Team Lead (Cybersecurity)
OBJECTIVES OF THE PROGRAMMEThe department of Information Management and Technology has an operational and strategic role. On the one hand, the department provides relevant, quality, reliable, and cost effective IT services in order for the Organization to achieve its health mandate. On the other hand, it aims to be a strategic enabler for WHO by creating partnerships with business units (administrative and health technical), capturing business needs, establishing and managing projects to address these requirements.The work of the department is categorized under the WHO's programme of Corporate services and enabling functions (Category 6) with specific focus on Effective management and administration established across the organization (6.4).The Enterprise Architecture & Security (EAS), in the centre of excellence within the department, that defines the technology roadmap for infrastructure and applications, develops architectural strategy and design, implements cybersecurity measures to protect WHO's information assets, and identifies the appropriate and cost-effective technological solutions based on functional requirements for the business.
DESCRIPTION OF DUTIES
1. Work with the CISO to develop a Cybersecurity program and projects that address identified risks and business security requirements.
2. Manage the process of gathering, analyzing and assessing the current and future threat landscape, as well as providing the CISO with a realistic overview of risks and threats in the enterprise environment.
3. Work with the CISO to develop budget projections based on short- and long-term goals and objectives.
4. Monitor and report on compliance with Cybersecurity policies, as well as the enforcement of policies across the organization.
5. Propose changes to existing policies and procedures to ensure operating efficiency and regulatory compliance.
6. Manage a team of information security professionals, hire and train new staff, conduct performance reviews, and provide leadership and coaching, including technical and personal development programs for team members.
7. Assist resource owners and IT staff in understanding and responding to Cybersecurity audit failures reported by auditors.
8. Provide Cybersecurity communication, awareness and training
9. Work as a liaison with vendors, legal, and purchasing departments to establish mutually acceptable contracts and service-level agreements.
10. Manage production issues and incidents, and participate in problem and change management forums.
11. Work with various stakeholders to identify information asset owners to classify data and systems as part of a control framework implementation.
12. Serve as an active and consistent participant in the information security governance process.
13. Work with the CISO and IT and business stakeholders to define metrics and reporting strategies that effectively communicate successes and progress of the security program.
14. Provide support and guidance for legal and regulatory compliance efforts, including audit support.
15. Ensure that cybersecurity and risk is adequately represented on relevant business and governance forums and is known, well-integrated, and addressed across the enterprise.
16. Ensure the delivery of the following key areas\:
- Cybersecurity Oversight
- Cybersecurity Risk Management
- Cybersecurity Architecture
- Support to Cybersecurity Engineering and Operations
EducationEssential\: Advanced level University degree in Computer Science, Engineering, or related discipline.
Desirable\: Industry certifications covering IT security such as CISA, TOGAF, SABSA, CISSP, CISM, CEH, BS7799 Lead Auditor, ISO 27001\:2005 Implementer and ITIL Service Management are highly desirable.
Essential\: At least 7 years of experience in IT with a broad range of exposure to all aspects of business planning, systems analysis and application development, including at least three of areas below\: ICT Security Management, Expert; ICT Management and planning, expert; IT Project Management and Delivery; Network and Telecommunications Systems; Applications and Software Engineering; ICT User Support and Training.
At least 3 years of experience leading Cybersecurity teams with global mandate.
Experience with common IT frameworks, such as TOGAF, ISO, and ITIL frameworks.
Experience in developing, documenting and maintaining security policies, processes, procedures and standards.
Desirable\: Experience in working across geographic and cultural boundaries.
Extensive experience in working across multiple time zones without the need for face to face meetings.
Experience in audit, compliance or governance.
Advanced knowledge of IMT technology standards, frameworks and best practices
Excellent knowledge of ICT management good practices and industry trends, particularly those pertaining to information security management.
Proficiency in performing risk, business impact, control and vulnerability assessments.
In-depth knowledge and understanding of cybersecurity risk concepts and principles, as a means of relating business needs to cybersecurity controls. Knowledge of and experience in developing and documenting security architecture and plans, including strategic, tactical and project plans.
Good understanding of hacking or perimeter breach techniques and able to stay in tune with the changes in this area.
Knowledge of the fundamentals of project management, and experience with creating and managing project plans, including budgeting and resource allocation in a cross-functional environment.
In-depth knowledge of risk assessment methods and technologies.
Strong understanding of business applications, including ERP and financial systems.
Excellent technical knowledge of mainstream operating systems (MS Windows) and a wide range of security technologies, such as network security appliances, identity and access management (IAM) systems, anti-malware solutions, automated policy compliance tools, and desktop security tools.
Ability to adapt to rapidly changing technology and apply it to business needs.
Strong analytical and problem-solving skills.
Excellent oral and written communication skills with a high ability to present and discuss technical information in a way that establishes rapport, persuades others and gains understanding and inspires confidence.
Strong team oriented interpersonal skills with a strong ability to interface and influence a wide variety of people and teams in a cross functional environment.
Demonstrated competency in relationship management.
Demonstrated competency in developing effective solutions to diverse and complex business problems.
Respecting and promoting individual and cultural differences
Creating an empowering and motivating environment
Use of Language SkillsEssential\: Expert knowledge of English.
Desirable\: Intermediate knowledge of French.
REMUNERATIONWHO salaries for staff in the Professional category are calculated in US dollars. The remuneration for the above position comprises an annual base salary starting at USD 71,332 (subject to mandatory deductions for pension contributions and health insurance, as applicable), a variable post adjustment, which reflects the cost of living in a particular duty station, and currently amounts to USD 4244 per month for the duty station indicated above. Other benefits include 30 days of annual leave, allowances for dependent family members, home leave, and an education grant for dependent children.
- This vacancy notice may be used to fill other similar positions at the same grade level
- Only candidates under serious consideration will be contacted.
- A written test may be used as a form of screening.
- In the event that your candidature is retained for an interview, you will be required to provide, in advance, a scanned copy of the degree(s)/diploma(s)/certificate(s) required for this position. WHO only considers higher educational qualifications obtained from an institution accredited/recognized in the World Higher Education Database (WHED), a list updated by the International Association of Universities (IAU)/United Nations Educational, Scientific and Cultural Organization (UNESCO). The list can be accessed through the link\: http\://www.whed.net/. Some professional certificates may not appear in the WHED and will require individual review.
- Any appointment/extension of appointment is subject to WHO Staff Regulations, Staff Rules and Manual.
- For information on WHO's operations please visit\: http\://www.who.int.
- WHO is committed to workforce diversity.
- WHO has a smoke-free environment and does not recruit smokers or users of any form of tobacco.
- WHO has a mobility policy which can be found at the following link\: http\://www.who.int/employment/en/. Candidates appointed to an international post with WHO are subject to mobility and may be assigned to any activity or duty station of the Organization throughout the world.