any other documents submitted to WIPO during the application, may result in disqualification from the recruitment process, or termination of employment with WIPO at a later date, if that employment resulted from such willful misrepresentations.

 

In the event that your candidature is shortlisted, you will be required to provide, in advance, a scanned copy of an identification and of the degree(s)/diploma(s)/certificate(s) required for this position. WIPO only considers higher educational qualifications obtained from an institution accredited/recognized in the World Higher Education Database (WHED), a list updated by the International Association of Universities (IAU) / United Nations Educational, Scientific and Cultural Organization (UNESCO). The list can be accessed through the link\: http\://www.whed.net/. Some professional certificates may not appear in the WHED and these will be reviewed individually.

 

Additional testing/interviewing may be used as a form of screening.  Initial appointment is subject to satisfactory professional references.

 

Additional background checks may be required.